“Analysts estimate that this type of fraud will cost online businesses as much as $50 billion in 2020,” says Whitney Anderson, CEO, and Co-founder, Fraud.net, in an exclusive interview with IT Security Wire.
ITSW Bureau: What do you mean by a “friendly fraud?” How big a risk is it in the current COVID-19 situation?
Whitney Anderson: First-party or “friendly” fraud is a fraud that is executed by real consumers who opportunistically initiate chargebacks or demand refunds for goods and services that have been successfully fulfilled and delivered by merchants. In these cases, the fraudsters aren’t pretending to be someone else. They are real consumers who are gaming the dispute resolution system of an online business, and eventually, end up with both the goods and the funds. This is a particularly difficult type of fraud to prevent and identify as a result. It’s also an extraordinarily expensive type of fraud; the merchant shoulders the loss of the product or service, the costs of fulfilling and delivering the order, the costs of acquiring the alleged customer, and the administrative expenses involved in researching and resolving the chargeback and/or issuing the refund. Analysts estimate that this type of fraud will cost online businesses as much as $50 billion in 2020.
ITSW Bureau: What can enterprises do to combat the “friendly frauds?”
Whitney Anderson: To be sure, right now, the biggest obstacle to fighting friendly fraud is vendors’ unwillingness to flag this type of fraud at all. Without a sophisticated fraud prevention system in place, friendly fraud can easily be mistaken for legitimate returns. And online businesses are quite reluctant to push back on returns to avoid alienating good customers.
Still, friendly fraud is a fraud, and with the right tools, it is both identifiable and preventable.
Those tools require three elements:
1. Consortium Data. This is where merchants and payment processors share anonymous data about bad actors in their systems.
2. Fraud Monitoring. Perpetrators of friendly fraud are often repeated offenders. Identifying individuals making multiple refunds will help uncover these fraudsters.
3. Deep Learning. Deep learning models can be used to detect the sometimes subtle patterns of first-party fraud.
ITSW Bureau: How can AI help enterprises to mitigate risks and manage systems better?
Whitney Anderson: Some buyers will transition from being a legitimate customer to a fraudster when they realize they are not going to be challenged on a fake return or refund. They will sometimes leverage this knowledge to hit the same online business again and again. In other cases, they’ll use the tactics that they learned with one vendor to hit others with friendly fraud.
Collective intelligence allows the online business or bank to see across multiple transactions with multiple vendors. Artificial intelligence can parse that data to flag customers that are making multiple requests for return over a relatively long period of time. By assembling this composite of customer behavior, AI can put together a series of seemingly innocuous, individual transactions to identify a mosaic of fraudulent activity by a customer over time.
ITSW Bureau: Do companies possess the required skills and tools to fight the flood of security challenges that will come when remote working becomes the norm?
Whitney Anderson: Remote working will increase the amount of business that goes online, and online fraud rates will follow that trend upwards. In addition, many types of fraud will become harder to spot, as a face-to-face check-in with a colleague will become less commonplace with individuals in quarantine working remotely. The worldwide response to the coronavirus has certainly forced many companies to move into this arena more quickly than they planned to, and many were ill-equipped to deal with the associated risks, including those related to fraud. Still, we saw the increase in remote work as an inevitable trend, with or without COVID-19. So, these challenges were ones that businesses were going to have to deal with eventually.
Most companies do not yet have the skills and tools to fight the flood of security challenges associated with remote working. Still, those skills and tools have never been more accessible, easy to adopt, or cost-effective than they are now. It would be extremely difficult and expensive for companies to try to develop them on their own, but they can quickly, easily, and inexpensively protect themselves using the many offerings in the marketplace, including those from Fraud.net.
ITSW Bureau: What should the new enterprise security policy be comprised of post-COVID-19?
Whitney Anderson: The stay-at-home directives around COVID-19 have definitely led to a spike in fraud — first-party friendly fraud, third-party fraud, every kind of online fraud you can imagine. Once we get through this, we expect there to be a “new normal” for online fraud, as many businesses continue with higher levels of remote work even after it’s safe to head back to the office. Elevated levels of online buying, and online work, will mean that all the existing risks are going to be more acute, and more dangerous for the unprepared. For businesses with strong risk controls, and specifically anti-fraud controls, it will require higher levels of vigilance.
For those that have been getting by with manual systems, or more simplistic rules-based systems that don’t use collective intelligence or AI, the day of reckoning has arrived. They will need to invest in better systems, or see their profits picked apart by fraudsters in the weeks and months ahead.
Whitney Anderson, co-founder, and CEO of Fraud.net
Whitney Anderson, co-founder, and CEO of Fraud.net is a leader with over 25 years of experience in technology, digital commerce, applied AI/machine learning, and problem solving. Prior to Fraud.net, Whitney was Chairman and CEO of a number of major, online brands including PlanetRx.com and MotherNature.com.