Réka Eszter Bodó, Riskified

By Reka Eszter Bodo, research analyst at Riskified

With consumers required to stay at home and shops forced to shut during the COVID-19 pandemic, demand for eCommerce has boomed.

However, with more people than ever using online shopping, online fraud has also increased.

While fraud is a risk to everyone, certain communities are more likely than others to be targeted. Elderly people, many of whom may never have used online shopping before the pandemic, have been particularly impacted.

In fact, since lockdown began last year, the charity Age UK found that more than £5m has been lost to coronavirus-related scams and £16m lost to online shopping fraud among those aged 55 and over.

Fraudsters target the most vulnerable in society because their scams are more likely to be successful. In some cases, elderly victims are targeted because their cognitive abilities may have decreased with age, or because they have less experience with online interactions, and so are less likely to recognise a scam. In addition to this, elderly people are often targeted as they’re more likely to have financial savings, own a home and have a good credit rating.

We have identified three “classic” fraud practices that fraudsters usually adopt when targeting the elderly. In the first, fraudsters steal data such as payment details or account logins and try to use this information to make a purchase – this is called CNP fraud (Card Not Present). There are ways for merchants to detect and prevent this kind of fraud: if the purchase is made from an unusual geographical location, IP address, or a different device that is inconsistent with the customer’s previous behaviour, there are machine-learning based fraud prevention solutions that can spot it and stop it.

The second type of fraud practice – Device Takeover – is more difficult to spot, because it involves the active participation of the victim. For example, fraudsters will call a victim, pretending to be from a legitimate business. They will claim that they need remote access to the victim’s computer in order to repair a fault, and then ask for their card details to pay for this service.

Once the fraudster has scammed the victim into allowing access to their device, they can take it over. From this point, every purchase or financial transaction that takes place appears to be legitimate, based on the customer’s digital fingerprint and geographical data points. This disguise provides fraudsters with a window of time to make as many purchases as they can.

In the third scenario, fraudsters will call victims over the phone, claiming, for example, that there is a warrant for their arrest or a tax charge they must pay. This is called ‘Social Engineering’ – and fraudsters will make the victim believe they can avoid this by making a payment online and manipulate them into buying goods for the fraudsters themselves with their own credit cards. Often, these goods are virtual gift cards, which can be emailed to the fraudsters.

Fraudsters favour these scams because they bypass legacy fraud prevention systems, as the cardholder is actually making the purchase. And because fraudsters use sophisticated social engineering and human psychology to trick elderly victims, these attacks are more likely to succeed, especially if the victim isn’t tech-savvy and might be more trusting of individuals who portray themselves as service providers.

These scams are, unfortunately, very successful — according to Age UK, 43% of UK elderly believe they have fallen victim to these types of online fraud.

Retailers have a responsibility to try and stop these scams. Online merchants must always be willing to fight fraud, because it is a profitable crime and will never simply stop. If merchants do not fight, they run the risk of paying the price with their reputation.

So, what are the most effective ways for retailers to combat this type of fraud activity?

Keep up with fraudsters’ trends

Retailers can help by educating themselves about fraud trends in their industry. They should teach their staff about social engineering and common scams, so that they can empathise with victims — and avoid falling for the scams themselves, especially if fraudsters try to place orders with phone operatives.

Create stop-points

eCommerce retailers can also build “stop-points” into the purchase process, such as pop-ups or warning messages that give the victim time to reconsider a purchase or provide them with additional information about common or ongoing scams. This may help the victim to pay attention, be more aware of what they are doing, and to question the fraudster’s demands.

Make use of cutting-edge technology

Finally, retailers can put Machine Learning-based fraud prevention solutions in place. While certain kinds of fraudulent transactions can be difficult to spot because they differ from common Card-Not-Present fraud, it is still possible to use AI to catch them. However, doing so requires constant model training in order to be more nuanced when assessing purchases.

Behavioural analysis can help with this. For example, fraudulent orders often contain high-amount purchases, without any browsing history on that website, and would occur in high velocity. So, when a customer with years of low-cost orders suddenly purchases thousands of pounds worth of gold or an elderly customer suddenly buys several laptops or videogame gift cards, red flags must be raised.

If there’s one thing, I’ve learned from years of working against online fraud, it’s that fraudsters are continually honing their tactics and innovating new ways to evade detection. It’s our job to stop them, and it’s vitally important that retailers join that fight by rooting out fraudulent activity and investing in new technology to help protect their customers – particularly those who are most vulnerable.