Fast Fraud and Merchants:

How to Stop Your Next Biggest Threat.

2015 ©Vesta Coporation

And many of those purchases

are strictly digital—products like

e-books, gift cards, and event

tickets—with instant delivery to the

consumer. For retailers, it’s becoming

increasingly necessary to offer digital

goods and online sales options in

order to compete.

This new retail landscape,

however, has also opened up new

opportunities for fraud. Online and

mobile purchases don’t require a

physical credit card, so card-not-

present (CNP) transactions are

often more vulnerable to scams.

Additionally, consumers expect

to receive their digital purchases

immediately, which leaves retailers

with less time for identity and

payment verification.

These factors and vulnerabilities

have led to the creation of an entirely

new category of fraud: Fast fraud.

Fast fraud occurs when perpetrators

take advantage of weaknesses in

online and mobile commerce fraud

prevention systems to steal digital

goods, which can then be re-sold

on the secondary market. Other

fraudsters hack into retailers’ systems

and swipe customer credit card

information for use or sale on the

secondary market.

As online and mobile commerce

continue to grow, fast fraud is

expected to become increasingly

prevalent. Fortunately, there are

steps retailers can take to better

protect their business, their data,

and their customers from fraudsters.

Americans are making more purchases online and on their phones than ever before...

Page 2 >

The Rise of Fast Fraud

Fast fraud is the result of multiple converging trends. Today, more adults

are shopping online and via mobile device, especially as smartphones and

tablets become more prevalent. In 2013, 55 percent of U.S. adults owned a

smartphone; by 2014, 75 percent owned one.

Retailers have noticed this trend and are working to encourage more mobile

purchases. In 2014, 15 percent of all merchants offered mobile commerce

options—double the percentage that offered them in 2013.

At the same time, digital goods have taken off. Products like e-readers and

digital music services have made e-book and music downloads increasingly

common. In 2014, consumers spent $5.7 billion on e-books. That figure is

expected to grow to $8.7 billion by 2018 (PWC). Similarly, music downloads

and audio-streaming services now account for 64 percent of the total market,

with sales of digital music formats reaching $4.5 billion in 2014 (RIAA). Many

consumers have also begun purchasing items like gift cards and event tickets

online. In 2014, consumers spent $6 billion on digital gift cards alone, up from

$5 billion in 2013.

These trends have escalated so quickly that many retailers’ fraud prevention

systems have failed to keep up, and fraudsters have taken advantage of the

opportunity. According to the Identity Theft Research Center, there were at

least 783 tracked data breaches in the United States in 2014, a 27.5 percent

increase over 2013 and an all-time record. Javelin Research and Strategy

estimates CNP fraud was about $10 billion in 2014 and expects that number to

climb to $18.4 billion by 2018.

Page 3 >

Fast fraud will likely become more common in the coming months, as the

United States transitions to EMV credit card security standards. These cards

will make in-person credit card fraud more difficult, so it’s likely that fraudsters

will switch their focus to the more vulnerable CNP transactions. In the United

Kingdom, CNP fraud rose 79 percent in the first three years after EMV

adoption.

55%adults

owned asmartphone

75%adults

owned asmartphone

2013

eBooks music gift cards

2014

Popularity of Smartphones

(Sales) $4.5 Billon $6 Billon$5.7 BillonPopularity of Digital Goods

Page 4 >

Page 5 >

The Consequences of Fast Fraud

Fraud has always had high financial costs for retailers and consumers, but fast

fraud’s costs are often higher and go beyond the monetary.

For example, fraud accounts for 15 to 20 cents of every $100 in revenue for in-

person transactions. For mobile transactions, however, fraud accounts for 68

cents of every $100 in revenue, a 350 percent increase. Additionally, research

has found that retailers pay $3.34 for every dollar lost to mobile fraud.

When fraud results in a full-blown data breach, the costs—both monetary and

reputational—are

even higher. In

2014, the average

organization spent

$1.6 million on post-

breach response

costs for legal,

consulting, and

victim identity

protection services,

according to

a study by the

Ponemon Institute. Making things worse, a highly publicized data breach often

leads to reputational damage and lost business for retailers. According to the

same study, the typical organization loses an additional $3.2 million worth of

business following a breach due to abnormal customer turnover, reputational

loss, diminished goodwill, and the increased customer acquisition activities

that are often required.

Legal expenses

Consulting fees

Victim protection services

fast fraud costs fast fraud costs

Monetary Reputational

$1.6MCustomer turnover

Reputational loss

Diminished goodwill

Increased acquisition

$3.2Mdata breach$4.8M

+

+

Fast fraud costs consumers, too. To

compensate for anticipated losses,

some retailers are passing the costs

of fraud onto their customers in the

form of higher prices. Merchants

have also begun adopting policies

and technologies that slow down

the transaction process, making

purchases less convenient for

shoppers.

Additionally, consumers run the risk

of being scammed by fast fraud

perpetrators on the secondary

market. Fraudsters often unload

stolen digital goods through

legitimate websites that allow consumers to exchange unwanted gift cards or

event tickets. If retailers are able to determine that the goods are stolen, the

customer is left to deal with the consequences. Many times, this leaves retailers

in a difficult position, as they must decide whether to honor a fraudulent gift

card or ticket that’s been sold to a well-intentioned customer.

Page 6 >

A highly publicized data breach can mean:

• Reputational damage

• Lost business

• Abnormal customer turnover

• Reputational loss

• Diminished goodwill

• Increased customer acquisition efforts

Why Traditional Fraud Solutions Won’t Work Fast Fraud and The Need For Speed

The nature of digital product purchases with immediate delivery can make it

very difficult to identify fast fraud when it’s happening and to track down its

perpetrators after it has occurred. As a result, most traditional preventative

solutions, which are geared toward preventing fraud when products are

shipped to the customer, fall short.

Online and mobile shoppers expect instantaneous delivery of their digital

goods, yet many traditional solutions are not adapted for instantaneous

delivery. Existing systems often require time to accurately verify the

cardholder’s identity and payment, which works well when consumers must

wait a few days for their products to ship. When digital goods are involved,

however, and immediate delivery is expected, most existing systems are unable

to accurately verify payment details, due to the sheer speed of order fulfillment.

CNP Transaction attributes

Immediate fulfillment

Immediate monetization

Verify customer and address

Authenticate transaction

Hold goods pending authorization

Digitaldelivery

Physicaldeliveryvs.

Page 7 > Page 6 >

Additionally, digital delivery requires no physical address. Digital goods

are usually delivered via email or mobile device, so shoppers’ locations are

unknown. Systems that require consumers to enter a physical address when

one isn’t needed can slow down the transaction process, eliminating the fast,

frictionless checkout process that consumers prefer.

The secondary market further complicates matters. When fraudsters unload

their goods on legitimate online exchange sites, honest consumers can wind

up with the stolen products. This makes it extremely difficult to track down

and punish the actual perpetrator.

Most existing fraud prevention solutions work because they’re able to verify

the accuracy of payment information in the time span between purchase

and delivery of goods. Existing systems can flag addresses associated with

suspicious activity, and when possible, perpetrators can be tracked down at

those addresses and the stolen goods recovered.

With fast fraud, however, these elements are absent, and fraudsters’ easy

access to a legitimate secondary market means goods can be unloaded

almost instantaneously. The combination of all these factors makes it nearly

impossible for traditional fraud prevention measures to combat fast fraud.

Page 8 >

How to Successfully Prevent Fast Fraud

As online and mobile shopping and digital goods continue to grow in

popularity, fast fraud will become an even larger problem for retailers in the

years to come, especially as the United States transitions to EMV.

Unfortunately, many retailers are

learning about their fast fraud

prevention gaps the hard way.

Merchants who move into the

digital products space are often

overwhelmed with high loss rates

and are forced to stop selling the

products immediately. Retailers

often look to their existing

vendors for solutions, but these

traditional providers often can’t

provide the help required.

For retailers in need of a solution

that prevents fast fraud, the

following tips can help:

• Don’t go it alone. For many retailers, it’s tempting to build an in-house

fraud solution. Yet, most businesses, particularly small- to medium-sized

organizations, would require significant staff additions and technology

upgrades to establish a functional process. Additionally, outside vendors are

monitoring fraud patterns across numerous clients, which allows them to

learn about new theft techniques being employed and implement proactive

security measures to stop them before they happen.

When shopping for a fast fraud solution:

• Don’t go it alone

• Look for guaranteed payments

• Watch for red flags

• Choose expertise over novelty

• Keep the customer experience in mind

Page 8 > Page 9 >

• Look for guaranteed payments. Only a handful of vendors offer a

guaranteed payments solution, but it’s worth seeking out. This model

places all of the risk on the vendor, not the retailer. If the vendor wrongly

determines that a payment is safe and allows the purchase to proceed, the

vendor then picks up the cost of any associated losses for the retailer.

• Watch for red flags. Many vendors overpromise their capabilities, and

retailers are wise to be wary when choosing a partner. Common red flags

include the promise of “instantaneous integration,” which is highly dependent

on the size of the retailer and the type of payments system used. As such,

retailers should investigate vendors as much as possible. Merchants can look

at the vendor’s list of current clients to ensure the provider has experience

working in the merchant’s particular industry and understands its unique

needs and fraud profile. When possible, retailers should ask for referrals and

interview some of the vendor’s past and present clients to evaluate whether

needs are being met.

• Choose expertise over novelty. Fast fraud’s relative newness means many

startups have jumped into the fraud prevention and payments processing

field to try to solve the problem. However, the effectiveness of any fraud

solution increases over time. Vendors that have been in the industry for

a number of years have lengthy logs of experiential data, which can be

used to spot fraud more quickly and identify holes that could be exploited.

Experienced vendors are also able to harness the knowledge gained by

working in different industry verticals to adapt solutions that meet the

particular needs of each retailer. When searching for a provider, retailers

should, at minimum, make sure the vendor has experience working with

businesses of similar size and industry.

• Keep the customer experience in mind. Many solutions work simply by

slowing down the transaction process or requiring the customer to complete

additional and lengthy verification steps. For retailers, these systems often

result in dissatisfied customers and abandoned purchases. When choosing

a provider, retailers should ask questions about how the solution will impact

the customer. The best solution will offer the highest conversion rate for

approved sales and the lowest friction checkout process possible.

Page 10 >

Page 10 > Page 11 >

Summary

It’s important for retailers to find the right system for their unique needs and

then monitor the solution’s performance over time. The best fast fraud solution

will combine payment processing, fraud prevention and guaranteed payments,

allowing retailers to sell digital goods to their customers without assuming

unnecessary risk in the process.

View our series of fast fraud videos at info.trustvesta.com/fastfraud

4400 Alexander DriveAlpharetta, GA 30022-3753 USATel: +1 678.222.7200Fax: +1 770.772.0600info@trustvesta.com

11950 SW Garden PlacePortland, OR 97223-8248 USATel: +1 503.790.2500Fax: +1 503.790.2525info@trustvesta.com

Av. Américas 1536 1ACol. Country ClubC.P. 44637Jalisco, Méxicoinfo@trustvesta.com

Finnabair Business ParkDundalk, County LouthRepublic of IrelandTel: +353 (0)42 939 4600Fax: +353 (0)42 939 4601info.ireland@trustvesta.com

No. 6 Ji Qing Li Road, Unit B603Chaoyang District, Beijing 100020 P.R. ChinaTel: +86 10 65525508info.china@trustvesta.com