Today’s sophisticated cyberfraud landscape requires constant vigilance by merchants against the ever-present threat of bad actors.
As companies take crucial steps to update their prevention toolkits against increasingly digital and modern threats, cybercriminals are already collaborating on new ways to exploit organizational vulnerabilities across the enterprise.
Mark Michelon, president at digital fraud and financial risk prevention solution Accertify, a wholly owned subsidiary of American Express, told PYMNTS that the evolution of fraud over the past 20-plus years has been nothing short of “mind-blowing.”
“Your typical fraudster continues to evolve,” he said. “As a fraud professional, it’s becoming more complex to combat all the different potential exposures where businesses across all industries could lose money.”
He highlighted the recent rise of two particularly nefarious types of fraud: account takeovers (ATOs), where bad actors take ownership of accounts using stolen credentials, and refund abuse, where a customer falsely claims they didn’t receive the product and demands a refund.
See also: Organized Retail Crime Groups Focus on Everyday Consumer Goods
“The concept of payments fraud in the card-not-present (CNP) space is still alive and present, and, over the last few years, account takeovers and refund abuse have really come into prominence,” Michelon said.
It is critical for businesses to look at the entire customer journey to prevent bad actors from having their way.
“You can’t just wait at the payment side because there are so many different touch points that need to be protected,” he said.
The rise of digital shopping and transactions has equipped both fraudsters and merchants with new tools, Michelon noted, saying, “It’s easier to mask who you are in the digital world, so Accertify recommends putting in a risk mitigation strategy that assesses risk along the entire customer journey.”
Next-generation tactics, including behaviorally primed digital phishing, can lead to account takeovers or refunds being redirected to the attacker’s account. Meanwhile, scammers are also increasingly using stolen usernames and passwords from data breaches to gain unauthorized access to user accounts on different websites.
Michelon underscored the importance of proper “password hygiene” from users and stressed the need for greater education around security measures for merchants, as stolen usernames and passwords can have a disastrous impact when users reuse the same password across multiple accounts.
Taking the appropriate risk mitigation and revenue protection steps “is a balancing act because ideally 90% or more of your customers are good customers, and you don’t want to make it difficult for them to do business and return their items,” Michelon said. “It’s a very competitive world, and if you create friction, you could lose not just the sale, but the lifetime value of the customer.”
He added that “understanding customer behavior” through data is critical to staying ahead of cybercriminals without impacting customer retention and audience growth.
“Marketers have been leveraging data around user behavior and interactions for a long time, and now risk professionals are starting to tap into it more to understand and identify what a consumer looks like versus a criminal,” he said.
By getting a better sense of how a certain customer interacts with a business combined with leveraging data around “what a good guy or a bad guy looks like,” Michelon said it is possible for organizations to integrate “selective frictions” that trip up bad actors posing as someone else without making the bulk of “good customers” jump through extra hoops.
See also: 45% of Consumers Trust Primary Banks to Keep Payments Credentials Secure
As for what the Accertify president thinks is the best approach to a dynamic, modern fraud defense?
“The beauty of our industry is that the amount of collaboration between merchants and their fraud prevention providers today compared to 20 years ago is just amazing,” he explained. “The fraudsters and bad actors are talking with each other, they are sharing ideas and tips across chats, so we as an industry can never forget that — we need to work together to combat rising fraud and identify new vulnerabilities and tactics.”