How Businesses Can Stem the Tide of eCommerce Fraud
By Arnab Banerjee, Lead System Architect
eCommerce fraud is a plague that strikes at the heart of all online commerce and is a threat that merchants, especially small retailers, can ill afford to bear. 2021 is shaping up to be another banner year for eCommerce fraud, with some 21 billion in projected losses looming in the background. Still, the outlook need not be completely bleak. There are tools already available that, if adopted, could easily achieve a 20 percent reduction in overall fraud cases, or in other words, over $4 billion in savings for the total eCommerce market.
Status of eCommerce today
The state of the eCommerce market today shows more cases of online fraud than ever before. Analysts are predicting an 18% increase in fraud for the year 2021. In part, this trend can be blamed on COVID-19, since as the epidemic raged, eCommerce traffic doubled. It was only natural for predators to follow course, with 2020 breaking records for identity theft and other online criminal activities. For instance, there has been an uptick in pharming, the practice where fraudulent website storefronts are set up to collect personally identifiable information (PII).
These sorts of crimes are most devastating to small and medium-sized companies that often are unable to compete with the additional security measures larger companies can employ. Yet even the big corporations are beset by the toll that fraudsters take on the economy. Some high-profile cases that happened in the last three years include a huge breach in PII from Capital One in 2019 or the Walmart 3rd party data breach that occurred earlier this year that compromised PII from pharmacy patients. Fraud is an issue that affects everyone, but fortunately, tools to combat it get smarter year-by-year as well.
What is ecommerce fraud?
In general, eCommerce fraud is criminal deception conducted during a commercial transaction over the internet with the goal of financial or personal gain. While there are a variety of different types of eCommerce fraud, most involve fake or stolen credit cards or some form of identity theft.
eCommerce fraud has been on the increase for reasons other than the recent pandemic. Part of the issue results from the nature of the types of transactions conducted over the internet. Online stores are forced to verify customers solely through data and not by visual means, making it that much easier to slip through a company’s defenses. Additionally, since no physical card is needed for the transaction, hackers armed with a user’s name and password can wreak havoc for merchants and consumers alike.
Using today’s technologies to reduce fraud
Here are some techniques that companies, both large and small, can adopt to reduce fraud.
- Perform site audits and ensure they are PCI compliant. The Payment Card Industry issues standards for websites to comply with to ensure that customer data remains safe and secure and can help safeguard companies from other sorts of online attacks as well.
- Implement a software-based solution to fraud detection and protection. These are smart alternatives to rules-based detection methods. Fraud protection is geared toward enforcing regulations and analyzing purchasing behavior while fraud detection proactively monitors traffic for possible high-risk activity and assigns risk scores and provides alerts to administrators. Keep in mind, there is some crossover in certain areas.
- Adopt Trust Scores and Machine Learning. A trust score is based on analyzing big data to “learn” who legitimate customers are, going beyond simple user & password combinations to pinpoint aberrant behaviors. This approach enables companies to make smarter decisions about customers rather than by using rigidly defined rules. A first-time user, living in a country with high instances of fraud buying $500 in goods might very well be untrustworthy. But with rigid rules in place, this type of customer would always be banned, regardless of any other trust data that would otherwise be associated with the machine-learning method.
- Consider the use of multi-factor authentication with one-time passwords (OTP), also known as one-time PIN. It assigns a one-time authorization code that is only active for a single login or transaction. This adds another layer of security on top of traditional username and password.
- Urge consumers to choose passwords that are not so easily guessable. Passwords with obvious sequences are easily hacked and controlled.
How small companies can benefit from adopting Trust Scores
Smaller companies might shrink from words like AI and Machine Learning, thinking these technologies are costly and outside their financial reach. Fortunately, this technology has become more mainstream and therefore a reasonable outlay for companies, particularly when compared to the more ruinous cost inflicted by fraud. Some popular solutions available today cost a slight fraction of overall sales and should be within reach of most businesses, whatever the size.
Despite this reality, small companies often hesitate to take proactive measures to combat fraud. Some fear losing customers due to adding any additional inconvenience before making that decision to purchase, such as two-factor authentications. Another concern is generating trust scores requires a lot of PI (Personal Information) or PII data, this raises data privacy concerns. Not only this is an ethical issue, but we have seen in previous data breaches lot of PI and PII data has been exposed on the dark web. Nonetheless, this has to be compared with stats like the 66% increase in fraud attempts with a 20% rise in average order value. There’s no question that fraud is on the rise, and it will cost companies more to ignore it.
Available technologies to track thieves are a fraction of what most merchants payout over time due to fraud, and many cloud-based Software-as-a-Service solutions do not require an additional outlay in infrastructure. By prioritizing trust over rules-based risk scores, e-commerce and online retailers can reduce false positives, friction, and lost sales.
Worth the investment
As e-Commerce becomes an ever more integral part of the world’s economy, there will also be thieves attempting to steal merchandise and money from companies and consumers. Companies need to realize that there are affordable ways to combat fraud and they will cost much less than what fraud would exact. These fraud prevention companies not only provide machine-learning solutions but also insight dashboards, automated workflows, device fingerprinting, and chargeback guarantees to detect and prevent fraud. At the same time, consumers need to be on guard and protect themselves as well, keeping an eye out for anything that looks suspicious. The stakes in this conflict are high, billions of dollars high, and shaving off 20 percent of that is both possible and achievable.
About the Author:
Arnab Banerjee has an MBA from the University of Texas and is a lead system architect with a major financial services company. He has more than 10 years of experience leading and creating multi-year cross-functional technical projects from inception to deployment. For more information contact firstname.lastname@example.org.