The percentage of business transactions that have moved online is growing, and so is online fraud. Ecommerce fraud cost businesses over USD 20 billion in 2021, and that number is likely to continue to go up.
Fraud prevention is a critical part of any organisation’s business strategy, but increased security measures often result in poor customer experiences that lead to high session abandonment rates, and lost revenue. This can result in conflict between fraud and customer experience teams, as well as unsatisfying trade-offs between security and experience, but it doesn’t have to be this way. Ideally, fraud prevention should become nearly invisible, adding minimal friction to the majority of user sessions while still effectively protecting the organisation against fraudsters.
Improving fraud detection
An effective fraud prevention strategy starts with better detection. It is not a secret that most fraudulent transactions are discovered long after they are committed, resulting in losses that add up to much more than the initial transaction amount. Bots and bad actors continuously improve their tactics, always looking for new ways to defraud online merchants. They may turn to tactics such as reward point stealing, refund abuse, coupon abuse, or even changing shipping addresses on existing accounts, which legitimate users do not notice in up to 20-25% of instances, according to our experience.
For these reasons, legacy solutions that begin checking for fraud at the transaction offer insufficient protection. Fraud monitoring should begin the moment the user first interacts with a digital property and continue throughout the session. Behavioural biometrics makes it possible to identify risky users early, while continuous detection can provide a better view of each session, allowing for earlier and more flexible mitigation measures.
Automating intelligent mitigation
Once an organisation has upgraded its fraud detection capabilities, mitigation often remains a challenge. Most businesses employ multiple fraud detection tools and face the daunting task of distilling these disparate signals into a single automated decision that can be made in real time, activating the mitigation measures they’ve put in place. Automated mitigation requires further integration, this time between fraud detection, access management, and identity proofing tools that can be used to purposely increase friction.
With these integrations in place, organisations must then orchestrate user journeys that can react to fraud intelligence in real time, stepping up authentication, requiring proof of identity, or even terminating sessions that are deemed fraudulent. Ideally, with fraud detection occurring continuously throughout the session, each user can be screened for fraudulent activity at multiple touchpoints, which include not only login and checkout, but also various other actions, such as changing shipping addresses or notification settings.
When an organisation gets fraud mitigation right, it can greatly decrease the number of steps between the start of the session and checkout for a legitimate user. According to the Baymard Institute, the average online merchant faces cart abandonment rates of over 65%, but optimising checkout flows can decrease abandonment by over 35%. Getting the user flow right translates to improved retention. When customer experience no longer suffers due to fraud prevention measures, fraud teams are no longer at odds with experience teams, and all parties can focus on their shared goal – increasing revenue and decreasing loss.
Developing a dynamic counter-fraud strategy
Developing a strong fraud prevention strategy is a challenging endeavour. Digital commerce systems are inherently complex, and the multiple tools and levels of integration required for effective fraud detection and mitigation only add to that complexity. Fraudsters are well-versed in analysing customer-facing sites for weaknesses and finding new ways to exploit these vulnerabilities. To respond effectively to a fast-moving threat landscape, fraud teams must constantly evaluate their existing strategies and make changes and augmentations whenever necessary. As fraudsters develop new tactics, this may include investing in additional fraud prevention tools that can enhance the existing fraud response.
Fraud teams need the ability to integrate new tools and then build, test, and optimise user flows quickly in response to updated fraud intelligence, company requirements, and even seasonal shifts in user behaviour. Changes to fraud mitigation logic may have unintended consequences on the experience of legitimate users, so the ability to fine-tune fraud responses quickly is critical to ensure that security and experience remain in balance.
Our approach to fraud prevention
Ping Identity’s fraud solution detects bots and bad actors based on behavioural data combined with device and network attributes, identifying anomalies and fraudulent activity at an early stage, and catching fraudulent attempts that other solutions miss.
Ping’s platform then initiates mitigation in real time, evaluating fraud and risk signals from multiple sources, including non-Ping detection tools, to automatically step up security when necessary. Deep reporting provides actionable intelligence to help fraud and security teams identify and shore up weaknesses. Meanwhile, the solution differentiates between suspicious users and legitimate ones, allowing minimal friction transactions for real customers.
Ping is currently the only provider to offer fraud detection, access management, identity proofing, and orchestration tools on one integrated platform, giving customers a comprehensive fraud prevention solution that can set up a strong dynamic counter-fraud strategy.
About Alasdair Rambaud
About Ping Identity
Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalised, streamlined user experiences. We provide flexible identity solutions that accelerate digital business initiatives, delight customers, and secure the enterprise through multi-factor authentication, single sign-on, access management, intelligent API security, directory and data governance capabilities. For more information, please visit www.pingidentity.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now