The pandemic has forced shoppers to dramatically alter their behaviour. In no sector is this more obvious than in food shopping.
Grocers have experienced huge demand for online shopping in the last twelve months. According to Nielsen IQ, 41 per cent of UK households used online supermarkets at least once in February this year, more than double the number in early 2020. Many consumers will have switched to online deliveries in the last 12 months due to safety concerns relating to Covid-19, but several will have found it more convenient and are likely to stick with it even once the pandemic is over.
Alongside this meteoric rise in popularity, there has also been an increase in online fraud. MOs we witnessed vary from carding, where fraudsters place low amount orders in supermarket websites to test out the validity of credit card details, to more sophisticated fraud schemes targeting customer accounts directly. The later method is especially attractive to criminals because of customer benefit schemes such as loyalty points, which can be easily spent on purchasing products, and are less likely to raise fraud concerns compared to card payments.
In fact, our research has easily found multiple lists of stolen login details for supermarket accounts from large supermarket chains available for purchase on the dark web.
There are two main ways that fraudsters gain access to these login details. There is “credential stuffing” where hackers use bots to mass test login details leaked in data breaches. They’ll test the login details across multiple sites, and when they find credentials that actually work – they’ll then sell these details on the dark web.
Another way that hackers access these details are “phishing scams”, in which fraudsters target individuals and trick them into sharing confidential details. According to HMRC, there was a 74 per cent increase in phishing scams between January and June last year.
One of the reasons that this kind of fraud has become more common in recent months due to the pandemic is the switch to curbside delivery and the changes in Buy Online, Pick Up in Store (BOPIS). This was previously considered very safe, however, due to the introduction of restrictions that have led to policy changes such picking up while social distancing and short verification time, is also being capitalised on by fraudsters.
Generally, other than proof of purchase such as an order number or email receipt, both of which criminals can obtain if they have taken over a customer’s account, ID and signature upon receival is rarely requested. With consumer behavior heavily changing due to the new reality, relying on behavioral analysis to detect fraud is no longer as effective.
The surge in online orders has put high pressure on merchants’ manual review teams. As ‘instant’ has become king, and fraudsters have perfected their craft by using sophisticated fraud MOs, manual review teams have to find the right balance between approving orders quickly, maintaining a frictionless customer experience and screening out fraud. This has led to an overcautious approach by merchants. For instance, supermarkets can cancel orders if they believe they are fraudulent. But cancelling legitimate orders will frustrate customers, who can easily take their business elsewhere, as another store is only a webpage away, rather than the other side of town.
So, what should merchants do? First, know what goods are being targeted. Currently, pharmaceuticals and liquor are common targets, as they are non-perishable and easier to resell. However, these trends change over time, so what’s more important is being aware of the categories that are typically prone to fraud. Second, it is crucial to try and identify customers by connecting digital accounts to their physical owners.
Supermarkets are under immense pressure. Online orders come in thick and fast, and customers expect their orders to be fulfilled quickly. There is no time to manually check every order for fraud, or at least they cannot do it on their own. Many merchants are now partnering with fraud prevention providers who track these evolving trends.
As shopping has gone online, so too has shoplifting. Today’s supermarkets need to adapt and defend against these modern-day threats.