With the occurrence of ecommerce fraud showing no sign of slowing, increasing numbers of retailers are coming to the realisation that a new approach to security is required.
It’s a big problem to tackle. According to industry estimates, the cost to retailers of ecommerce fraud is forecast to amount to $US 362 billion between 2023 and 2028. Over that time, the cost to resolve just $1 of fraudulent activity is estimated to rise to $3.75.
Increasingly, retailers are understanding that effective fraud protection must begin much earlier than the ‘buy now’ button on a retailer’s website. They must also tackle the challenge of identity fraud that makes up a portion of most crimes.
Indeed, according to new research, 76% of decision makers view identity fraud as their highest priority when it comes to fraud prevention.
Identity protection is key
Protecting customer identities is vital because their misuse can be the underlying cause of many cases of retail fraud. These misuses can occur in a range of different ways.
One is account takeover. This is when a cybercriminal steals the credentials of a legitimate customer and uses them to carry out fraudulent transactions. Retails should strive to have in place mechanisms that can detect an account takeover at the point of log in. This could be achieved by using multi-factor authentication (MFA) which significantly increases the level of protection.
Another tactic used by cybercriminals is new account fraud. In these cases, a cybercriminal may create a new account on a retailer’s website, but then let it sit quietly for a while. Once initial inspection of the account has been completed, it can then be easier for the criminal to use it to make fraudulent transactions.
A third tactic involves automating the entire process through the use of bots. The bots can pretend to be new customers and set up large volumes of new accounts. To counter this, retailers need to have the capability to monitor the account creation process and identify any that look suspicious.
It’s clear that monitoring customers throughout their interaction with the retail website makes it much more likely that fraudulent activity will be spotted and terminated before a transaction has been completed.
Prevention should be invisible to real customers
Rather than being a hindrance or burden for legitimate customers, fraud prevention techniques should actually be invisible. This can start by simply identifying and blocking known attack vectors.
Meanwhile, access should be made easy for low-risk users while suspicious users should be challenged and rejected. Indeed, when undertaken properly, fraud prevention can actually enhance the user experience for legitimate customers.
One way to achieve this through keeping users logged into a retailer’s website for an extended period. Rather than requiring them to enter credentials at the start of each visit, the sessions can be extended to weeks. Months, or even years. This makes shopping much easier and encourages loyalty.
The customer experience can also be enhanced at the point of checkout. This will result in much lower rates of shopping cart abandonment and encourage new customers who may have been shopping in ‘guest’ mode to actually sign up for a new account.
Lowering incidents of fraud
By taking a more holistic approach to identity protection and online activity, retailers have the best chance of lowering the number of fraudulent incidents that take place. The key activities are:
- Stopping fraud early:
By shifting focus from monitoring the checkout, fraudsters can be identified well before they even see the ‘buy now’ button. - Simplifying the checkout process:
By changing the way customers are identified, the checkout process can be made much simpler to use. This will increase the likelihood that customers will return. - Delivering a better overall experience:
By having effective prevention measures in place, the overall customer experience across a retailer’s site can be significantly improved. This is likely to result in improved customer loyalty and higher sales volumes.
By undertaking this strategy, retailers will be in a much stronger position to identify and neutralise fraud attempts while also enhancing the experience for legitimate customers. The result will be higher revenues and increased customer loyalty.
Ashley Diffey is vice president of Australia and New Zealand at Ping Identity.