Fraud Blooms Over Spring Break
Spring break feels like a time of fresh opportunity and relaxation, but like any peak purchase period it comes with risk attached for the online businesses that are most affected. Travel, accommodation and food/restaurant companies all need to take extra care during this exciting time. Whenever their offerings appeal most to good customers, they’re also likely to attract unwanted attention from fraudsters as well.
Food & Beverage Fraud
Forter’s sixth Fraud Attack Index found that the online food and beverage industry saw an alarming 79% increase in online fraud attacks, comparing Q4 2017 to Q4 2018. That was after a 60% increase over 2017, so the last two years have shown a determined assault from the criminal fraternity. This means that restaurants, delivery services and merchants should take time to assess their own fraud prevention efforts and ensure that they are fully protected against this growing threat.
As well as sheer growth in attack rates, the online food and beverage industry has also seen new types of fraud becoming more prevalent. Two techniques have become especially notable. The first is card or wallet testing, where fraudsters effectively use a company’s site as a sandbox to test stolen payment information. The second is the monetization of attacks by using social media to offer fake “deals” which are filled using stolen data, while the criminal pockets the good payment. This attack is self-perpetuating, since the fraudster can also leverage their victims’ information for later attacks. Since this industry is obviously of interest to fraudsters trying out new techniques, fraud teams and fraud prevention vendors must invest in ongoing research to understand the evolving nature of the attacks against this industry.
The Tricky Traveler
Over spring break, finding the fraudsters among the good customers can be especially challenging. Many of the more stable characteristics that can help build up a picture of a good customer are replaced by more dynamic data points. Shipping addresses may be far from billing addresses, since people may be on vacation. Public addresses such as those of hotels may be involved, new devices may be in use, and IPs from anywhere in the world may come into play. Situations with many customers using the same IP are also more common during vacation times, which can cause confusion for companies unable to identify IPs as belonging to hotels or airports. A holistic understanding of your customers’ identity is required to deal with this challenge, shifting away from a more static and transaction-focused approach.
This kind of challenge is often faced by companies whose business is travel. Airlines and OTAs, for example, have to adapt their fraud prevention efforts to this kind of situation all year round because their customer base is often traveling while making reservations or bookings. Spring break can add extra pressure for this industry as fraudsters know that it is easier to hide among a flood of good customers. As many online businesses still manually review transactions for fraud, fraud teams are under added pressure during busy times of the year. Criminals know this and are happy to take advantage.
New Fraud Techniques
Another challenge has developed in recent years as fraudsters increasingly target the entire customer journey, not only checkout. Since loyalty programs, promotions and referrals are important in the accommodation, travel and food industries, it is vital that merchants in this space guard against such attacks. This is often difficult, as many companies have yet to invest in protecting the entire customer lifecycle.
Fraudsters also use technology and tricks to scale, something that can work particularly well during busy periods like spring break. Automating parts of their attacks and setting up fake online travel agencies means that they can reach many more victims, with less work, in a shorter time. It’s no surprise that attacks against land travel and accommodation saw a 19% increase over 2018. With manual review teams overwhelmed by orders during peak seasons, fraudsters know that their scaled up efforts may add enough extra stress to increase the chances that their fraudulent orders will make it through.
Keeping the Customer Experience Intact
The most difficult aspect of the fraud threat is making sure that you don’t over-protect against it. It’s tempting to safeguard your business by making sure that policies are in place to block fraud as stringently as possible. But this approach risks harming your business from another direction: risk-averse fraud policies turn away good orders and frustrate good customers.
Travel, accommodation and food all operate under time pressure. Consumers expect to receive confirmation of their booking immediately. Businesses relying on manual reviews have to rush through orders, and often default to conservative approaches which turn away good customers whenever they’re uncertain. Relying on rules to limit the number of transactions sent to manual review doesn’t help, as rules inevitably fail to distinguish sensitively between good but complex buying stories and actual fraud. Rules also focus on the point of transaction, which can often be too late to stop attacks. Blocking fraud requires an understanding of the entire customer journey. Seasons like spring break show all the fault lines in such an approach, as the system struggles to cope with the number of orders and the dynamic nature of travel.
These are industries which are evolving fast in many directions. Consumers have increasingly high expectations, companies are trying out new ways to stay innovative and competitive, and fraudsters are continually looking for new techniques and technologies to increase the efficiency and effectiveness of their fraud.
Spring break is a challenging period with huge potential for travel, accommodation and food businesses. Companies in these industries must find the right balance between stopping fraud, streamlining customer experience and maximizing approvals. To do so they must look at the whole customer journey rather than only the point of transaction, familiarize themselves with their user ecosystem, and develop or partner with a system that is able to find the subtle differences between legitimate travelers and fraudulent cheats.