Transcription
Global fraud andpayments report2022
Report contents0304DisclaimerOverview33605Executive summary08Survey frmographics09Business impact of fraud: key fndings71214Range of fraud attacks: key fndings19Fraud prevention: key 17fndings22Payment acceptance and partners:20key fndings27Payment management:key fndings2532About the authors33Appendix 1 - conversion and acceptancerates by payment method343031Appendix 2 - questions asked inthe survey32Global Fraud and Payments Survey Report 20222
DisclaimerCase studies, comparisons, statistics, research, andrecommendations are provided “AS IS” and intended forinformational purposes only and should not be relied upon foroperational, marketing, legal, technical, tax, fnancial or otheradvice. Visa Inc. neither makes any warranty or representationas to the completeness or accuracy of the information withinthis document, nor assumes any liability or responsibility thatmay result from reliance on such information. The Informationcontained herein is not intended as investment or legal advice,and readers are encouraged to seek the advice of a competentprofessional where such advice is required.Studies, survey results, research, recommendations, andopportunity assessments are provided for informationalpurposes only and should not be relied upon for marketing,legal, regulatory, or other advice. Recommendations andopportunities should be independently evaluated consideringyour specifc business needs and any applicable laws andregulations. Cybersource is not responsible for your use of anystudies, survey results, research, recommendations, opportunityassessments, or other information, including errors of any kind,or any assumptions or conclusions you might draw from their use.Except where statistically signifcant differences are specifcallynoted, survey results should be considered directional only.Neither Cybersource, nor any of its employees, subsidiaries,parents, or affliates make any warranty, express or implied, orassumes any legal liability or responsibility for the accuracy,completeness, or usefulness of any information disclosed herein.Global Fraud and Payments Survey Report 20223
OverviewCybersource, the Merchant Risk Council (MRC), and Verifare pleased to present the results of the 2022 Global Fraudand Payments Survey, a report that conveys transparentand unbiased research. This report is based on a survey ofmerchants from around the globe, who were asked abouttheir eCommerce fraud and payments practices. The surveysample included a diverse mix of small businesses (SMBs), midmarket and enterprise merchants, representing organizationsbased throughout the North American, European, Asia-Pacifc(APAC) and Latin American (LATAM) regions. The research wasconducted in November and December of 2021.The survey results provide the merchant community with thelatest industry fraud data and fraud management methodsused by their peers, along with a robust set of performancebenchmarks that merchants can use to help optimize theirfraud management and prevention practices. In addition, thesurvey delves into today’s rapidly changing payments landscapeto examine the range of different payment acceptance,management and partnership practices merchants aredeploying, globally and across key subsegments, as well as thereasons why they are adopting these payment strategies andtactics in the current commercial environment.Cybersource would like to thank the participants for taking thetime to complete the online survey, the MRC and Verif for theircontinued partnership, and B2B International for directing theprogram and providing the analysis.Global Fraud and Payments Survey Report 20224
Executive summaryThe key fndings from the 2022 Fraud and Payments survey areorganized into fve focus areas. Each area covers a centralquestion integral to understanding the state of eCommercefraud and payments from the merchant perspective.The frst three focus areas cover questions related toeCommerce fraud, specifcally:01What effect is fraud having on merchantbusinesses today?02What types of fraud attacks are merchantsexperiencing?03What strategic and tactical approaches aremerchants using to prevent and manage fraud?0103The fnal two focus areas delve into questions related toeCommerce payments, specifcally:04What practices and partners are merchants usingto accept eCommerce payments?05How are merchants optimizing payment processesand platforms?Global Fraud and Payments Survey Report 20225
The key, high-level insights from each of the fve focus areas are summarized below:1. Business impacts of fraud – what are theeffects of fraud?Globally, fraud costs and KPIs all increased (or worsened) for a second consecutive year,yet most merchants did not increase the share of revenue they spend to manage fraud.Merchants in North America were the only segment to increase fraud managementspending, likely due, in part, to the signifcant upticks they registered in costs and KPIs.Most merchants still seek to reduce dependency on manual order review, and thisaim may now be translating to action, given slight decreases this year in the shareof orders manually reviewed and the share of reviewed orders that are ultimatelyrejected.Merchants generally feel well-prepared for the revised Payment Services Directive,specifcally related to the implementation of Strong Customer Authentication (knownas PSD2 SCA) and for the implementation of EMV 3DS – new requirements beingimplemented in European Economic Area (EEA) that will collectively bolster anti-fraudpostures. It’s worth noting that all EEA markets have now reached full SCA enforcement.2. Range of fraud attacks – where aremerchants most vulnerable?Phishing / pharming, card testing, identity theft, and frst-party misuse remain the mostprevalent fraud attacks, each affecting more than 3 in 10 merchants globally.Globally, on average, merchants believe 16% of fraudulent disputes should be attributedto frst-party misuse (or “friendly fraud”), with the majority of disputed transactionsa result of issues with cardholders aiming to obtain free goods, confusion abouttransaction descriptors, or issuers incorrectly fling disputed transactions as fraud. Insome regions and sectors, merchant estimates for this fgure ranged as high as 1 in 5.9-in-10 merchants have experienced at least one fraud management challenge andmerchants are struggling to overcome three challenges, on average. The most pervasiveand impactful challenges are identifying & responding to fraud attacks, changingbusiness models because of COVID, & expanding into new sales channelsGlobal Fraud and Payments Survey Report 20226
3. Fraud prevention strategies –How are merchants addressing the issueof eCommerce fraud?The top priority driving fraud management strategies changed over the past year:More merchants now prioritize reducing fraud and chargebacks as their primaryimperative, versus optimizing the customer experience, which was the main goal formost in 2021. In part, this strategic shift may be driven by rising fraud costs and KPIs.At the tactical level, merchants report using an average of four fraud detection tools andservices, in total. Payment card and identity verifcation services, along with 3D-Secureand two-factor phone authentication, are the most widely used tools.4. Payment acceptance and partners –how are merchants being paid?Most eCommerce merchants accept payments via digital wallets, direct debit, paymentcards, and mCommerce mobile payments. The vast majority (nearly 9 in 10) encouragecustomers to pay via preferred methods, mainly to minimize risk of payment fraud.Third-party payments, buy now pay later (BNPL), digital wallet, and mobile paymentsare the fastest growing payment methods; most merchants who accept these addedthem in the past year. Improving the customer experience is the top reason merchantsadd new methods, but reaching new customer segments and markets, as well as “goingmobile,” are important drivers too. Similar motivations also drive most to sell goods onthird-party marketplaces.Merchants leverage multiple payment processors and acquiring banks to supportomnichannel payments. Maximizing fexibility, geographic coverage, uptime, andauthorizations represent merchants’ main motivations for utilizing multiple acquirers.5. Payment management – How are merchantsoptimizing processes and platforms?Merchants are experimenting with a diverse range of novel retail approaches, such as buynow pay later (or BNPL) and buy online pickup in store (BOPIS), as well as new customerexperiences to facilitate payments, like AI chatbots and face-to-pay technologies. But all ofthese have yet to be widely adopted. APAC, LATAM, mid-market, and enterprise merchants,are more likely to be early adopters of these new approaches and experiences.On average, merchants use 2 to 3 different approaches or techniques to optimize paymentauthorization. EMV 3DS, intelligent routing, machine learning and automated retries aremost common. Most use third-party data in association with each technique.Most merchants focus on 3 to 4 payment management KPIs, with payment success rate,revenue, & cost of payments comprising the top three KPIs for merchants globally.Global Fraud and Payments Survey Report 20227
Survey frmographicsThe survey was felded in November and December of 2021. A total of 1,060 merchants involved in eCommerce fraud and paymentmanagement participated in the research. The sample includes merchants based in four major geographic regions, with broadrepresentation across all size tiers, sales channels and categories. The breakdown of the total merchant sample across keyfrmographics is depicted in the charts below.RegionCompany size(annual eCommerce revenue)16%38%41%17%37%25%25%North AmericaEuropeSMB ( 50k to 5mn)APACLATAMEnterprise ( 50mn )Figure 1Mid-Market ( 5mnto 50mn)Figure 2Industry vertical25%6%60%9%Physical Goods& RetailTravel & TourismDigital Goods& EntertainmentOther Products & ServicesFigure 3Global Fraud and Payments Survey Report 20228
1. Business impactof fraud:key fndingsThe frst section of this report focuses on how eCommerce fraud is affecting merchants, how fraud management KPIs andinvestments have changed over the past year, and where merchants have been successful in thwarting fraud attacks and mitigatingharmful impacts. In addition, this section delves into the topic of manual order review to shed light on how integral this process is tomerchant fraud management strategies, now and in the future. Lastly, this section examines merchant readiness to support PSD2SCA and EMV 3DS.Fraud costs and KPIs continue to riseFor the second year in a row, merchants reported across-the-board increases in multiple key indicators that measure the extentto which fraud is impacting eCommerce. From more revenue being lost to fraud to more eCommerce orders being rejected asfraudulent to increasing chargebacks and disputes, the average fgures merchants reported for every key indicator tracked in thesurvey increased over the past year globally, on average (see Figure 4).Table shows fraudmanagement KPIsBy Region 2022(Trimmed averages shownfor all KPIs)By Size 3.0(2.7)3.8(3.4)3.4(3.1)Order rejection rate fordomestic orders .9(3.7)3.6(3.3)Order rejection rate forinternational orders .7(6.2)6.0(5.5)% of domestic eCommerceorders that turned out tobe 6(2.3)3.7(3.0)3.1(2.7)% of international eCommerceorders that turned out tobe 0(2.7)3.8(3.1)3.3(3.2)% of eCommerce orders that ledto .6(2.4)3.7(3.0)3.3(2.9)20212022% of eCommerce revenue lost topayment fraud globally3.1% of eCommerce revenue lostto payment fraud from domesticorders Sig. Lower vs 2021 Sig. Higher vs 2021(% 2021 fgures)Global Fraud and Payments Survey Report 2022(% 2021 fgures)Figure 49
While the impacts of fraud have generally intensifed worldwide, merchants in North America were hit particularly hard over the pastyear, reporting larger upticks in most fraud KPIs compared to those operating in other regions. On the other hand, merchants basedin APAC saw signifcant declines in most fraud KPIs tracked by the survey, bringing their averages more in line with merchants in otherregions, when compared to last year.Mid-market merchants reported signifcant spikes across most fraud KPIs. The average values reported by mid-market merchantson every metric now exceed those of eCommerce businesses on the SMB and enterprise ends of the size spectrum. These midsizeorganizations may have disproportionate impacts from eCommerce fraud, as they are large enough to be appealing targets forfraudsters but have smaller budgets and fewer personnel, tools and resources to utilize for fraud prevention.Fraud management spending stays fatDespite rising fraud KPIs and revenue losses over the past year, merchants generally continue to spend the same amount on fraudmanagement (as a share of total revenue). Globally, merchants spend an average of 10% of their eCommerce revenues to managepayment fraud – the same percentage recorded in 2021 (see Figure 5). While spend among most merchant segments remainedconsistent, North American merchants doubled the average share of revenue they allocate to fraud management, from 5% last yearto 10% this year. APAC-based merchants reduced spend slightly, bringing their outlay more in line with merchants inother regions.% of annual ecommerce revenue spent to manage payment fraudOverall2021202210%10%30% of merchants “Don’t know”or “Do not track this metric”25% of merchants “Don’t know”Or “Do not track this metric”2022 – by key breaksRegion:10%( 5%)NorthAmerica6%Europe9% iseNote: Trimmed medians shown for all cost estimates.(Parentheses show noteworthy trends compared to 2021; greentext indicates an increase & red text indicates a decline)Global Fraud and Payments Survey Report 2022Figure 510
Most still aiming, and more now acting, to reduce manual order reviewWhen it comes to the role of manual order review in merchant fraud management strategies, 60% seek to reduce their reliance onthis process or eliminate it entirely. European merchants and SMBs are signifcantly more likely to lean in this direction, with aroundone-in-fve looking to eliminate manual review. Merchants based in APAC and at the enterprise level skew more towards retaining itas a core part of their fraud management strategy (see Figure 6).Role of manual review in future fraud management strategyRemain a core part ofthe strategyWill only review for businessspecifc policies*Will always have it, butwant to reduce itPlan toeliminate it60% of 6%20%9%43%(*policies include the likes of 1 PS5 per customer, only ship to certain countries, etc.)Global Fraud and Payments Survey Report 202210%Figure 611
There is some indication merchants are acting on their aim to reduce manual review, given that the share of orders manuallyscreened and the share of screened orders that were subsequently declined due to suspicion of fraud, both decreased across allregion and size segments over the past year (see Figure 7).% of orders manually reviewed & subsequently declinedGlobal results20%18%17% of orders12% of orders3%2%2021202225% of merchants “Don’t know” or “Donot conduct manual review”24% of merchants “Don’t know” or“Do not conduct manual review”% of manually reviewed orders that are declined2022 – By key breaksRegion:12%10%NorthAmericaEurope12% rentheses show noteworthy declines compared to 2021)14%EnterpriseFigure 7Most well-prepared for PSD2 SCA and EMV 3DS to support Strong Customer AuthenticationMerchants are well-prepared to support the Second Payment Services Directive (PSD2) compliance and technical requirementsfor Strong Customer Authentication (SCA), as well as industrywide implementation of EMV 3DS. Around 6 in 10 feel “very” or“extremely” prepared for both, versus 1 in 10 saying their organization is “not prepared” (see Figure 8).Global Fraud and Payments Survey Report 202212
Merchant preparedness for PSD2 SCA & EMV 3DSPSD2/SCAVeryprepared28%EMV I am not familiarenough to say38%23%7%4%Top 3 box (somewhat, very, or extremely prepared): 89%34%24%9%7%Top 3 box (somewhat, very, or extremely prepared): 83%2022 – by key breaksPSD2 SCA: % feeling somewhat, very, orextremely preparedEMV 3DS: % feeling somewhat, very, orextremely prepared97% 94%87%88% ATAM95% 92%97% 95%Mid-marketEnterprise66%SMBFigure 8The consensus around preparedness for the enforcement of PSD2 SCA and/or the implementation of EMV 3DS is encouraging.Most merchants globally expect the directive and/or the Three-Domain Secure messaging protocol to have a major impact ontheir organization. This is especially the case for merchants based in the APAC and LATAM regions, for mid-market and enterprisemerchants.Global Fraud and Payments Survey Report 202213
2. Range of fraudattacks:key fndingsThis section of the report focuses on the types of fraud attacks eCommerce merchants are experiencing, globally and withinspecifc regions and size segments. In addition, this section discusses the top fraud-related challenges merchants are struggling toovercome and how they have shifted and evolved since the publication of the 2021 report.Top Fraud Attacks Remain ConsistentThe four most prevalent forms of fraud faced by merchants remained consistent over the past year, as did their general incidencerates, in terms of the proportions of merchants who reported experiencing each of them. These top four fraud attacks are phishing /pharming / whaling, card testing, identity theft, and frst-party misuse (also known as “friendly fraud”), and they all continue to impactaround one-third of merchants, globally. That these fraud attacks aren’t experienced in isolation and are generally interrelated isa likely cause behind the prevalence of these most common attacks. Out of the top four, only frst-party misuse has seen a slightdecline in reported incidence, as it impacted 32% of merchants in this year’s survey, compared to 39% in 2021 (see Figure 9).Type of fraud attacks experiencedGlobal % experiencing (2022)35%Phishing / pharming / whalingCard testing34%33%Identity theftFirst-Party Misuse (i.e., friendly32%fraud / chargeback fraud)27%Account takeoverLoyalty fraud25%Coupon / discount / refund abuse25%23%Affliate fraudBotnets17%Triangulation schemesRe-shipping16%15%Money laundering14%AVG. # of attacks experienced3Figure 9Global Fraud and Payments Survey Report 202214
The top attacks reported by region and size also remained largely consistent with those in 2021, (as illustrated in fgure 10, below),although there were signifcant shifts in incidence rates among certain segments. For instance, while card testing and frst-partymisuse are still the two most common fraud attacks reported by merchants in North America, the share of merchants citing each ofthese declined signifcantly. The same is true of incidence rates for loyalty fraud and coupon / discount / refund abuse among APACmerchants and of those for frst-party misuse in the LATAM region. On the other hand, incidence rates for the top three attacks rosesignifcantly among merchants based in Europe, as did the rate for identity theft in LATAM (see Figure 10).Top fraud attacksexperienced by regionTop fraud attacksexperienced by company sizeNorth iscount/Refund countTakeoverLoyaltyFraudCoupon/Discount/Refund irst-PartyMisuse Sig. Lower incidence vs. 2021 Sig. Higher incidence vs. 2021Figure 10First-party misuse represents sizable share of fraud attacksFirst-party misuse, also referred to as “friendly fraud” or chargeback fraud, is believed by merchants to account for a sizable shareof all fraud attacks or attempts (impacting around a third of merchants, as shown in the previous section of this report). Globally,merchants believe 16% of fraudulent disputes should be attributed to frst-party misuse, and merchants state that most disputedtransactions are the result of cardholders aiming to obtain free goods, confusion about transaction descriptors, or card issuersincorrectly processing general cardholder disputes as fraud (likely due, in part, to incentives issuers have to resolve disputesquickly). (see Figure 11 and Figure 12)Global Fraud and Payments Survey Report 202215
% of disputes that should be attributed to frst-party misuse16%of fraudulent disputesshould be attributed tofrst-party misuse20% in North America9% in APACExtent to which issuers incorrectly fle disputed transactions as fraudVery relyDon’t know37%9%6%47% of merchants indicate issuers regularly/ frequently incorrectly fle transactions asfraud. This is particularly the case amongAPAC merchants (61%).Figure 11Common types of frst-party misuse (drivers for submitting disputes)Attempt to obtain free goods or services61%Transaction or descriptor confusion53%Family fraud46%Attempt to return goods outside of merchant’s return period44%Buyer’s remorseQuality of goods not as expected35%30%Figure 12Key fraud challenges stay consistent in prevalence but shift in severityMerchants must effectively prevent and mitigate fraud attacks while also grappling with a range of broader business challengesrelated to, and impacted by, fraud. The results of last year’s fraud study illustrated both the relative incidence and severity of thesefraud-related challenges, which were all tracked again in this year’s survey.The 2022 study makes clear the share of merchants facing each of these fraud-related challenges – or their respective incidencerates – has stayed remarkably consistent, year-on-year. The largest share of merchants are struggling to identify and respond toemerging fraud attacks, while also confronting the challenge of keeping up to date with payment regulations or rule changes bypayment partners, and changing business models quickly due to the impact of the COVID-19 pandemic (see Figure 13).Once again, mid-market and enterprise merchants remain far more likely to face many of these challenges, compared to SMBs.Global Fraud and Payments Survey Report 202216
Top fraud management challenges experienced in the past 12 months(% 2021 fgures)33%31%30%Identifying / responding toemerging fraud attacksKeeping up to date onregulations or rule changesby payment systems / cardnetworksChanging businessmodels quickly because ofCOVID-1929%28%27%Effectively using data tomanage fraudUpdating fraud risk models(e.g., score)Expanding into new saleschannelsSig. lower for SMBs (22%)Sig. lower for SMBs (21%)(31%)Sig. lower for SMBs (23%)(30%)(32%)(26%)(30%)(25%)Figure 13While the nature and prevalence of fraud-related challenges stayed fairly consistent, what did change over the past year was therelative severity or diffculty each challenge presented to the merchants facing it. Figure 14, below, indicates how both the incidenceand severity of each challenge has shifted, since 2021.Global Fraud and Payments Survey Report 202217
Severity (% rating very or extremely challenging)75%High incidence& severityLow incidence,high severityJ70%AFC65%HI60%EGDBK55%High incidence,low severityLow incidence& severity15%25%35%Incidence (% experiencing challenge in past 12 months)Bubbles in chart show positioning for 2021AIdentifying / responding to emerging fraud attacksGGaps in fraud tool functionalitiesBKeeping up to date on regulations or rulechanges by payment systemsHLack of suffcient internal resourcesCChanging business models quickly because of COVID-19(e.g., leading to unplanned attacks, managementchallenges)DEffectively using data to manage fraudEUpdating fraud risk models (e.g., score)FExpanding into new sales channelsILack of internal expertiseJManaging omnichannel fraudKInternational expansionBolded text labels above show challenges with increasing severityFigure 14The challenges of identifying and responding to emerging fraud attacks, updating fraud risk models, and effectively managing fraudwhile expanding into new sales channels have become markedly more diffcult for merchants to overcome. And while managingomnichannel fraud still has relatively low incidence compared to most other challenges, it remains an especially troublesome problemfor the merchants it impacts. On the other hand, merchants are generally fnding it less diffcult now to overcome the challenges ofstaying up to date on payment regulations and payment partner rule changes, as well as managing fraud effectively despite the lackof internal resources and / or expertise, when compared to last year.Global Fraud and Payments Survey Report 202218
3. Fraud preventionstrategies:key fndingsHaving discussed the impacts of eCommerce fraud on merchant businesses and the more prevalent and pernicious fraud attacksand challenges, the following section of insights examines how merchants are responding to prevent and mitigate fraud at both astrategic and tactical level.Strategic shift in fraud management prioritiesThe survey shows there has been a signifcant shift in the top priority driving merchants’ strategic approaches to fraud managementand prevention. Compared to 2021, signifcantly more merchants are now prioritizing “reducing fraud and chargebacks” and“minimizing fraud-related operational costs,” while signifcantly fewer are focused primarily on “improving the customer experience(or CX)” (see Figure 15). In part, this strategic shift may be driven by rising costs and KPIs associated with eCommerce fraud(as detailed in the frst section of this report). Alternatively, some merchants may have decided they’ve improved the customerexperience suffciently over the past year and can now focus a bit more intently on reducing fraud and chargebacks or reducingfraud-related costs, instead.Most important fraud management priorities(% merchants ranking each as #1 priority)Reducing fraud and chargebacks40%46%Improving the customer experienceMinimizing fraud-related operationalcosts50% Sig. Lower37% Sig. Higher11%202117%2022Figure 15Global Fraud and Payments Survey Report 202219
Most use multiple fraud prevention tools now and plan to add moreDigging into the tools used by merchants for fraud prevention, they currently use an average of four different tools and servicesto detect and thwart fraud attacks. Credit card and identity verifcation services, along with EMV 3DS and two-factor phoneauthentication, are the most widely used anti-fraud tools, each employed by around 35-40% of merchants, globally (see Figure 16).These, and other commonly used tools, such as geographic indicators and customer order histories, are also the tools most likely tobe adopted by more merchants in the future.Global %using tool (2022)Payment card verifcation services(e.g., AVS, CVN, etc.)41%39%Identity validation / verifcation services37%Two-factor phone authentication35%3-D Secure authentication31%Customer order history30%Geographic indicators and comparisons29%List management26%Device-based results25%Credit history checks23%Fraud scoring model – company specifcBiometric indicators22%Search engine results21%19%Multi-merchant purchase velocityOrder velocity monitoring18%Social networking sites18%AVG. # of tools used4Figure 16As in previous years, enterprise merchants continue to use a signifcantly larger array of fraud prevention tools than SMBs, and whilethe usage of tools has remained largely consistent, some specifc tools are increasingly adopted in certain markets (see Figure 17).Global Fraud and Payments Survey Report 202220
Top Fraud DetectionTools Used By RegionNorth AmericaEuropePayment cardverifcationservicesIdentityValidation /VerifcationIdentityValidation /VerifcationPayment cardVerifcationServices33DS dicators3DS auth./SafeKey5CustomerOrder History4.212Avg. # ofdetectiontools usedTop Fraud Detection Tools UsedBy Company SizeSMBMid-MarketEnterprisePayment cardVerifcationServicesPayment cardVerifcationServicesIdentityValidation actorAuthenticationIdentityValidation /VerifcationPayment cardVerifcationServicesIdentityValidation /VerifcationPayment cardVerifcationservicesIdentityValidation /VerifcationCredit HistoryChecksTwo-factorAuthentication3DS auth./SafeKey3DS auth./SafeKey3DS auth./SafeKeyCustomerOrder HistoryCustomerOrder HistoryIdentityValidation delBiometricIndicators3DS auth./SafeKey3DS auth./SafeKeyGeographicIndicatorsCustomerOrder History4.64.24.13.44.24.8 Sig. LowerTwo-factorAuthentication Sig. HigherFigure 17Increasing correlation between tool usage and effectivenessIn contrast to the trend refected by the 2021 survey, many of the most widely used tools today are also considered the mosteffective at detecting a
3. Fraud prevention strategies - How are merchants addressing the issue of eCommerce fraud? The top priority driving fraud management strategies changed over the past year: More merchants now prioritize reducing fraud and chargebacks as their primary imperative, versus optimizing the customer experience, which was the main goal for most in 2021.
