Global data mining firm LexisNexis released its annual True Cost of Fraud Study for Ecommerce and Retail earlier this year. The report seeks to quantify the costs incurred as a result of fraud.
It does this by calculating the total cost for each dollar lost to fraud inclusive of the fraud itself and all organizational costs associated with the fraud, including but not limited to investigation, remediation, legal, etc. Trends identified in the report can give us clues about how the fraud landscape has changed and what it will look like going forward.
In this year’s report, LexisNexis found that the cost and volume of fraud in ecommerce and retail increased substantially during 2022. Every $1 lost to fraud costs retail and ecommerce merchants $3.75, compared to $3.13 prior to the pandemic and $3.60 just last year, marking a nearly 20% increase since the beginning of the pandemic and a $0.15 increase over the past year alone.2 The increase is said to be related to the greater use of mobile commerce and coincided with the largest year-over-year increase in online/mobile transactions in history from 2020 to 20213, which has largely continued into 2022 despite the receding pandemic. Given the increased convenience of transacting digitally, this trend may slow but is unlikely to reverse.
What kinds of attacks are online merchants increasingly facing?
- Card testing/credential stuffing These occur when an attacker obtains stolen credit card information or account credentials. The fraudster attempts to use the information to access a customer account and make unauthorized purchases. While consumers are the targets of this fraud, merchants may end up reimbursing customers when the fraud is detected.
- Return/refund frauds These occur when fraudsters request refunds for items, claiming that the merchandise never arrived, is broken or that they intend to return the merchandise. These kinds of frauds are on the rise. CNBC found that, on average, retailers expected returns of about 16.6% of merchandise during 2021 compared to 10.6% in 2020. It also found that for every $100 in returned merchandise, $10.30 is lost to fraud.1
- Interception fraud A fraudster ships merchandise using a stolen account to an address the fraudster can access. This can be their own address, an address near them, or it could be the actual customer’s address, where the fraudster intends to intercept the merchandise from the customer’s doorstep.
- Many others, mostly attacks involve fraudsters posing as customers.
What are some strategies to combat the rise of these types of frauds? Lexis Nexis recommends several potential solutions:
- Assess the transaction risk. Monitor transaction patterns of individual accounts to see if current transactions match against previous patterns and identify irregularities. This is otherwise known as transaction scoring.
- Authenticate the individual. Verify names, addresses, dates of birth. Use two-factor authentication.
- Authenticate the account. Utilize biometrics, digital fingerprints, facial identification, geolocation, etc.
Other potential mitigation strategies include:
- Maintain Payment Card Industry (PCI) standards
- Monitor IP addresses; flag and/or block those that appear suspicious
- Make CVV codes mandatory at purchase
All indications are that in the coming years these kinds of incursions will become more common and attackers will develop new strategies to obtain sensitive customer information. Merchants will have to be creative if they hope to weed out fraudulent activity.
Schneider Downs offers risk advisory, forensic accounting and other services to retailers and other business to consumer organizations. For more information, please email us at c[email protected].
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.
To learn more, visit our dedicated Cybersecurity and Forensic and Investigative Accounting pages.
1CNBC: ‘A more than $761 billion dilemma: Retailers’ returns jump as online sales grow’ by Melissa Repko on January 25, 2022
2LexisNexis Risk Solutions: “True Cost of Fraud Study for Ecommerce and Retail”. 2022 US & Canada Edition
3US ecommerce grows 14.2% in 2021. Jessica Young, Digital Commerce 360. February 18, 2022
Additional Sources:
LexisNexis Risk Solutions: “True Cost of Fraud Study for Ecommerce and Retail”. 2021 U.S. & Canada Edition
Statista: • UK: impact of COVID-19 on grocery shopping 2021 | Statista