As online shopping grows in popularity, fraudsters are cashing in and leaving retailers out of pocket. Meanwhile, physical stores and supply chains continue to be targeted by criminals. Ankura's Andrew Pimlott highlights the problems and how retailers should respond.
Consumers around the world are continuing to buy more goods and services online instead of trekking down to the high street or driving to an out-of-town shopping centre. In the U.S., for example, e-commerce sales accounted for 13% of total retail sales of $1,649 billion in the third quarter of 2021, significantly up on the 9.8% and 7.4% shares recorded in the third quarters of 2018 and 2015 respectively, according to the U.S. Department of Commerce.[1]
Retailers are having to adjust to the explosion in e-commerce, not least to the increased risk of online payments fraud. Losses due to this type of fraud increased globally from $17.5bn in 2020 to $20bn in 2021, a rise of 18%, according to UK-based Juniper Research.[2] Fraudsters are taking advantage of consumers who have little or no idea how to protect their card and online shopping accounts, and are exploiting merchants whose fraud mitigation processes are inadequate and who are hesitant to introduce extra friction into the check-out process.
The Merchant Risk Council (MRC), a Seattle-based organization set up to help retailers tackle e-commerce fraud, and Cybersource, a Visa-owned payments management platform, conduct an annual Global Fraud Survey. The 2021 survey, based on responses from 650 merchants around the world, found that the percentage of e-commerce revenue lost to payment fraud in 2021 was 3.1%, up from 2.4% in 2019.[3]
Bricks-and-mortar channels – which still account for the vast majority of retail sales globally – continue to present their own range of fraud challenges. As well as long-established in-store crimes – such as cashiers under-charging for items bought by friends and family – there is the newer problem of shoppers misusing self-service tills to under-pay for their basket of items. In fact, “shrinkage”– an industry euphemism for losses due to fraud and theft – in physical stores can be higher than in e-commerce channels.
U.S. retailers, for example, lost $62 billion from all forms of crime – robbery, shoplifting, employee theft, return fraud, and online payment fraud – in 2019, up from $51 billion the previous year, according to the National Retail Federation’s annual Retail Security Survey.[4]
There is therefore intense pressure on retailers to do more to protect themselves from criminals, whether their acts are committed online or in stores. The right course of action is, first, to understand the nature of the threats and, second, to create a comprehensive retail fraud management framework to prevent and detect frauds and, where necessary, investigate the perpetrators and bring them to justice.
The problem – types of fraud
There are three broad categories of retail fraud: online, in-store, and supply chain.
Online, fraudsters have a range of methods to choose from. An account takeover is when a fraudster discovers the password and other details of a customer’s online retail account, and then buys and receives goods using the customer’s card account. The financial loss is borne by the retailer, customer or card issuer. Cifas, a UK fraud prevention service, says this type of fraud in the retail sector – also known as facility takeover fraud – rose by 195% in 2020.[5]
Chargeback fraud, also known as friendly fraud, is when a customer makes a purchase with their own credit card, receives the goods, and then requests a chargeback from the card issuer claiming the goods never arrived. The financial transaction is canceled, the retailer loses the payment, and the customers get a refund and keep the goods.
The Merchant Risk Council’s survey shows that chargeback fraud – which the council now calls “first-party misuse” – doubled globally in 2021 due to the Covid pandemic. “In 2019, on average 1.3% of orders led to chargebacks, but in 2021 it was 2.7%,” says Tracy Brown, Vice President for Programs and Technology.[3] With people locked down at home and forced to shop online, there was a corresponding increase in criminals systematically creating chargebacks as well as previously honest citizens, many of them in difficult circumstances, falsely claiming their packages had not arrived and seeking refunds.
Other online frauds include fake reviews, where people are paid to give overly optimistic or pessimistic reviews to boost or reduce sales; fraud bots, also known as scalper bots, which automate the rapid buying of limited supplies of goods, such as clothes or concert tickets, and then sell them on alternative websites at inflated prices; and counterfeiters selling fake branded products.
The second category, in-store fraud, as already mentioned, includes cashiers mis-scanning items bought by friends and family, and customers misusing self-service checkouts.
Third, supply chain fraud is when suppliers, transporters, stockists, and distributors steal goods. They often use fake invoices and delivery notes to disguise the thefts before they arrive at the retailer’s premises or to generate artificially high payments from retailers.
The solution – a retail fraud management framework
Retailers must take a strategic, holistic, and methodical approach to fraud risk if they are to keep losses at an acceptable level. Responsibility rests chiefly with the anti-fraud, security, and payments teams, but senior management, right up to the chief executive, needs to be part of the decision-making process.
An effective retail fraud management framework will incorporate a number of best practices designed to combat retail crime in all channels – e-commerce, in-store, and supply chain.
E-commerce fraud countermeasures
- Understand your fraud rate – what percentage of your online transactions do you decline as potentially fraudulent, and how does that compare with similar businesses? Are you rejecting too many transactions, or not enough, compared with your peers? “It’s useful to know what your key performance indicators are so you can track against normal metrics in previous years,” says MRC’s Tracy Brown. “Being part of an association like ours gives you the ability to collaborate in a non-competitive way and benchmark your statistics against companies of similar size and profile in your region.”
- Use the latest customer authentication methods. Two-factor authentication is now standard and greatly reduces the risk of cardholder-not-present fraud. Where possible, use biometric authentication and behavioral analytics as they are not only effective but are less intrusive for customers.
- Embed machine learning in your fraud detection software to improve the speed and accuracy of transaction monitoring.
- Reduce the number of “false declines” – transactions that are falsely declined because they appear fraudulent but in fact are legitimate – by ensuring fraud detection rules and software are fit for purpose. False declines unnecessarily reduce income and damage customer relationships.
- Consider using a fraud detection and prevention vendor that provides a 100% financial guarantee against frauds – which can include chargebacks – on transactions it approves but which turn out to be fraudulent. Yes, there is a premium to be paid, and the vendor is likely to increase the number of false declines to protect its position, but at least the retailer will never suffer any direct fraud losses.
In-store fraud countermeasures
- Introduce automated surveillance systems involving cameras and transaction logs to monitor cashiers and detect any mis-scanning of items that may benefit customers.
- Use artificial intelligence technologies, such as “computer vision”, to detect customer fraud at self-service tills. Computer vision enables computers to “see” and derive meaningful information from digital photos and videos. Images captured by the cameras can be matched, in real-time, against the barcode of the items scanned by the customer to detect any inconsistencies. A member of staff can then be alerted to intervene to “assist” the customer, prevent the fraud from being completed and avoid confrontation.
Supply chain fraud countermeasures
- Carry out a fraud risk assessment of suppliers, stockists, sub-contractors, delivery companies, and other third-parties in the supply chain. Collect and analyse data – financial and non-financial – on employees, contract workers, customers, and suppliers to identify any unusual relationships or unauthorised log-ins to the IT system.
Less fraud equals greater customer satisfaction
Fraud can never be eliminated. A certain level of “shrinkage” will always have to be accepted. As already mentioned, the global shrink rate from online payments fraud is 3.1%, according to the Merchant Risk Council. The U.S. shrink rate from all forms of retail crime is 1.6%, estimates the National Retailers Federation [3].
These are averages. Retailers should aim to get well below them. Nearly 16% of respondents to the NRD survey, for example, reported a shrink rate of 3% or higher, yet 12% reported 0.49% or lower. Clearly, then, lower rates are achievable [3].
Business leaders who treat the problem with the seriousness it deserves and implement a holistic retail fraud management framework will reap the benefits, in terms of lower losses, enhanced profits, and customer satisfaction.
1. https://www.census.gov/retail/mrts/www/data/pdf/ec_current.pdf
2. https://www.juniperresearch.com/whitepapers/fighting-online-payment-fraud-in-2021?ch=fraud
3. https://ww2.merchantriskcouncil.org/download-fraud-survey-2021?utm_source=TheBankerMag-FTgroup&utm_medium=article&utm_campaign=2021-fraud-survey-referral&utm_id=2021-fraud-survey
4. https://nrf.com/media-center/press-releases/retail-shrink-totaled-617-billion-2019-amid-rising-employee-theft-and
5. https://www.cifas.org.uk/newsroom/facility-takeover-fraud-2020
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
