For a number of reasons, Covid-19 has caused widespread panic across the globe with thousands of new cases emerging every day. However, not only is the pandemic fuelling anxiety but it is also causing economic instability as fraud levels are set to rise. Evie Rusman analyses Covid-19’s impact on e-commerce fraud and speaks to industry experts
It is not unusual for cyber criminals to take advantage of a global crisis. In recent weeks, the crown prosecution service (CPS) in the UK warned that financial fraud could be at an all-time high due to the virus. Not to mention, this week, the National Crime Agency also informed the public that scammers are using fear about the coronavirus outbreak to hook victims.
Furthermore, due to social distancing measures, a huge chunk of the globe is being forced to stay home – this has caused a spike in e-commerce levels.
Speaking to EPI, James Richardson, head of market development, risk and fraud, at Bottomline Technologies discusses how Covid-19 is becoming a catalyst for fraud.
“It is clear that fraudsters will never let a good crisis go to waste, evidenced by the number of cases we’ve seen related to Covid-19 scams around the world,” he says. ”By leveraging the good will and curiosity from those who want to learn more or protect their loved ones, they are encouraging people to click on fraudulent emails and texts and make payments.”
Rising fraud levels
Why such a rise in fraud levels? E-commerce fraud prevention company Forter argues that Covid-19 has increased the pace of online consumer activity, and as a result fraudsters will be looking for weaknesses in overstressed systems to exploit.
Michael Reitblat, Forter CEO and co-founder, tells EPI: “Fraudsters are abusing the fact that most companies are currently operating on work-from-home practices and employees are, in general, less aware of these types of fraud attempts and less able to stop them.
“For the delivery of physical items, Coronavirus has created a good excuse for fraudsters to leverage data that may not match the expected information for that order, i.e. excuses for items not being at the specified shipping address, or requesting items to be left in specific places, etc.”
In the company’s latest special report, Impacts to Global E-Commerce and Fraud Trends Amid coronavirus, data indicates that there has been an increase in more sophisticated fraud attempts including social engineering and account takeovers. Additionally, more significant increases have been highlighted within loyalty and membership accounts.
“In this time of uncertainty, fraudsters are also recognising that individuals are expecting to be contacted by businesses such as banks, supermarkets and utilities, updating them on their approach to coronavirus, and offering them ‘support’,” Reitblat adds. “This has led fraudsters to piggy-back official Government announcements and schemes to create fake websites and online forms, that will encourage individuals to reply to phishing emails and/or enter data in a seemingly trustworthy repository.”
Regulation plays a key role in ensuring fraud scammers are kept at bay. Recently, financial regulators and central banks have faced increasing pressure to tighten regulation on financial fraud to protect those at risk.
Fran Wiwanto, Chief Compliance Officer, APAC at Flywire, tells EPI: “In times of crisis, there needs to be a unified effort to prevent fraud. Governments, central banks and regulators should be working in close collaboration to combat the problem. They should also deter fraud with tougher laws and higher penalties, especially potent when combined with higher enforcement rates of non-compliance cases. The increased visibility of such cases and more educational outreach to the public by the government and industry bodies will all contribute to the fight against fraud at such a difficult time.”
Adding to this, Richardson argues that regulators are already pushing the boundaries to tighten restrictions, however, Covid-19 could cause a delay in this process.
“Regulators are continuously pushing for a risk-based approach, which is the right thing to do, and shouldn’t let up,” he says. “The challenge will be if deadlines for meeting controls or regulations get deferred to allow organisations time to breath with the situation. The risk with that approach, frankly, is that fraudsters don’t wait for a deadline to play a fair game.
“Right now though, some businesses are in survival mode. They need to be even more vigilant at this time, as cash flow has become absolutely critical overnight. Making payments to a fraudster is the last thing you want to do, as recovery is sadly still woefully poor.”
According to Richardson, the payments industry is very robust, however, it is the individual businesses that need to be tactical when it comes to combating fraud.
“Amid Covid-19, payments are still flowing and money is still moving, but as expected, payment volumes are shifting. It’s not the payments industry which is at risk here so much, but the individual businesses that fail to protect themselves. Many networks are as strong as the weakest link, so vigilance is critical. Clearly everyone in this space is looking at what happens next, and how we can help each other.”
Alongside Covid-19 pressures, in Europe, PSD2 is also adding to the demand to make the e-commerce industry more resilient. PSD2 guidelines outline that merchants must utilise Strong Customer Authentication (SCA) techniques such as biometrics and one-time-passwords (OTPs) to tackle payment fraud. The SCA deadline is currently set at December 31 2020, after the EBA extended the deadline for a further 18 months last summer.
Richardson discusses how these techniques, however, may not be readily available and urges businesses to do whatever they can to prevent fraud – even if this means manually checking transactions.
“It’s important to act from where you stand. Yes, the best-in-class companies are using multi-factor Authentication, anomaly detection, encryption, account verification measures, etc., however you have to do what you can today. If that means manually checking the transactions in a payment run, do it. If it means making two extra phone calls to check the payment is real rather than chance it, then do it.
“Of course, technology is available to remove or reduce that effort, checking both inbound and outbound traffic, but if that’s not an option for you right now, then this will be the next best thing in the interim.”
Payments are essential in everyday life. Therefore, it is even more necessary to make sure the industry adapts to this crisis. Forter’s head of business development for the UK & EMEA region, Neil Smith, speaks to EPI about how the payments sector is well positioned to bounce back.
“One example of how the payments industry has the ability to adapt in a crisis, is the ability to increase contactless limits from £30 to £45 in a matter of weeks; in normal circumstances this could take many months,” he says. “This action alone increases convenience and speed for customers when making purchases.
“For a long time, payments has been central to e-commerce and digital traffic, providing strategic guidance to top businesses who have had to change their core business models. Despite these unprecedented times, the payments sector will be poised to bounce back stronger than before.”