Written for Braintree’s “The Future of Fintech” series on BBC Capital
Online fraudsters used to be much easier to spot, for most of us anyway. There would always be pensioners willing to dutifully hand over their life savings to a down-on-his-luck Nigerian prince. Phishing emails and websites duped a few more of us before we all learnt to spot the dodgy logos and poor spelling that suggested they were being sent from a remote tin shed.
If the fraudsters weren’t operating with impunity from some lawless corner of the globe, Hollywood taught us they were likely a genius loner, effortlessly hacking their way into government mainframes from the comfort of their dark bedroom. These days, however, online fraud is increasingly the domain of sophisticated criminal outfits that systematically exploit any weakness they can find in the growing world of online commerce.
As we become more used to buying products on our mobile phone, online shopping revenue and mobile commerce continues to grow at a staggering rate. Unfortunately, that growth comes with the rising risks and associated costs of online payment fraud, particularly for businesses. Card-not-present (CNP) fraud, the leading cause of online fraud, increased from $323 million to $402 million in Australia during the last financial year, a jump of 13%.
Klas Back, head of international sales at Braintree, the next-generation online payment system behind some of Australia's largest online retailers such as the Iconic and OzSales, says poor payment security is a major inhibitor of mobile buying behaviour, even among younger, tech-savvy customers.
“We know that 42% of Millennials limit their mobile transactions due to security concerns which is akin to almost half of your customers being too scared to come into your store. We provide multiple industry-leading safeguards, and we’ve seen double-digit reductions in fraudulent transactions with our merchants, but fraudsters are always looking for new ways to take advantage.”
Up until now, discussion on the topic has been largely focused around the risks to consumers, in terms of how they can best protect themselves and their details while shopping online. However, consumers are already well protected by legislation, coverage by alternative payment methods such as PayPal and credit card providers when it comes to online payment fraud.
Attempting to stop online payment fraud can be a double-edged sword as these efforts aren’t without their own costs. The ongoing expense of manually reviewing orders and implementing DIY detection systems can quickly outweigh the costs of fraud itself. These measures can also result in legitimate orders being declined and cancelled, which quickly accumulates in lost sales and poor customer relations.
While merchants could be forgiven for feeling stuck between a rock and a hard place when it comes to fraud prevention efforts, new advances in detection technology are swinging the odds back in their favour. To find out more about this ongoing battle, Don Bush from Kount, a fraud prevention security provider, was able to further shed some light. Don says while businesses understand fraud is an issue, many don’t understand the lengths that fraudsters are going to in order to commit their crimes.
“It’s no longer just some hacker in the back room somewhere. You’re now dealing with a well-networked criminal element who are very well armed for what they do. Just like the businesses they target, they have their own internal hierarchy and they tend to specialise in certain industries, as this expertise allows them to get the best possible return from stolen goods and services.”
Business is booming in the world of online payment fraud as it’s been estimated more than half a billion dollars of fraudulent payments are made in Australia each year. Some experts believe the costs to businesses on a global scale could be upwards of $55 billion and that’s before accounting for the additional operational expenses of prevention systems.
What are some of the new tools that merchants have available to them for preventing this onslaught of fraudulent activity? A useful tool according to Don, is device fingerprinting which is an innovative system that allows merchants to instantly identify the device that a transaction is being made from.
“Every device that’s logged onto the internet has a certain set of characteristics that are as unique as a fingerprint. So, if you’re making a transaction from a computer, your mobile phone or a gaming device, we’re able to identify that device in real time and combine it with our own data in order to make an instant decision about whether that transaction is legitimate or not.”
While tools like this are making life much harder for online crooks, that hasn’t stopped criminals from using technology themselves to prevent detection. Many fraudsters have begun using proxy IP addresses to prevent their location from being identified. Transactions being initiated from overseas are normally a red flag for most local businesses but these proxy addresses allow scammers to appear as if they’re in the same country.
Card-not-present (CNP) fraud, the leading cause of online fraud, increased from $323 million to $402 million in Australia during the last financial year, a jump of 13%."
“This led us to developing what we call a proxy piercer,” says Don. “It’s a piece of technology that’s designed to examine the proxy provided during a transaction and determine whether the buyer is telling the truth or not about their location.”
As this cat and mouse game continues, many businesses might wonder how they’re expected to keep pace with the new tech-enabled tactics of online fraudsters. This is where a flexible payments system such as Braintree comes in handy as it can be partnered with multiple third-party integrations.
While fraud protection services may seem like a no-brainer for businesses that process hundreds or thousands of consumer transactions every day, there is still some reluctance among those businesses or enterprises that process a lower volume of significantly larger B2B transactions. However, this complacency creates an ideal target for fraudsters.
“We see more B2B businesses moving online because the economics are better for them with online ordering systems and online operations. Because some of these B2B businesses have a lower volume of transactions, they tend to drop their guard in terms of fraud prevention. This means criminals can get in and hit pretty hard with large transactions before they’re detected. If they can find a buyer for whatever they’re stealing, then your business becomes a target, no matter your industry.”
With such determined criminal outfits to contend with, Don is pragmatic about stopping fraud completely, “If you want to stop fraud, then stop taking orders online.” That being said, the idea he says is to put as many hurdles in front of criminals as possible and they’ll have no choice but to move on to the next easy target. Either way, online fraud is here to stay it seems, so it’s up to businesses to protect themselves any way they can.