By Paul Marcantonio, Head of UK/Western Europe, ECOMMPAY
Companies operating within the e-commerce sector face security threats on a regular basis. From unprovoked DDoS attacks to phishing scams, cyber-crime remains an ongoing issue. Service providers, whether payment processors, acquirers or third-party security platforms, are locked in an eternal battle with fraudsters. And while flying under the radar of cyber-criminals is impossible for online businesses, it’s advisable to be prepared by establishing a security strategy that will provide the best possible protection against fraudulent activity.
The reality of the situation is that fraudsters tend to be indiscriminate when it comes to their targets. Furthermore, due to the nature of their activities, they have a vested interest in remaining one step ahead of not only the average consumer, but also the cyber-security specialists dedicated to combatting their attacks. From a technological standpoint, it’s unlikely that online merchants will have the required resources to remain afloat. They are therefore interested in securing partnerships with either payment service or technology providers capable of defending their interests on the eCommerce arena.
To understand risk management trends, it’s important to begin with understanding the nature of online payment fraud itself. Fraudsters have evolved to become incredibly technologically sophisticated, capable of easily extracting the required consumer data – from document scans to passwords to the passcodes banks send as part of their multi-factor authentication systems. They are also nuanced: different e-commerce industries face different styles of attack. False chargeback claims are the most common method used against travel operators, while retailers contend with fake orders placed with stolen card information. Financial companies suffer most from phishing, while high-risk industries such as gambling experience losses resulting from using affiliate programmes, wherein players make a single transaction and disappear, leaving operators to pay the affiliate commission fee for no profit.
Individual fraudulent transactions, taken out of context, are impossible to predict. However, a one-off scam is unprofitable. Why would a cyber-criminal go to the trouble of stealing valuable customer data for a single payoff? Consequently, the offending party will register new accounts and reuse the stolen information in an attempt to maximise their profits. When a series of fraudulent transactions emerges, advanced security systems will be able to identify the perpetrator based on a pattern of suspicious behaviour. Identification also bolsters the system’s capabilities by reaffirming its settings are configured correctly, allowing for the service provider to identify this particular cyber-criminal by digital trace and device.
The most advanced risk management technologies available on the market apply the scoring system, learning on the basis of artificial intelligence to establish consumer fingerprints. The scoring system works by sending a transaction through an automatic check against preconfigured anti-fraud filters, each of which corresponds to specific rules, selected individually for the merchant in question depending on industry sector and other variables: some monitor the transaction amount, others monitor whether the country where the service is provided differs from the user’s geolocation, and so on. Each filter, when triggered, will subsequently calculate a predetermined value. The security system will then decide whether this value constitutes a suspicious transaction, rejecting it outright or flagging it for manual review.
When it comes to the future of online payment security, even those who are better prepared than their industry peers understand that it’s not all smooth sailing. From the challenge of calculating the rules outlined above in the most efficient manner, to adapting security strategies to new devices, such as smartphones, potential pitfalls abound. If omnichannel processes are configured incorrectly or filters are chosen poorly, there is a risk of missing fraudulent transactions or rejecting authentic payments, both of which are likely to greatly reduce the merchant’s conversion rate, negatively affecting their overall profit – not to mention their brand’s reputation. The most effective approach is proactively partnering with a service provider to establish a solid risk management strategy, relying on the latter party’s ability to immediately react to negate new threats with advanced technological and industry knowhow.
For more information, please click here