How do you solve a problem like omnichannel fraud?

Adam Roberts, Ingenico Group: For retailers, the strategy should be to maximise revenue by accepting as many good orders as possible, stopping fraud, and preventing the data losses that enable multiple further frauds

Many years ago, long before I had anything to do with payments or retail, I worked on several programmes to deliver comprehensive security protection to civil and military nuclear facilities. While it probably sounds cooler than it was (ISO regulations for security fencing are truly fascinating), I did learn a great deal about the nature of threats in complex environments.

In order to be effective, you need to examine the entire system: the physical, the digital, the human, emerging threats and ones you thought had been dealt with. When you start to stress-test these kinds of environments – cue the Mission: Impossible soundtrack – you often find that the successful threat vector isn’t the most sophisticated, it’s the open bathroom window that someone forgot to close.

In our industry, the past few years have seen more attention given to new threats targeting omnichannel commerce. In many ways, it’s a similar scenario: multiple threat vectors against each channel and a truly comprehensive approach required to address the overall threat (including instore). However, there are a couple of key differences.

On the High Street, Europay, Mastercard and Visa (EMV) standards have been deployed for well over a decade. And, as Point-to-Point Encryption (P2PE) solutions continue to supplant End-to-End Encryption (E2EE), the traditional bricks-and-mortar retail estate appears to be well protected. Unfortunately, the real picture isn’t so rosy. Fraud losses on instore purchases in the UK increased by 13% in 2018 to GBP 69.8 million. Not to mention the amount of illegally procured sensitive account and personally identifiable information taken from the High Street and sold on the Dark Web. It’s hard to quantify the exact size, but we know it’s significant.

Therefore, any security strategy needs to secure the bricks-and-mortar windows, so to speak, as well as emerging channels. I’ve read detailed security strategies formed around Big Data harvesting, Expert Systems, Geo-matching of order-payment-collection attributes, persona and product profiling, among others, and a trend is emerging. The increase in the number and complexity of channels has resulted in an increase in the number of threat vectors. And while the budgets dedicated to preventing these losses are increasing, they’re being spread very thin to deal with these multiplying fraud vectors.

Where should omnichannel counter-fraud efforts be focused?

The nature of omnichannel often means there are multiple partners in the value chain, which, when coupled with inevitable organisational silos, means that fraud detection engines and analysts can struggle to see the full picture. Aggregating data points from multiple touchpoints is a challenge, but it should be the number one priority.

The second focus should be the customer demand for rapid fulfillment. Click-and-collect or click-for-delivery purchases are, by their nature, immediate, and put increasing pressure on fraud detection systems. Third, the increase in the number of payment options. Mobile wallets, eGift cards and emerging mobile payment systems can accelerate the speed of fraud attacks. And lastly, the constantly evolving fraud tactics across multiple channel combinations. More than 90% of retailers support multiple purchasing channels, yet only 46% use fraud management solutions across all channels.

So what is a comprehensive approach for fighting fraud in an omnichannel world?

The strategy for retailers is to maximise profits by balancing sales, expenses, and loses. Our goal shouldn’t be to eliminate fraud. Rather, the strategy should be to maximise revenue by accepting as many good orders you can, stopping as much fraud as possible, and preventing the data losses that enable multiple further frauds.

For omnichannel retailers, you should set targets for key fraud performance metrics on each channel. For example, you may choose to pursue different decline and chargeback rates for online, click-and-collect, click-for-delivery and instore transactions. Like any security solution, there are three key factors to creating a comprehensive strategy: data-driven insight, the right security layers, and the right people.

The adage that quantity has a quality all of its own is apt here. Merchants need to engage as large a data network as possible. More data provides the ability to better assess risk. Also, working with a processor-agnostic fraud solution allows for more transactions and data characteristics to inform decision criteria. Quality matters when it comes to data – accurate data points such as device ID, geolocation, IP address, and proxy use facilitate precise risk assessments. The ability to manage Big Data sets in real-time is crucial in deterring rapidly changing fraud attacks.

Next up is ensuring that a solution has multiple layers. My anecdote on security fences is apt here – the answer to a breach is rarely to build a bigger fence, it’s to implement additional, different types of security. In the world of payments fraud, criminals and bots can easily circumvent single-factor tools. The more prevention, detection and protection technologies employed, the more difficult it is for fraudsters to identify how their attacks are being thwarted.

Last, but not least, is acknowledging that criminals are organised, strategic human adversaries. Matching their capabilities with a team of suitably qualified and experienced professionals is essential to counter their ever-changing tactics and rapidly evolving technologies.

So where does that leave merchants? Think holistically. Think layers, insight and informed people. And close that bathroom window.

About Adam Roberts

Adam Roberts is Head of Marketing Communications, EMEA at Ingenico Group. Adam has 15 years of marketing experience across a high range of complex, high technology industries, including Defence & Intelligence, Energy, Software, and Finance & Payments. Prior to joining Ingenico Group he worked for SAS, Thales & Babcock, as well as a range of technology startups. He holds Masters degrees in Marketing and Politics & Philosophy.

About Ingenico Group

Ingenico Group (Euronext: FR0000125346 – ING) is the global leader in seamless payment, providing smart, trusted and secure solutions to empower commerce across all channels, in-store, online and mobile. With the world’s largest payment acceptance network, we deliver secure payment solutions with a local, national and international scope. Our solutions enable merchants to simplify payment and deliver their brand promise.