Fraud Protection & Compliance
In the build-up to Euro 2021, the countries of Europe hold their breath, experience sleepless nights and cold sweats in anticipation of the trials and tribulations of a football tournament. This led me recently to a ‘once in a blue moon’ purchase – England shirts for myself and the family – and I was frankly shocked to see the number of payment mechanisms and BNPL (Buy Now Pay Later) schemes offered.
This led me to the following question – is the profusion of payment mechanisms a good thing for a customer? A great opportunity to a fraudster? Or both? Surely, not all of these mechanisms are as secure as each other, so there is a relationship between payment methods and fraud risk. Let's take a look at the options I was presented with and what that really means to both the consumer and the fraudster.
In years gone by, our option was simple – which card do we use? Options have diversified over recent years with the introduction and adoption of P2P (Peer2Peer) payment mechanisms, open banking and more recently, a significant uplift in Buy Now Pay Later. This is a great opportunity for retailers to diversify their payment options and maximise the possibility of meeting the demand, but when met with the following set of options at checkout, any customer would feel intimidated.
When presented with the above list, it is easy to be overwhelmed, as I was. With such a significant list of options, it is easy to think that cards are a thing of the past, but 75% of all customers globally will have a preference for card payments for their day to day e-commerce. Because of the pandemic and the economic volatility and uncertainty felt by many, a lot of customers are still averse to forms of borrowing. This motivates many that offer BNPL schemes to lure customers onboard with more frictionless journeys, better offers, and ultimately, the potential of accepting more risk of fraud.
So let’s look at each of these mechanisms and the rich opportunity sitting behind each for the fraudster.
1. Trusted cards. As mentioned, the majority of customers will revert to what they know and trust. Whether in authentication, a banking channel, communication, or transaction, we are all creatures of habit. E-commerce transactions facilitated by cards will likely always be number one for transaction flow, followed by the P2P payment mechanisms (that often link to a tokenised card). The control framework behind plastics is incredibly robust, as is proven by FICO Falcon Platform customers around the world. Plastics fraud is a volume game, with millions of fraudulent attempts made in order to provide a high ROI to the fraudster using compromised card details and automated attacks. Fraudsters primarily mirror customer behaviour and prefer to ‘hide in plain sight’, but what about the new mechanisms?
2. New schemes. BNPL schemes blur the line between a transaction, a loan and a credit line, with many services taking a subtly different view on how they lend. It is more common now than ever for retailers to have their own offering, locked to the retailer in question and with limited functionality. However, many others now operate more as a ‘loan’ and can be easily identified by the ‘terms apply’ message. This is a credit application rather than simply a service. This opens a whole new world of threat where the first transaction is linked to the account opening, and as we know, originations fraud is often difficult to identify and prevent for many organizations. The presence of a BNPL scheme is also often intended to encourage a consumer to buy more and drive transaction size up. This effectively means that a $1,000 purchase of retail goods is only seen by prevention mechanisms as a $50-$100 regular repayment repayment, which is suddenly not suspicious to most and is often missed. This gives the fraudster a large value of retail goods or services for resale and their victim with a long and painful effort to recoup funds, cancel fraudulent agreements, and clear their name on credit files.
3. Global threats. There is also a surprisingly global view to this. A retailer based in the UK can offer multiple payment and P2P mechanisms from around the world that are not prominent in region. Opening opportunity for a diverse and global customer base is fantastic, but it also opens the door to a global fraud attack that no longer needs to be specific to the attack market. Payment schemes and agreements based in the Middle East or the US can now actively attack a UK retailer with little to no effort.
The Risk and How to Prevent Fraud
As stated, the solution to plastics, P2P, and data compromise is well proven, evidenced by the ongoing best-in-class performance of card issuers using the Falcon Platform around the globe. However, those with weaker, less collaborative frameworks still see a significant risk. The wider that retailers cast the net in order to accept more payment types, the more institutions will be exposed and attacked.
BNPL schemes offer a unique threat. Whilst the liability will be shared or passed on, we still have a victim and a compromise at the customer level. This is the perfect playground for organized crime, which can take receipt of high-value or bulk sets of retail goods and leave the victim with the bill.
We need to see a similarly robust framework for originations and network identification across all payment mechanisms, along with a duty of care from retailers to ensure that the payment services are reputable, secure — and, most importantly, in demand by customers, not fraudsters.