Black Friday is almost upon us, and this year, online retailers will likely exceed last year’s holiday sales figures of nearly $8 billion. Researchers predict that over the next three years, global e-commerce will grow six times faster than traditional in-store sales to reach $5.8 trillion by 2022.
While that’s exciting news for e-commerce firms, there is a sobering counterpoint: they must also confront the growing problem of online payment fraud and account abuse. The figures are alarming: Juniper Research estimated that annual online payment fraud losses from e-commerce, airline bookings, money transfer and banking services will reach $48 billion by 2023 (from $22 billion in 2018).
Compounding the problem is that apart from the actual dollar value directly lost through fraudulent transactions, merchants must also deal with legal costs, interest, charge backs, merchandise replacement, and various other expenses. For every dollar lost through payment fraud in 2019, LexisNexis Risk Solutions estimates that merchants will incur total losses to the tune of $3.13, an increase of 6.5% over 2018 (and a big jump from $2.40 in 2016).
Payment fraud involving CNP (‘Card Not Present’) transactions is forecast to cost merchants an estimated $130 billion in revenue 2019 and 2023, according to Juniper Research. In the United States alone, CNP fraud grew 34% from 2015 to 2016 to $4.57 billion according to latest available statistics from the Federal Reserve Payments Study.
With data breaches that expose payment card details having become worryingly regular events, the pool of potential victims of payment fraud is growing deeper by the day. Risk Based Security’s ‘Mid-Year Quick View Data Breach Report’ counted 3,813 data breaches in H1 of 2019 that compromised over 4.1 billion records, an increase of 52% over the previous year.
How Can Payment Fraud Be Thwarted?
Initiatives such as PCI-DSS (Payment Card Industry Data Security Standard) and Mastercard’s Identity Check, among others, aim to reduce fraud by promoting and enforcing data security standards, and by leveraging several types of identifying data to ensure that only card holders, not bots, are able to carry out online transactions.
Organizations such as the European Cybercrime Center, the Internet Systems Consortium, the Malware Anti-Abuse Working Group and Spamhaus have all coordinated takedowns of botnets that were implicated in payment fraud. However, when one group of cyber criminals is thwarted, others quickly join the fray. And as technical vulnerabilities are patched, cyber criminals soon seek other methods to perpetrate fraud.
Our experience with e-commerce customers indicates that the best way to stop payment fraud is to stop cyber criminals right at the outset ─ as soon as they visit your site.
Generally, when fraudsters try to use stolen user account credentials or payment card details, they traverse through various pages on your site or app to view product listings and descriptions, add items to shopping carts, and finally land on your payment page.
With the help of behavioral analysis by bot management solutions like Radware Bot Manager, you should be able to stop payment fraud and carding attempts well before they reach your payment page. This helps you protect your customers as well as your business from payment fraud, as well as other threats posed by bots.
The escalating cost of fraud ─ and the difficulties that conventional web security systems have in differentiating between real shoppers and bad bots ─ make it crucial for retailers to adopt dedicated solutions that can detect and block automated attacks in real-time. With no comprehensive solution to payment fraud available today, online retailers simply cannot wait until a technically-robust authentication system is developed and widely adopted. This is why e-commerce businesses are increasingly adopting specialized bot management solutions that are designed to detect malicious automation that can effectively stop payment fraud and other automated threats.