Even now, with most pandemic restrictions lifted, many shoppers won’t return to stores for purchases they once made in person, having become accustomed to the convenience of online shopping.
Fraudsters are taking advantage of this, and the cost of fraud continues to grow. The global cost of ecommerce payment fraud alone was USD 20 billion in 2021, an increase of over 14% year over year.
In the United States, consumers reported losing USD 5.8 billion to fraud in 2021, an increase of 70% year over year. While this concerning growth includes all types of fraud, ecommerce losses make up a portion of that number. And, of course, when it comes to ecommerce fraud, merchants are often the ones left responsible for the cost of resolution, making these trends very concerning.
Payment fraud is still the biggest pain point for most merchants, but it is far from the only type of attack that merchants need to defend against.
Fraudsters may take over accounts to steal PII or even loyalty points, which may be worth real, measurable money, as in the case of airline miles. They can abuse sign-up bonuses or affiliate rewards by deploying bots to create dozens of new accounts or simulate clicks and impressions. The fact is fraudsters can do a lot of damage long before they get to the ‘buy’ button – and the goal of merchants should be to spot and stop them before they get there. The good news is that detecting and mitigating fraudulent sessions earlier will also have the effect of reducing payment fraud.
Fraud decisioning tools allow fraud teams to set up automated, effective fraud mitigation. Within these tools, fraud teams can define the logic that determines the risk levels that will trigger mitigation and the types of mitigation measures that are appropriate for different types of situations. These tools can take multiple sources of fraud signals into account, leading to greater detection accuracy and more targeted mitigation.
Meanwhile, orchestration brings together a variety of tools to create user experiences that feel seamless and easy from the customer’s perspective, even when many systems are at work behind the scenes. Well-orchestrated customer journeys allow for many branching paths, with users sent down the appropriate one, based on their circumstances and characteristics. This includes paths reserved for suspicious users that can help greatly reduce fraud.
This is arguably orchestration’s greatest strength. Customer experience and fraud prevention can be inversely related, but with well-orchestrated customer journeys, this doesn’t have to be true. Orchestration can bring together the various tools used for fraud prevention and embed them more naturally within the user journey.
Based on the information coming in from fraud detection tools and the risk evaluation delivered by decisioning tools, a legitimate user with good intent can still have a frictionless experience and transact with ease, because only risky users experience the hurdles associated with extra security steps. Further, a merchant can present fraud controls earlier in the session when they are needed, instead of putting multiple security steps right before the checkout, when the likelihood of cart abandonment is higher.
The best approach involves multiple layers of protection deployed across the entire user session. Detection tools that look at user characteristics and behaviour can help get a clearer picture of user intent. Ultimately, examining more information will automatically lead to more accurate decisions. Merchants need to adopt a session-centric approach to fraud detection, analysing user behaviour from the moment the user first begins interacting with one of their digital properties, whether that user chooses to log in or to proceed as a guest.
Fraud decisioning should then take into account all of the available contexts to challenge suspicious users when appropriate.
To boost UX without loosening fraud controls, merchants should move away from high-friction active fraud checks such as CAPTCHA, to effective passive checks instead. Ideally, a good tool should be able to determine the difference between a bot and a human without forcing the user to squint at tiny, illegible text on their mobile screen. Passive checks can also help organisations get to a good level of certainty about user intent. Active checks should come after and be applied only to sessions that are already exhibiting some level of risk.
This is where multi-factor authentication (MFA) can be really useful. It is a softer mitigation method that helps an organisation gain confidence in a customer’s identity. It is also generally easy for legitimate customers. Meanwhile, fraudsters often don’t have the time or inclination to break through the second layer of defence.
As for the advice end customers should consider, enabling MFA is always a great step in protecting online accounts. Make sure to create strong, unique passwords when required and opt for biometric authentication when it’s available. Limit social media sharing of personal information that can be used to answer security questions. Keep good track of all financial accounts and watch for unusual activity. All these pieces of advice can help individual consumers to protect themselves, but, ultimately, merchants must remain watchful as well.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2022-2023, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
About Maya Ogranovitch Scott
Maya Ogranovitch Scott is a Solution Marketing Manager for Ping's fraud prevention solutions. She is passionate about leveraging the power of identity to help enterprises deliver exceptional customer experiences that are simultaneously secure and seamless.
At Ping Identity, we believe in making enterprise experiences both secure and seamless for all users, without compromise. That’s digital freedom. To achieve this, the PingOne Cloud Platform turns you into an experienced artist who can bring exceptional journeys to life with a simple no-code canvas. You can deliver password-less authentication, protect user privacy, prevent fraud, architect for zero trust, and much more. For more information, please visit www.pingidentity.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now