Chargebacks911: Cybercriminals and Consumerism Pose Growing Threat to eCommerce
A recent Kapersky Lab analysis found that phishing attempts on its users nearly doubled from 2017 to 2018, rising from 246.2 million to almost 482.5 million, with 18.32% of users suffering attacks.(1) However, professional criminals aren't the only ones perpetrating fraud; evidence shows that friendly fraud is expanding at a rate of 41% every two years, and by 2020 is projected to cost merchants upwards of $25 billion per year.(2) Faced with threats from multiple fronts, 55% of businesses reported an increase in online fraud-related losses over the past year.(3) Chargebacks911, a mitigation and loss prevention firm, delves into the causes of growing fraud and ways to combat it.
While many people have learned to be wary of phishing emails, cybercriminals have stepped up their game. PhishLabs found that over 49% of phishing sites now have a secure sockets layer (SSL) certificate, which displays HTTPS in the browser bar along with the padlock symbol consumers have come to trust.(4) The Myki Blog also unveiled a new scam that directs users to a malicious page on a mobile device and prompts them to authenticate with a Facebook social login.(5) Though consumers are the typical targets of phishing attempts, merchants can suffer reputational damage when criminals create phishing emails and sites in their name. Barracuda found that 83% of all spear-phishing attacks are brand impersonation, and internet retailer Amazon is among the top 10 impersonated brands.
From one-click authentication using social credentials to Amazon's one-click ordering, customers have come to expect better, easier and faster online experiences. As a result, many eCommerce merchants prioritize speed over lengthy but more secure checkout processes. Meanwhile, consumers often fail to take responsibility for their own online safety, yet they expect banks and merchants to reimburse them when they suffer losses.
Banks and card networks have contributed to a sense of consumer entitlement by absolving customers of responsibility not only in cases of criminal fraud and identity theft, but also when they may feel buyer's remorse—issuing chargebacks rather than requiring proof that the customer first attempted to resolve the issue directly with the merchant. Card networks, who decide where partnered credit cards can be used are creating dissidence between merchants and consumers by promising immediate refunds for any disappointments or disputes. Yet, phishers and other cybercriminals are taking advantage of loopholes in payment standards and consumers' lack of security precautions to enrich themselves at others' expense.
The company advocates for an overhaul of the existing chargeback system. If a merchant successfully defends a chargeback dispute or if a bank issues a chargeback without verifying whether the customer first contacted the merchant about the issue, she feels the issuer and/or cardholder should be subject to a fine, and any such unjustified disputes should not be counted toward the merchant's 1% chargeback limit threshold. Likewise, if consumers are found to be negligent in allowing other household members or cybercriminals to gain access to their accounts, they should bear an appropriate share of the financial responsibility.
But until such systemwide changes are implemented, Chargebacks911 advises merchants to take a more proactive role in protecting themselves against fraud and policy abuses. For example, rather than relying solely on card networks' authorization and authentication tools, they can use their own technology to capture customer data and analyze purchase behavior. Experian found that 72% of consumers would be willing to provide more data to confirm their identity if it meant easier, more seamless account access in the future.(3) The more merchants know about their customers, the easier it is to differentiate between legitimate orders and those placed by criminals and friendly fraudsters.
Chargebacks911 also recommends conducting a merchant compliance review to eliminate errors and oversights that may be contributing to chargebacks and fraud, and she emphasizes the importance of identifying the true source of chargebacks. When merchants are able to pinpoint which disputes result from criminal fraud, internal error and friendly fraud, they can fine-tune their representment strategy and improve their win rates. By implementing advanced technology, or by partnering with companies that use it, merchants can protect against losses and stay focused on building their business.
Chargebacks911 is dedicated to educating and supporting eCommerce merchants with services designed to maximize profits, minimize chargebacks and fight fraud. To that end, Monica Eaton-Cardone and her team will be participating in a number of upcoming industry events, including the Mastercard Global Risk Leadership Americas Conference in Hilton Head, South Carolina. For details on Chargebacks911's comprehensive risk management solutions, informative articles and other merchant resources, visit https://chargebacks911.com.
1. Vergelis, Maria; Tatyana Shcherbakova; and Tatyana Sidorina. "Spam and Phishing in 2018"; SecureList; March 12, 2019.
2. Chargebacks911. "Chargeback Stats: The Latest Chargeback Stats and Insights Revealed"; February 8, 2019.
3. Experian. 2019 Global Identity and Fraud Report; January 29, 2019.
4. Volkman, Elliot. "49 Percent of Phishing Sites Now Use HTTPS"; The PhishLabs Blog; December 6, 2018.
5. Jebara, Antoine Vincent. "Mimicking Native iOS Behavior in Facebook Phishing Campaign"; The Myki Blog; March 11, 2019.
6. Barracuda. Spear Phishing: Top Threats and Trends; March 2019.
7. Staff, Writer. "What is a Card Network," Cardinal Commerce; October 18, 2018.