Ecommerce security: unified tools combat fraud & cyberattacks

Mary Writz, SVP of Product at Sift, reveals the impact of online payment fraud on ecommerce merchants, and why innovative organisations are taking an end-to-end approach to security with unified tools and technology.

Fraud remains an ongoing, always-growing problem for digital businesses. Reports rolled in at the start of this year predicting that online fraud losses will total in the billions in 2023, thanks to sophisticated attacks threatening every consumer-merchant interaction. Risk can, of course, negatively impact multiple areas of operations, undermine profitability, and ultimately lose a business its customers. And because it’s never an isolated function, fraud operations can be the single point of failure and success for a lot of organisations—especially as the global Fraud Economy continues to thrive. Much like a machine learning model, any input (or in this case, a successful attack) improves how effective it can be going forward.

We’ve recently seen an alarming trend in consumer fraud, too—that is, fraud committed by consumers who don’t otherwise consider themselves cybercriminals. Sixteen percent of those we surveyed at the beginning of 2023 admitted to having participated in payment fraud or personally knowing someone who has. Another 17% said they’ve run across online offers to commit fraud, whether or not they accepted. Both point to the rapid democratisation of fraud, a growing phenomenon that not only makes it easier for anyone to steal data and funds, but that allows fraudsters to scale their efforts by recruiting new players beyond the deep web.

As software providers, we do something similar, working to make our platforms accessible to more users throughout a business. True to form, fraudsters flipped a tried and tested business practice for their gain and are using timing to their advantage. An economy ripe with inflation and uncertainty is an ideal environment for them to succeed with attacks and ‘recruiting’ efforts.

Fighting against such a complex, living ecosystem of cybercriminals takes a bit of fighting fire with fire. Fraudsters across the board are adopting sophisticated tools and automation to exploit a merchant’s security vulnerabilities through account takeover, card-not-present (CNP) fraud, complicated scams, synthetic identity fraud, and a multitude of other abuse types that siphon valuable data and money from businesses and consumers alike. Attack types run the gamut from card hopping to social engineering, first-party fraud, and large-scale, brute-force ATO, leaving merchants to balance an incredibly challenging compromise between leak-proof security and healthy growth. Businesses need to be equally equipped with intelligent automation and comprehensive tools to reduce the impact.

Reducing friction while increasing order acceptance is core to effective fraud operations. But finding the right balance can be needlessly challenging because so many merchants think they have to give up growth for safety and vice versa. At the same time, analysts are after more control, and users want the smoothest, fastest experience while protecting profits and growth are at the root of every executive decision.

Extensive authentication processes or heavy reliance on manual review can lead to cart abandonment and even brand abandonment when legitimate customers are met with excessive friction. Driving up customer insults isn’t something any business wants, but that’s a common symptom of too much friction—and wherever false declines are a problem, you’re losing profits, and likely to let fraudsters under the gate.

The situation is made doubly complicated as merchants expand and operate across new channels and markets, which may have different risk profiles, regulatory requirements, and compliance standards. It’s important to have fraud prevention measures in place that can both reflect and meet the diversity of those needs, no matter where a business operates.

Fraud, payment, and operations teams that work closely together have the best chance of eliminating risk without impacting payment processing or other cross-functional initiatives. Each of these teams holds the keys to valuable data, context, and perspectives that can improve trust and safety throughout the business. These fraud-focused teams should always work together to define and implement the fraud incident response process, in addition to payment processing controls that help detect and prevent fraud.

Technology plays a necessary role in making that possible. The most effective platforms connect and align various data sources to comprehensively assess risk, and automatically trigger alerts, flag high-risk activity for manual review and verification, or block suspicious transactions as they’re surfaced. Flexible platforms allow these fraud-focused teams to automate bulk decisions, inform investigations and exploration, set transaction velocity limits, perform IP geolocation checks, and automatically apply card verification value (CVV) and other authentication checks. Orchestrated case management systems, workflow automation, and backtesting capabilities are also critical for these teams to have high confidence in deployments, with the ability to adjust controls on sight.

Absolutely. Advanced technology cuts costs and provides additional bandwidth and coverage for fraud operations through automation and enhanced data analysis. The ability to ingest and derive actionable insights from large amounts of data and sophisticated algorithms drastically reduces risk and helps improve the user experience with every transaction. It allows for smarter, faster, and more accurate fraud prevention along with improved operational efficiency, so merchants can focus on enhancing the overall customer experience. Over time, building consumer trust can definitively give merchants an edge over competitors with less sophisticated fraud prevention efforts in place—fraud has a massive impact on brand loyalty, driving up churn and chargebacks in addition to regulatory fees.

Merchants should look for fraud solutions built around a global data consortium that allows them to leverage a network of shared intelligence. When known behaviours and patterns are ingested and analysed by the global intelligence model, while also being informed by individual business signals, data accuracy is unmatched. If one business identifies risk, every other merchant in that network can benefit from that data—a particularly useful way to prevent new fraudsters from using old tricks or launching attacks across multiple merchants at once.

Create a culture of open communication between teams, and don’t limit it to those traditionally involved in trust and safety. Fraud prevention impacts every corner of the business, which means every team has a responsibility when it comes to managing risk. Open communication encourages cross-functional teams to work together as a cohesive unit, benefitting from each other's expertise and perspectives. We took that a step further at Sift with our recently launched customer community, Sifters, which connects risk professionals using our platform with an in-house product and fraud experts. The collaboration and support we’re able to provide our users there will be equally valuable to us as we refine our understanding of customer pain points and needs.

But to get to a point where trust and safety are a universal effort, it’s first necessary to align internally on common goals around reducing fraud losses, enhancing customer trust, and improving operational efficiency. There’s shared ownership across these objectives—each team will make different contributions towards achieving them and will need to understand how their specific efforts fit into the larger security strategy. Finally, adopt tools and platforms that optimise trust and safety processes, and that support efficiency and collaboration. Implement shared platforms, and create workflows that let teams communicate, work together in real-time, and track progress, while enabling decisions founded in accurate, comprehensive data.

The most forward-learning companies have centralised fraud with cybersecurity and identity operations, aligning each with common goals, metrics, and tooling. Many businesses struggle with this thanks to fractured tech stacks and siloed teams, especially if they’re not digital natives—they’ve maybe built collections of point solutions to address different risks, but it takes manual effort to connect those solutions in a meaningful way.

Companies that succeed with end-to-end fraud prevention and a more agile, data-driven strategy have acknowledged that fraud requires thoughtful decisions across the entire business, with particular consideration for where internal orgs intersect. They understand that you can’t keep the user experience separate from fraud prevention any more than you can keep fraud from impacting revenue. They’re able to streamline processes throughout the business, drive efficiency, and prevent redundancies. They spend less money on fraud. Finally, they’re able to build consistency and confidence in fraud prevention operations, allowing them to scale as needed.

In short, a holistic view of transactions, customer behaviour, and other relevant data leads to more accurate and comprehensive fraud detection and prevention, happier customers, and sustainable growth.

The way you break the forced compromise is to have transparent insight into a user across their entire journey, as well as flexible orchestration capabilities across operations. You need context about that customer, and context takes complete data. That’s what makes it possible to apply the right levels of friction at the appropriate time and put businesses in the best position to optimise that user experience and its outcome.

Navigating volatile fraud spikes and maintaining stable and consistent online experiences for customers can’t be achieved with one-and-done rules and manual review. You never want to look at a single point in time or an isolated piece of data as enough evidence to inform friction.

The best advice I can give ecommerce companies to manage the current fraud landscape at scale is to seek out customisable tools that allow them to automate their fraud strategy, and proactively stop multiple types of fraud without excessive friction. That takes unified tech that provides accurate and complete real-time insights, intelligent automation, and step-up authentication. It also takes an agile trust and safety strategy that supports an end-to-end approach to fraud prevention. 

About Mary Writz

Mary Writz is Sift’s SVP of Product. With two decades of experience in threat detection, automation, and security intelligence, she injects trust and safety into every level of the Sift Platform.

About Sift

Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivaled global data network of one trillion (1T) events per year, and a commitment to long-term customer partnerships. Global brands such as DoorDash, Twitter, and Wayfair rely on Sift to gain a competitive advantage in their markets. Visit us at sift.com, and follow us on LinkedIn.

https://www.linkedin.com/company/getsift/

https://twitter.com/GetSift

https://www.facebook.com/GetSift/