In the age of online shopping, shoplifting has gone digital

The pandemic has forced shoppers to dramatically alter their behaviour. In no sector is this more obvious than in food shopping.

Emilie Grünzweig, Director of eCommerce & Fraud at Riskfied

Source: Riskified

Grocers have experienced huge demand for online shopping. Many consumers will have switched to online deliveries in the last 12 months due to safety concerns relating to Covid-19.  According to a survey by Mastercard, just under one in four Germans ordered groceries online for the first time during the lockdown. And many will have found it more convenient and are likely to stick with it even once the pandemic is over.

However, alongside this rise in popularity, there has been an increase in online fraud. According to a recent survey by the German Federal Office for Information Security (BSI), almost one in eight Germans has been a victim of fraudsters in online commerce. Methods we witnessed vary from carding, where fraudsters place low amount orders in supermarket websites to test out the validity of credit card details, to more sophisticated fraud schemes targeting customer accounts directly. The latter method is especially attractive to criminals because of customer benefit schemes such as loyalty points, which can be easily spent on purchasing products, and are less likely to raise fraud concerns compared to card payments.

The methods of the fraudsters

There are two main ways that fraudsters gain access to these login details in the first place. There is “credential stuffing” where fraudsters use bots to mass test login details leaked in data breaches. They’ll test the login details across multiple sites. Another way that fraudsters access these details are “phishing scams”, in which fraudsters target individuals and trick them into sharing confidential details, such as account login data or card payment numbers. According to Statista, online shops made up the largest percentage of phishing attacks in the third quarter of 2020, at around 19.22%.

Digital transformation has given rise to potential avenues for fraud in the grocery sector: contactless shipping and delivery, as well as the option to buy online and pick up at curbside or in-store (BOPIS). This has turned out to be convenient not only for consumers, but to fraudsters as well. BOPIS, in it’s “COVID version” means that a proper physical identification of the consumer is almost impossible to do and needs to be done online, prior to the pick up of the goods. Also, many of these orders have short fulfillment windows and must be approved almost immediately. To keep the customer experience as smooth as possible while keeping the much needed social distancing rules in place, physical identification during pickup is rarely requested and  it usually refers to an order number or an online receipt.  But, if the fraudster has taken over the account of a legitimate customer, or used his own email while paying with someone else’s credit card for the transaction, they can easily access both and fool the merchant.

Source: AnnaStills

What retailers need to do now

Combating fraud is difficult due to the risk of being overcautious. For instance, supermarkets can cancel orders if they believe they are fraudulent. But cancelling legitimate orders will frustrate customers, who can easily take their business elsewhere, as another store is only a webpage away, rather than the other side of town. So, what should merchants do? First, know what goods are being targeted. Currently, pharmaceuticals and liquor are common targets, as they are non-perishable and easier to resell. However, these trends change over time. Second, it is crucial to try and identify customers by connecting digital accounts to their physical owners. Merchants should understand the MOs fraudsters use and adopt fraud prevention strategies that also address the growing problem of ATOs, especially since there is no time to manually check every order for fraud.  

As shopping has gone online, so too has shoplifting. Fraud prevention technologies that rely on machine learning models for real-time decisions are an excellent match for the grocery industry. Using the power of strong customer networks and data linking can help merchants prevent fraud and adapt to changing order patterns even when sales skyrocket.  Today’s supermarkets need to adapt and defend against these modern-day threats. This is the only way they can offer their customers seamless service in the long term and increase their sales at the same time.