Understanding fraud and regulation
By Marc Docherty, Head of UK Acquiring, Ingenico Enterprise Retail.
As technology advances and payments are increasingly made online, fraud cases are unfortunately on the rise too. This can come in many guises, from traditional ‘phishing’ cases, to data breaches, and ever-increasing ‘friendly fraud’. Whatever the method, fraud can have devastating effects on businesses, their reputations, and finances. It was reported that in 2018 alone, criminals successfully stole £1.2 billion through fraud and scams, so it’s more important than ever to keep up to date with the latest information on how to prevent your business or customers falling victim.
Fraud at a glance: There are hundreds of different fraud tactics out there, so here I focus on those that tend to be most prevalent.
- Friendly fraud
This type of fraud occurs when a consumer makes an online shopping purchase with their own credit card, but then requests the money back from the issuing bank after receiving the purchased goods or services. This is commonly called a chargeback, and can often occur unknowingly. For example, should a child buys credits for a game using their parents’ linked credit card, without the parent realising. However, it is also often done with malicious intent.
- Data breaches: If a company’s server lacks adequate security, this leaves its systems wide open to a data breach. This is when fraudsters gain unauthorised access to a whole host of information, including sensitive business information and personal customer data including bank details, passwords, addresses and more.
- Phishing: Phishing is the process by which fraudsters obtain customers’ private details by masquerading as a legitimate company. For example, a fraudster sends an email out convincing the receiver that it’s from a retailer they frequently shop with. The consumer follows the directions to click a link and fill out the details ‘necessary to continue shopping with the retailer’ or similar. The fraudster then harvests these details to either commit identity fraud or simply take the money directly from the victim’s account.
The risks: The main risk businesses consider when they think ‘fraud’, is the financial one. If a company is out of line with regulations and suffers a data breach, for example, they can be fined up to £17.5 million. If merchants don’t keep a check on friendly fraud, they can lose out on money as well as stock.
Furthermore, fraud doesn’t just affect businesses financially. If companies are associated with data breaches or poor fraud prevention management, they risk damaging their reputation. Take British Airways’ 2019 data breach for example – not only did the company have to pay a record £183million fine, but consumers will have likely turned to competitors to book their next flight.
A note on regulation: Regulations can be daunting for businesses, but they are necessary for protecting our society as we increasingly move online. One of the most recent security measures, General Data Protection Regulation (GDPR), was enforced in May 2018 to tighten up the processing of personal data. As is often the case when new regulations are implemented, businesses were at first worried about how this may impact their operations, but over time and with the help of experts, these fears were alleviated. Thanks to GDPR, consumers now enjoy greater trust in merchants when they shop online, and we hope to see a decline in fraud as the years unfold following its implementation.
In terms of payments, some other important regulations to understand are the Second Payments Services Directive (PSD2) and Strong Customer Authentication (SCA). In a nutshell, PSD2 has improved customer rights, enhanced security through SCA, and provided a framework for new payment and account services by enabling third-party access to account information. Meanwhile SCA itself has increased security by enforcing extra authentication measures at checkout.
Although these regulations are implemented for positive effect, it can be difficult for merchants when certain measures increase friction in the buying experience. Fortunately, there are ways to ensure regulatory and fraud prevention processes are implemented with minimal effect on the customer experience.
How merchants can act: The best policies are learn, educate and act.
- Learn: As a merchant, take time to understand the latest regulations and fraud practices as best as you can. You can do this by regularly taking a look at expert blogs, such as this one, and following industry-specific news publications.
- Educate:It’s crucial to educate your customers. Warning them against current fraud practices like Phishing, for example, will reduce their risk of falling victim to scams of this nature. Similarly, letting them know any updates to expect in terms of fraud prevention or regulation can contribute to a seamless user experience. For example, SCA’s Two Factor Authentication policy has been seen to flummox customers, leading them to abandon online shopping baskets. User experience issues such as this can be avoided by communicating with your clients.
- Act; Make sure to implement measures earlier rather than later. The best way to combat fraud and related issues is to hand over to a professional who can advise on and implement the best course for your business. Although fraud is complicated, a secure payments system backed by a team of experts is an essential step to helping prevent fraud and optimising business operations.
Here at Ingenico Enterprise Retail, we are well versed in risk and regulation and have not only several secure payments solution options to suit your business, but a range of dedicated experts on hand to answer any qualms or queries you may have regarding fraud and regulation. Visit here to learn more about how we can help your business: https://www.ingenico.co.uk/omnichannel.