The increase in inexperienced and anxious ecommerce shoppers during the pandemic created a perfect environment for fraudsters. People who had never bought anything online before suddenly had no choice but to order groceries, clothing, protective personal equipment (PPE) and everyday items using just their PCs or mobile devices. The same goes for vaccines and at-home COVID tests: Consumers were willing to click on virtually any link if it meant protecting themselves from the deadly virus.
And that led to a tremendous amount of fraud.
In March, the U.S. Justice Department announced it was stepping up efforts to prosecute fraudsters who have taken advantage of pandemic-related benefits like the Paycheck Protection Program and unemployment insurance.
However, while these efforts may help the federal government recoup some of what they’ve lost, the general public continues to fall victim to COVID fraud.
Between January 2020 and January 2022, the Federal Trade Commission received over 292,000 reports of COVID-19 fraud, equaling $674 million in losses.
The most vulnerable and greatest losses were reported by seniors.
This isn’t surprising: In our original research report, State of Consumer Attitudes on Ecommerce, Fraud & CX 2021, we found that 87% of respondents 65 and older increased their online shopping during the pandemic. They also represent the fastest-growing group of online shoppers by age group.
It’s no wonder they were more susceptible to fraud—novice online consumers are naturally less savvy and more likely to mistakenly expose the personal information that would expose them to fraud.
And fraudsters seized the opportunity.
To online criminals, fraud is a game where creativity pays off. The more inventive the scheme, the more successful it is.
Fraudsters were careful to follow public health updates so their scams would seem more plausible. From stimulus checks and unemployment benefits to vaccines and fake virus cures the scams ran the gamut.
Common scams involved masks, antibacterial hand sanitizer and an “early access vaccine” through emails, texts and phone calls.
And that was just the beginning.
When people posted photos of the vaccination card online, fraudsters would steal their name, birthdate and personal information. They offered COVID-19 testing to Medicare recipients in exchange for personal information and created fake charity websites that were supposedly collecting money for COVID-19 patients and their families. Fraudsters pretended to represent the IRS promising stimulus checks or the Federal Deposit Insurance Corporation (FDIC) warning that their cash was in danger—all to get personal information.
Some of the worst scams involved fraudsters posing as a grandchildren or a military service member who was sick with COVID-19 and needed money for fake medical or travel expenses. Scammers even pretended to represent FEMA's COVID-19 Funeral Assistance Program, offering to register family members of deceased COVID victims so they could gather Social Security numbers and other personal identification.
How fraudsters accomplished all of this might be familiar to experienced online shoppers.
Other than pulling information off online images during the pandemic, fraudsters used tactics that have been around for decades, starting with phishing.
Phishing is much like it sounds and is quite the elaborate scheme. Fraudsters “phish” using links or pages to gain access to consumer data.
A fraudster may send a link via email, text or social media that appears to be perfectly legitimate, but as soon as the consumers clicks it, a type of malicious software called malware is installed on the consumer’s laptop or PC.
Using malware, fraudsters can access the consumer’s device and track keystrokes for capture login IDs, passwords and emails. More than 450,000 new malware programs are identified every day and the total number of malware programs is over 1.3 billion.
Alternatively, phishing links may instead go to fake websites, something that was quite common during the pandemic. Those website pages look like legitimate banks, insurance providers, supermarkets, travel agents and telecommunications companies. They lure consumers into providing information by alerting them to urgent issues or threats. Using the data they collect, fraudsters then sign into consumer accounts to make purchases and even take them over, which brings us to our next type of pandemic-related fraud.
Account takeover fraud is what often happens as a result of phishing. The fraudster uses stolen customer data to sign into various accounts and then find ways to create new credentials, locking the actual customer out of their own account.
In 2021, ATO fraud accounted for every fifth login attempt and 13% of U.S. ecommerce fraud costs. ATO can also happen as a result of data breaches and hacks. Not only do phishing and ATO fraud result in losses for consumers, but online businesses also suffer as well.
Eventually, fraud victims see purchases they didn’t make on their statements and contact their payment processor to file a dispute. From there, the payment processor begins an investigation and looks for proof that the purchase was legitimate.
If it turns out that the purchase is fraudulent, the online business has to refund the transaction amount to the customer and then pay a chargeback fee to the payment processor.
One chargeback isn’t necessarily a problem, but when fraud rates soar, so do chargebacks.
For large, enterprise-level organizations, with a huge volume of transactions, chargebacks are often considered an unavoidable cost of doing business.
On the other hand, small businesses can’t afford to have even a moderate number of chargebacks. They eat away at profits and take time away from handling sales. If a company’s chargeback rate exceeds a threshold (usually 1%) they will have to pay more fees and risk being placed on a chargeback monitoring program or could even be classified as a “high risk” merchant.
Too often ecommerce businesses try to handle fraud and chargebacks on their own using the fraud filters that are built into their payment platform.
Fraud filters aren’t bad in and of themselves, but they are all too often set up to deny any transaction that even seems to be fraudulent. For example, address mismatches and transaction amount are two common fraud filters where online businesses set their filters so stringently that anything suspicious is declined.
Now, think back to what we said about pandemic-related shopping behavior: Plenty of new customers who didn’t necessarily have predictable shopping patterns. Broad-brush filters often have no idea what to make of these types of shoppers … so they decline the transactions. And when you consider that 40% of customers who experience a false decline choose to never return to that business and 34% will take to social media to share their negative experiences, they cost businesses even more than profits.
Whether an ecommerce business experiences a data breach or they lose customers as a result of false declines, the negative impact on their brand can be long lasting.
Losing a customer doesn’t just impact one purchase, it means the loss of a lifetime of purchasing. And if that customer shares their displeasure, ecommerce businesses can lose potential customers.
That’s why every business, especially in the post-pandemic era, needs to have a comprehensive fraud prevention strategy.
The world of ecommerce moves fast. At the same time as companies want to approve transactions as fast as possible, they also need to make sure they aren’t exposing themselves, and their customers, to fraud.
A smart and scalable way to do this is by combining machine learning automatic approvals with flagging and review by experienced analysts, who use data intelligence to distinguish fraudulent from legitimate transactions.
ClearSale combines proprietary machine learning technology and a unique high-tech secondary review process to help you reduce the number of chargebacks and false declines that can cost you sales and customer relationships.
To help your company reduce fraud, chargebacks and false declines, contact us today.