It’s a new world of ecommerce fraud out there, and we never got rid of the old one. With 2.71 billion people projected to shop online worldwide in 2024, and ecommerce sales expected to top $6.3 trillion, criminal rings and risk managers go to school on each other non-stop, each studying the other’s playbook to achieve opposing results.
From first-party scams by legitimate customers to full-scale criminal enterprises that stalk and scheme, attack, regroup, then patiently lie in wait to strike again, ecommerce risk prevention experts think it’s time for retailers to update their fraud management strategy with AI-driven solutions backed by human intelligence and domain experts.
It’s called survival.
“At Saks we are committed to doing the best that we can but there [are] just things we’re going to have to do to scale this because these fraudsters are, they’re good, they’re really good,” said RJ Cilley, chief operating officer at Saks, speaking about return abuse and challenges at Signifyd’s FLOW summit 2024.
It’s time for heightened fraud awareness
Merchants lost $41 U.S. billion in ecommerce fraud worldwide in 2022, and an estimated $48 billion in 2023. Equally concerning and quite scary is that fraud losses of $343 billion are predicted to accrue globally from now until 2027.
“Retailers have to start getting prepared for a little bit of a new world,” said Michael Pezely, Signifyd’s senior director of risk intelligence. “In this environment that we find ourselves in, where inflation is persisting, we’ve got interest rates that are rising, and, of course, geopolitical tensions that are trickling down – in some unexpected ways this environment is actually potentially fueling more fraud.”
Pezely says there are three pre-indicators of the fraud rise in ecommerce: Fraud pressure has risen on the whole about 50% year over year. First-party fraud has also dramatically increased over the years. In some businesses, 40% to 60% of fraud chargebacks are actually first-party fraud. And account takeovers are up close to 300%.
On top of all that, and beyond the rise of first-party fraud, the fraud industry is becoming industrialized, spawning sophisticated, global enterprises with specialists in ecommerce, fulfillment and fraud prevention. These rings are illicit businesses that operate in regions where regulation is weak and geopolitical upheaval has resulted in a high degree of lawlessness.
The rise of industrialized fraud
Signifyd Strategic Account Executive Caleb Hanson digs into the dark underside of industrialized ecommerce fraud in this snippet from Signifyd’s Crimes & Cocktails series. Sophisticated criminal rings operating out of Southeast Asia are stealing billions of dollars while inflicting a disturbing human toll.
Watch the entire webinar to learn more.
Why should I rethink my fraud management strategy
Rules-based or AI network?
Some ecommerce retailers still rely on a legacy, rules-based fraud management strategy, which is older technology that is coded to identify a certain behavior or pattern as fraud, but it’s static. Sometimes the rules produce false declines, meaning good orders are turned away. Without AI-powered technology, the ruleset has to be continuously monitored. Today’s sophisticated fraudsters quickly learn to circumvent this rules-based approach, Pezely says. The result is something akin to a never-ending game of tag.
“It’s a high effort to do it properly,” Pezely says. It also takes a huge effort for a merchant to develop its own technology-based anti-fraud department.
Small retailers can also benefit from a risk management company. Signifyd works with some of the world’s largest retailers, Pezely said, “but Signifyd has smaller companies also. These smaller companies, their livelihood, kind of depends on this stuff, right? If I’m a small business and I get defrauded out of $5,000, how am I going to make that up? That’s likely going to be a big deal to me. So it may even be more important for a small business because they just don’t have the resources or the capital to bounce back.”
What are the best practices of fraud risk management?
The meteoric rise of first-party fraud also needs to be considered when examining potential risks and the right strategy. Without an effective anti-fraud program, merchants can face huge losses and loads of manual labor assessing the transactions. First-party fraud can also extend to customers filing non-fraud chargebacks by falsely claiming an item was not received (INR), or a product received was significantly not as described (SNAD).
And the problem isn’t cheap. Every $100 in fraudulent orders costs merchants $207, according to a Signifyd analysis. And merchants lose an average of $3.75 for every $1 in chargebacks they receive.
Signifyd shifts the liability from the merchant and offers complete chargeback protection, so the merchant suffers no loss on transactions that Signifyd approves. And with its vast Commerce Network of retailers, Signifyd’s technology can pick up signals and red flags relating to first-time customers from previous transactions they’ve conducted on the network.
How is fraud being industrialized?
In the past five years ecommerce criminal fraud rings have migrated from Eastern Europe and West Africa to set up in Southeast Asia, where scam artists in one country generate between $7.5 billion and $12.5 billion in annual revenue, or an amount equal to half of that country’s GNP, according to an estimate by the United Nations Office on Drugs and Crime.
And that’s a conservative estimate.
“They’re targeting victims worldwide, not only for this fraud activity, but also for human trafficking, and these scams don’t seem to be slowing down,” Caleb Hanson, director of enterprise accounts for Signifyd, said in a recent webinar. “And in the views of the risk intelligence team here at Signifyd, it’s only been on the rise and it only continues to grow.”
These criminal rings have offices — often compounds — and employ some of the hundreds of thousands of employees, who have been coerced to work in scam centers, according to the UN. They use a mix of tactics, including triangulation fraud and reshippers, and geo and VPN domains, devices, and IP addresses that mask their location, making it appear they’re shopping from Florida when they’re in Vietnam. And these criminal syndicates have patience; they take their time and constantly study the anti-fraud technology before them.
Southeast Asia is becoming a fraud triangle
In the fourth quarter of 2022, a massive attack by one of these crime syndicates totaled $27 million in attempted transactions on a large consumer manufacturer that Signifyd works with, recording $1,100 per minute in attempted transactions during the peak days of the attack. Signifyd’s risk intelligence team shut the attack down, and the success of the fraud attempts was negligible, Pezely said.
“They [criminal syndicates] have very distinct roles within their business of what [each] job is, and again, it’s like in a sense the way Signifyd approaches things,” Pezely said. “We have this big consortium of transaction information and can then make really good decisions on what’s good and bad. On the flip side, if a fraud organization is attempting a large number of transactions and is organized and recording all of that information, they can also get smarter and smarter, faster and faster.”
Photo by Getty Images
Want to keep up with evolving fraud trends? Let’s talk.