3D Secure 2, Strong Customer Authentication, risk Management, Fraud management, payment optimization

Merchants Need to Be a Mastermind in Today’s Ecommerce World

Merchants are facing many challenges in 2020, which are stretching the mind in different directions. Many e-commerce merchants are overwhelmed with the current situation and many topics, such as payment optimization, PSD2, SCA, and fraud management, link to one another.

The COVID-19 situation has hit many e-commerce merchants hard without any preparations. Today, in the US and Europe, many traditional retailers are still heavily relying on retails stores. From one day to the next, stores were closing, and the main revenue channel got shut down.
This situation forced retailers to the eCommerce channel and not everybody was ready for this change. Today we see many retailers without a dedicated e-commerce team who is looking at the checkout experience, payment topics, PSD2, and fraud prevention. Now, you can imagine the challenge for these companies to become an online first organization. We have seen a range of fraud topics which e-commerce companies are facing right now:

Accelerated refund fraud

Refund fraud is not new but it gets more professional and therefore more accessible for a broader audience. Today, professional refunders are offering their services via specific social media channels where they provide step by steps instructions. Once the customer received the item, the professional refunder will provide the full documentation which is needed for the refund. The professional refunder knows the process and guideline from the relevant merchants for refunds.

Therefore, the customer will pay, for a successful refund, a commission to the professional refunder.

Refund fraud comes in several types and fraudsters become very creative:

• did not receive item;

• empty box arrived;

• partially delivered;

• return empty box.

The advice would be to:

• start to capture all relevant data about your refunds;

• remember, often refund information is not captured or not connected to your payment and fraud data;

• include your customer service information with your fraud review.

Social engineering

This is impacting customers and merchants in different dimensions and, without the right data and tools, it is not easy to detect. Phishing attacks are an increasing fraud trend, especially spear-phishing emails, and this is revealed in statistics provided by industry reports such as APWG’s Phishing Activity Trends Report and Symantec’s Internet Security Threat Report. As well, according to Kaspersky’s spam and phishing report for the second quarter, the overall number of phishing attacks in the quarter reached nearly

130 million. The goal of the phishing attacks is to get access to customer accounts or capturing customer data that are used by the fraudster to purchase items at the ecommerce retailer. The unexperienced ecommerce retailer will not see a difference between a normal account and a compromised one. Many retailers might use a legacy white list which will offset many fraud rules.

 The advice here is to:

• capture data about your account creation, account login, and account changes;

• don’t use stand-alone white list rules which can be easily used to exploit your fraud solution;

• stay up to date about new trends in the industry to review your processes, policies, and tools.

PSD2-SCA is not over

With the upcoming enforcement data for many countries in Europe (1 January 2021), there are still some merchants that have shown limited knowledge about PSD2, and some are not fully paying attention to the real business impact of this topic. PSD2 and the related SCA requirements have been on the radar for a long time but deadline postponements, new local regulator plans (such as the introduction of soft declines) are pressing the nerve of the merchants and the ecosystem.

Right now, all merchants need to make sure that PSD2-SCA is correctly implemented. We see the most important aspects in:

• requesting 3DS authentication according to the merchant use cases;

• ensuring the right data are sent to increase the possibilities of Issuers Risk-Based Authentication;

• monitoring performances and have a 2021 PSD2 strategy (exemptions, 3DS 2.2, delegated authentication etc.).

On one side, merchants are heavily dependent on their payment providers and how these PSPs implemented different acquirers. Many parties do support only basic features related to 3DS2 but are not leveraging the full potential of PSD2 to reduce customer friction.

The advice here is to:

• have a dedicated person managing PSD2-SCA in all aspects;

• implementation, update from the schemes and regulator, payment provider communication and data review.

Take a look to our SCA Starter guide for more advices about 3D Secure 2 and PSD2.

Payment provider melting down

In the summer of 2020, Wirecard filed for insolvency and many merchants realised a massive dependency on one payment provider. Not every merchant has the luxury to run a multi-payment provider setup to mitigate such risk. Besides this situation, a multi-payment provider setup can provide you leverage for better authorisation rate and a better situation when it comes to negotiating your contracts.

The advice here is to:

• review your current payment provider setup and understand the dependencies which you are facing;

• build or buy discussion on how to connect to multiple payment providers: using a payment hub or building your own.

Overall, in Q4 2020 ecommerce merchants have a long list of topics to deal with and in 2021 they will face further challenges.


This article was originally published by Ronald Praetsch & About-Fraud as part of The Paypers Fraud Prevention in Ecommerce Report 2020/2021.

About-Fraud is a Global Community for fraud fighters. The community was born from an industry need for unbiased, educational fraud prevention resources. About-Fraud filled that gap with a platform that connects fraud fighters with the information they need to understand the technology and trends, grow their career, and stop fraud.