Despite living in an age where antifraud measures are the best they have ever been, fraud continues to be a prevalent issue in the fintech industry. It appears no matter what cybersecurity companies do, fraudsters always find a way to overcome anything they come against (eventually). So what can organisations do to help themselves stay one step ahead?
This was the question Max Roberts, UK Country Lead, Stripe, the financial infrastructure platform for businesses, looked to answer. Roberts has over 25 years of experience in the technology sector, in consulting, sales and digital transformation roles at companies including Salesforce and Oracle. He is also a non-executive director at UK Finance.
Speaking to The Fintech Times, Roberts looks at the fraud challenges organisations face today and what they can do to help themselves not be overly reliant on their payment providers:
Businesses that sell online face more fraud risk than ever before. In Stripe’s recent fraud trends survey, nearly two-thirds of business leaders said it was becoming increasingly difficult to combat e-commerce fraud, and roughly the same proportion expect to lose more money to fraud this year than last. That’s shocking news given the challenging economic environment businesses are already facing.
Juniper Research found that merchant losses to online payment fraud will exceed $200billion between 2021 and 2025—money that’s definitely needed elsewhere.
Fraud trends you should know about
By analysing billions of payment transactions which Stripe processes every year, we can reliably identify new fraud patterns and trends. Here are some major developments business owners should be aware of.
One is the increase in card testing attacks. Some fraudsters obtain long lists of stolen credit card data on the dark web, or using phishing or spyware. In order to check whether these credit cards are still active, they use botnets to make small purchases on websites—thousands of purchases over a very short period of time, leading to a surge of traffic on affected websites.
The attacks can negatively impact businesses in a number of ways, including higher payment processing costs, failure risks, or simply by immobilising their websites under heavy traffic. Card testing has increased a lot recently, with 40 per cent more businesses exposed to such attacks today compared to before the pandemic.
Another important trend we noticed is that when it comes to fraud, geography matters. A lot. Businesses in Europe had substantially lower fraud rates compared to North America last year, which likely reflects the impact of trong customer authentication (SCA) in Europe. SCA mandates businesses to add two-factor authentication to their checkout flow for certain online transactions. While the regulation has introduced new friction to the user experience, it has been effective in reducing fraud.
Other parts of the world often follow Europe’s lead on regulations, and the same may soon be true for SCA. We expect two-factor authentication of online payments to become more widespread, including authentication tools like 3DS or CAPTCHAs. The SCA rules are currently under review in Europe, so there may be further changes in the future.
Finally, our fraud analysis revealed that some types of businesses are more vulnerable than others. We found that subscription businesses—specifically B2C companies—struggle the most with fraud. That’s because a subscription to a streaming service, for example, can be quickly bought and resold by fraudsters, without any shipping time involved. More than 75 per cent of B2C businesses reported that over the last year, their manual review load had increased, and they’d had to divert additional resources to fight fraud.
Why fighting fraud is hard
Effectively preventing fraud is a dilemma: after all, more stringent fraud prevention measures often deliver more false positives and a worse overall customer experience. False positives can cost a business money and damage its reputation. One in three consumers say they wouldn’t shop again at a business if their payment is declined without a legitimate reason. The lost revenue from blocking too many legitimate customers may not be worth marginal reductions in a business’s fraud rate.
For that reason, thresholds and rules of a company’s fraud detection model should be adjusted as a function of its risk appetite: the higher the profit margin, the less sensitive the model should be, because the higher the margins, the more money a business stands to lose from each false positive.
Machine learning and big data can help optimise a fraud detection model. More specifically, it’s useful to have a payments partner that can train a model with a lot of data. In total, businesses processed more than $640billion in payments through Stripe in 2021.
From the vast amount of transactions we see, we can identify new fraud patterns and trends with the help of machine learning, and act accordingly. This might sound abstract, but it’s not unlike an experienced shop owner who has learned how to spot potential shoplifters.
The difference with machine learning at Stripe is that it works on an entirely different scale. For example, a single improvement in Stripe’s ML-based fraud detection systems in May is estimated to have prevented an additional $40million in fraud alone. The change is also estimated to recover around $70million in user revenue per year. Even small changes to algorithms can have huge downstream benefits for e-commerce companies.
What you can do
Machine learning is very effective at fighting fraud. But businesses shouldn’t rely on their payments provider alone. Here are a few more ways to reduce the impact of online fraud on your business:
- Collect more relevant information during checkout, which will help you better verify a customer’s legitimacy. For example, make sure to collect the customer’s name and email address. This additional information can result in better machine learning detection of fraud and give you more evidence to submit during a potential dispute.
- Explore other payment methods. The right set of payment methods can offer flexibility to customers and reduce the risk of fraud. Digital wallets, like Apple Pay or Google Pay, require additional customer verification (such as biometrics, SMS, or a passcode) to complete a payment, resulting in lower dispute rates. Similarly, most bank debits add an extra layer of security and reduce the possibility of disputes.
- Manually review suspicious payments, which will help you take action before a potential dispute occurs. For example, if you’re unsure about a payment when you’re reviewing it, you can contact the customer by phone or email. Or, if you suspect a payment is fraudulent, you can refund it.
The online economy and its underlying financial infrastructure are highly complex, and legitimate players need to work together to fight fraud. Stripe is a key part of this ecosystem, and we take our responsibility very seriously. Bear in mind that your company is part of the ecosystem as well: Stay vigilant, and don’t give fraudsters a chance.