The mutual trust between the buyer and the seller has been the cornerstone of all trade since time immemorial. This rule holds to this day, as shopping goes increasingly online. The global pandemic put worldwide digital sales on a giant growth spurt, resulting in a 27.6% increase in 2020.
But with every new opportunity come new challenges. The first months of the pandemic also saw a surge in ecommerce fraud rates, including sophisticated attacks. Scammers have adapted and shifted from “traditional” in-store fraud methods (like credit card theft) to those targeting web transactions.
Luckily, there are ways to benefit from the efficiency and reach of online retail while protecting your business and customers. Here are four technologies to support you in preventing fraud in eCommerce.
Common Fraud Methods
Before we start, you need to know your enemy. Let’s take a look at some of the most prevalent methods scammers use to lay their hands on money, goods, or data:
- Payments fraud — fraudsters order products using stolen card credentials, often to resell them for profit. Purchases unauthorized by the customer put your business at risk of chargeback.
- Account takeover — when a bad actor comes into control of your customer’s account, they can not only place orders but also steal data or even access funds.
- Chargeback fraud (also called friendly fraud) — the fraudster cancels the payment after the product has been shipped to keep both money and the parcel. The bad actor can also claim that the product never arrived, exploiting the fact that many retailers can’t tell the difference between a legit purchase and a scam attempt.
These methods are as simple and common as they are effective. However, fraudsters can also employ more advanced techniques:
- Pagejacking — this method involves creating a carbon copy of a frequently visited website. Fraudsters can then use it to your detriment in various ways, from funneling the search engine traffic of the copied site to mimicking the login page to steal your shoppers’ credentials.
- Triangulation fraud — in this case, fraudsters also set up a fake storefront. It offers the same merchandise as the original but at a lower cost. As a customer places the order, their card data is stolen, and the scammer relays the transaction to the authentic retailer. The customer ends up paying twice or applies for chargeback, and the bad actor can use card credentials for other scams.
Remember that even when fraud doesn’t result in financial loss, it still can cause harm. Scams can dilute the customer base, skew your metrics, and erode your brand’s reputation.
Now that you know what you’re up against, we at Itransition have come up with the list of technologies to counter malicious attempts targeted at your ecommerce business.
AI and Machine Learning
The sheer scale of fraudulent attacks makes it extremely difficult to differentiate between legitimate and dishonest activities. As a result, many valid transactions get blocked, while numerous scams slip unnoticed.
AI and machine learning solutions excel at handling large volumes of data. Thanks to their processing capabilities, AI algorithms can quickly go through the variables of each transaction and identify abnormalities without false positives. Any suspicious purchase is blocked or flagged for further examination.
What’s even better, payments fraud prevention systems based on machine learning constantly gather and study data to self-improve their detection abilities. This means that although the arms race will continue, you can be sure that automated solutions will quickly adapt to new fraud methods and over time will get increasingly efficient at identifying scams.
Another way to leverage customer data is to profile your users based on several attributes. The key here is quantity — the more details you have, the more precisely you can determine whether a session comes from a human or a bot.
The profiling attributes aren’t limited to transactional data. Identified factors include the characteristics of the user’s device, software, network, and even mouse movements. All of them help you — or the anti-fraud and retail software you use — to detect automated behavior and accurately trace scammers.
But the benefits of profiling go beyond mere fraud prevention. Knowing your users allows you to make better recommendations, identify returning customers, and predict their actions. You can use that knowledge to nurture a specific group of users or encourage them to try out a new range of products.
Credit card security code
Commonly known as CVV (card verification value), the security code is a basic but effective method of preventing credit card abuse. Depending on the provider, the code consists of three or four digits printed on credit and debit cards. It acts as another layer of defense against the fraudsters who may have access to other account information.
To complete the purchase in your digital store, the user must enter the code manually, together with the expiry date. This means that you are protected from chargebacks in case of a mass data breach, as long as scammers haven’t intercepted the physical cards or managed to obtain the code elsewhere. And even if a chargeback occurs, you can still dispute it in a representment process. The transaction was validated with a CVV, proving that you made a diligent effort to keep the payment process securely.
Step-up and risk-based authentication
Step-up authentication methods refer to any additional identity confirmation procedure. To proceed with their purchase, customers are required to enter a one-time code sent via SMS, e-mail, or produced by a physical token generator, or answer a specific pre-defined question. As technologies such as fingerprint and facial recognition are finding their way into mobile devices, biometric authentication is becoming increasingly popular.
One downside of step-up authentication methods is that they can be a source of irritation for the user. In ecommerce specifically, security checks add yet another barrier between the shopper and the checkout page. Many online retailers don’t want to add one more step to the customer journey, albeit making this decision at the cost of safety.
Risk-based authentication solutions are the safe middle ground between ensuring security and sustain a good user experience. They consider factors such as the user’s location, device, or behavior before requesting an additional confirmation method. If anything seems out of the ordinary — like logging in from a location thousand miles away from the registered address — step-up authentication is required.
This article only scratches the surface on ecommerce safety. In reality, there are many more threats your business will have to face, and there are just as many advanced technologies to keep the fraudsters at bay.
There isn’t a single, all-purpose safety measure when it comes to overcoming online fraud. Instead, it’s best to layer up your protections. Doing so will help you build on the strengths of each tool and mask its weaknesses.