Fraud is a major concern for 72 percent of businesses, according to Experian’s Global Fraud and Identity Report. More than 5,500 consumers and 500 business executives in 11 markets around the world participated in the survey.
The situation has not been improving, the report suggests, as six out of 10 businesses experienced the same losses to fraud as they did a year ago — or more.
However, pulling the plug on every suspicious transaction is not a satisfactory solution. In fact, 71 percent of businesses told Experian they denied more transactions than they should have. That not only cost specific sales, but also may have reduced the affected customer’s lifetime value.
SMBs More Exposed to Risk
“Online fraud is on the rise, and retailers are under the constant threat of attack,” noted Michael Graff, risk analytics manager at Radial.
Small and mid-sized businesses are particularly vulnerable because they “lack the financial and staff resources of their larger counterparts, he told the E-Commerce Times. Also, they “often use basic, out-of-the-box tools that aren’t tuned to their specific business and trends, leaving the door open to fraudsters to initiate heavy and quick attacks that go largely unnoticed until it’s too late.”
Many sophisticated attack patterns are used repeatedly on SMBs, noted Vanita Pandey, VP of product marketing at ThreatMetrix.
“Hackers are getting craftier and layering their efforts to make them harder to detect,” she told the E-Commerce Times. “In this heightened risk landscape, 2018 must become the year of digital identity.”
Adding insult to injury, merchants have been left footing the bill for stolen merchandise, said Yana Zaidiner, COO of Token.
Further, if an etailer is thought to have weak security, consumers will lose confidence in its brand, she told the E-Commerce Times.
SMBs are “less equipped to deal with negative press,” suggested George Avetisov, CEO of Hypr.
Also, larger enterprises are better able to build in the cost of fraud, he told the E-Commerce Times.
Still there are steps SMB etailers can take to confirm a customer’s identity.
1. Team Up With Experts
SMB etailers should partner with third-party security providers, suggested Token’s Zaidiner.
“Products such as Apple Pay and [Google] Pay or other apps that anonymize payment are a great way for consumers to keep their credit cards offline and out of harm’s way,” she said.
Apple and Google ascertain the identities of users of their payment apps, which reduces the burden on etailers.
2. Train Staff to Scrutinize Orders
“Having an experienced team that knows what to look out for and how to diligently dive into and research suspicious activity is important, so you’re not rejecting every suspicious transaction but also not taking on the risk by fulfilling every order,” Radial’s Graff said.
“Look at order level data daily,” he recommended.
This is tedious, Graff acknowledged, but it will let retailers spot and respond to high-level trends over time.
However, this process is “not very scalable and needs to be layered in with other anti-fraud strategies.”
3. Monitor Transactions Daily and Set Order Limits
Keep an eye peeled for shipping and billing information that doesn’t match, and check on the physical locations of customers, advised Graff.
“If you have a billing address in one part of New York City and shipping at a different city address, and the IP address is coming from Germany and your credit card is from the UK, and the purchase is over $5,000 — you may want a fraud investigator to look at it personally,” he said.
Imposing an upper limit on the number of purchases and total value of purchases from any one account on a single day will help keep down exposure to fraud.
4. Go Digital as Much as Possible
“Analyzing transactions based on true digital identities is the most effective way to instantly differentiate between legitimate users and cybercriminals,” ThreatMetrix’s Pandey said.
Organizations “need to invest in digital-first strategies that leverage automation … to protect consumers facing downstream attacks from large-scale data breaches,” she advised.
The growing sophistication of cybercriminals’ attacks means etailers must ensure that the tools they use will help them differentiate between trusted customers and fraudsters, Pandey noted. They must “go beyond legacy approaches that rely on simple device recognition or static credentials.”
5. Balance Security and the Customer Experience
It’s important to balance customer experience with risk management, Pandey cautioned.
Thirty-five percent of consumers would purchase more online if there were fewer security hurdles, Experian’s report suggests.
Twenty-five percent of the Experian survey participants said they had abandoned a transaction because setting up a new account required them to give out too much information.