Synthetic Identities, Synthetic Shoppers, and the Impact on eCommerce & Retail
Synthetic identity fraud continues to be a major point of concern for retailers. In fact, the Federal Reserve indicates that synthetic fraud is the fastest-growing type of financial crime in the US. By some estimates, it now makes up nearly 80% of all identity fraud in the country.
While retailers embrace online channels to grow their sales and exposure, they also need to be aware of the added risks associated with running an eCommerce store in addition to fraud risks at physical, retail locations. Below, we’ll explain what synthetic identity fraud is, how it’s threatening retailers across multiple channels, and what can be done to combat this issue.
What Is Synthetic Identity Fraud?
Synthetic identity fraud occurs when someone combines both made-up and legitimate personally identifiable information (PII) to create an entirely new and false identity that does not already belong to one individual. This differs from traditional identity fraud, where a criminal takes on a victim’s full identity.
In other words, with synthetic fraud, the criminal may use someone’s actual Social Security number but pair it with a fake name, birth date, and home address.
There are many motives for synthetic fraud, though one of the main reasons criminals will engage in this is to shield their true identity so they can commit crimes for financial gain. All the while, the combination of both false and real PII makes it more difficult for officials to track them down.
The Rise of the Synthetic Shopper Problem
Under the umbrella of synthetic fraud, synthetic shoppers are a new phenomenon impacting retailers and ecommerce businesses.
These are virtual entities that fraudsters create to mimic the behaviors of actual customers of an online storefront. They typically use stolen or compromised credit card information from a victim to make purchases from the seller. Oftentimes, they will use tactics like creating multiple accounts or using a VPN to hide their location and evade detection.
In many cases, synthetic shoppers are difficult to detect because they appear as regular customers. However, some will exploit vulnerabilities in a site’s security and use automated bots to make a significant number of transactions within a short period of time.
Not every retailer will have robust anti-fraud detection measures in place at checkout, making it even easier for criminals to take advantage of their lax restrictions for their own financial gain. However, they can cause serious financial losses for retailers if they go unchecked, including through:
- Chargebacks: The synthetic shopper uses compromised credit card details to make an online purchase, though the legitimate cardholder may catch and dispute the unauthorized charge, resulting in a chargeback that the retailer will have to cover plus any fees
- Inventory Depletion: Fraudsters often target high-ticket items, causing the retailer to deplete large amounts of inventory without any payment in return
- Reputation Losses: The store’s reputation may become damaged if customers become aware that they have had issues with synthetic shopper fraud
- Legal Consequences: The retailer may face legal action or fines if they are unable to effectively combat synthetic shopper fraud that results in financial loss for their customers or financial institutions
Synthetic Shoppers Can Build Credit, Shop In-Store
Synthetic shoppers are also a risk in physical stores and retail locations. Armed with a synthetic identity document, bad actors pose specific threats to retailers. Synthetic shoppers can use their new, synthetic identity document, for instance, to return items to a store. The catch is that these bad actors never purchased the goods in the first place, and the items may even have been stolen. Detecting shoppers but digitally and in person is crucial for retailers.
Synthetic shoppers also hit retailers in other ways, including using their synthetic identities to open a line of credit or a retailer’s credit card. By using the fake, generative identity to build credit, bad actors are building a profile and credit over time. This long-term aspect of synthetic identity fraud means retailers could be hit with synthetic shoppers making large purchases or continuing to apply for lines of credit for years to come if they are not stopped.
How to Mitigate the Risk of Synthetic Shoppers
Unfortunately, online payment fraud in the eCommerce space is not set to decline any time soon. According to Juniper Research, cumulative losses from payment fraud are set to total over $343 billion globally between 2023 and 2027. As technology advances and helps fraudsters become more sophisticated with their tactics, online retailers will need to bolster their fraud detection and prevention measures accordingly.
The following are some of the methods that eCommerce stores can use to combat this issue.
Fraud Detection Systems
Online sellers can use fraud detection systems that leverage machine learning algorithms to help them determine normal patterns of shopper behavior. In turn, they’ll be better equipped to recognize anomalies and block suspicious transactions.
This might include recognizing the time of day when most shoppers make purchases, the average order value, log-in attempts, and other pieces of information that can help identify common characteristics and behaviors of most shoppers.
Biometric Verification
Another way online retailers can mitigate the risk of synthetic shoppers is through biometric verification. This means eCommerce stores implement identity verification methods for shoppers based on their unique biometric traits, including facial recognition, iris or retina scanning, fingerprint scanning, or voice recognition.
Biometric verification strengthens a system’s security because unlike passwords, credit card information, or other credentials that can be easily compromised and copied, biometric traits like the unique geometry of a person’s face or their fingerprints are nearly impossible to replicate accurately. This way, retailers can verify that the person making the transaction is who they say they are and aren’t using a stolen identity to make fraudulent online purchases.
CAPTCHA Challenges
To combat synthetic shoppers using bots, online stores can implement a CAPTCHA or ReCAPTCHA challenge during the checkout process to ensure they’re only selling to humans. As a result, automated bots will be unable to complete the challenge and blocked from completing the transaction.
Continuous Monitoring
In general, online sellers need to be aware of the risk of synthetic shoppers and continuously monitor their systems for signs of suspicious shopping behavior. This might include setting up alerts for abnormal activity or regularly reviewing transaction history to search for anomalies.
Some of the red flags retailers might want to look out for include inconsistencies in shipping addresses, frequent changes in payment methods, unusual IP addresses, and other data points that could suggest the shopper account is linked to fraudulent activity.
Final Thoughts on Synthetic Shopper Fraud
Retailers can tap into a global customer base and grow their business by selling online. However, they also must navigate the added cybersecurity risks associated with this channel, including synthetic shopper fraud.
These criminals can have a significant impact on an eCommerce seller’s bottom line and long-term success, so it’s important that retailers take a multi-layered approach to reduce risk and protect their business from fraud and exploitation.
*** This is a Security Bloggers Network syndicated blog from AuthenticID authored by Sarah Hunter-Lascoskie. Read the original post at: https://www.authenticid.com/fraud-prevention/synthetic-identities-synthetic-shoppers-and-the-impact-on-ecommerce-retail/