Armen Najarian at Outseer explains why identity management is a key part of fighting cyber fraud but warns that it must be implemented in a customer-friendly way
Brits are buying more online than ever before. UK online shopping sales rose by 48% to nearly £113 billion in 2020, and a further increase of £10 bn is expected this year. Digital banking is also through the roof, as 76% of adults in the UK now use some form of online banking.
While this digital convenience is exciting for consumers, it’s a double-edged sword. Fraudsters, the nemesis of brands and consumers alike, are following the money trail with 13% of online transactions likely now fraudulent.
A perfect storm is brewing for retailers: they are struggling to pay rising rents on physical stores, facing supply chain challenges, and suffering COVID-related labour shortages. As they reach what is traditionally the busiest quarter of the year, retailers can’t afford to fight a battle on all fronts. They must address fraud so it doesn’t end up being the straw that broke the camel’s back.
A recent report from UK Finance found that fraud losses in 2021 have increased by 30 per cent compared with the same period last year – and this shows little sign of slowing. While customers may feel helpless, businesses are not. They must work to defeat the cyber-criminals threatening the future of retail, or risk disastrous consequences. Research shows almost half of UK consumers trust brands less after receiving scam messages from fraudsters.
Regardless of any real business association with fraudsters, customers’ brand loyalty can be destroyed by fraud, which in turn has a devastating impact on customer experience, reputation, and ultimately, retailers’ bottom line.
Organisations must find a way to fend off fraudsters and protect the brand experience, without adding too many new hoops for customers to jump through during the checkout process. With the future of retail and brand reputation riding on fraud prevention, businesses don’t have many chances to get it right.
Cyber-crime is taking a different shape
As shopping and payments have become more global, mobile, and on-demand, whole new avenues of attack have emerged for fraudsters to exploit. Phishing attacks, rogue mobile apps, fraudulent social media pages disguised as high street brands are rife, with brand abuse fraud in particular now the most dominant attack vector for cyber-criminals.
These impersonators target entire customer bases to steal credit card details or login credentials and use this compromised information to make a remote purchase. This is known as card-not-present (CNP) fraud, and it can be very difficult for merchants to verify the purchaser’s identity because both the card and cardholder aren’t physically present.
While CNP transactions are unavoidable in today’s hyper-digital world, businesses need to find a way to improve their detection of fraudulent payments. However, the sheer volume of CNP transactions and different devices used to make payments – from mobile phones, to watches and even smart TVs – has increased the attack surface, making it difficult to successfully identify a fraudulent transaction.
At first glance, the simple solution to thwart cyber-criminals appears to be to ramp up authentication, forcing consumers to confirm CNP transactions via text message or biometrics. However, these additional measures add friction to the digital experience.
Maximising safety and minimising friction
Fraud prevention is an imperative to protect brand experience, but only if done right. A recent report from PwC found that almost 60% of customers will abandon a brand after several bad customer experiences, and 17% will walk away after just one bad experience.
Boosting fraud controls is essential to defeating cyber-criminals, but businesses must ensure that the user experience doesn’t become collateral damage. Increased transaction declines and irksome step-up challenges can send customers fleeing to competitors and result in cart abandonment, which impacts three quarters of all purchases and results in $4 trillion in lost revenue potential every year.
Risk-based authentication – like the 3D Secure 2.0 protocol – can help organisations avoid the Catch-22 between fighting fraud and protecting the user experience. The technology analyses hundreds of risk indicators to silently authenticate customers during the checkout process.
It will rapidly examine a vast list of questions, searching for anomalies that indicate fraud. For instance, have you purchased similar items before? Is the payment in your local currency? Have you shipped goods to this address before? If the transaction’s risk score is too high, the purchase will be flagged as potentially fraudulent and blocked.
This approach pinpoints fraud, while ensuring legitimate payments go through without users being challenged with pesky requests for additional authentication. Merchants get smarter at detecting fraud, can challenge suspicious payments, and protect the brand experience – it’s a win-win!
Protecting brand reputation and fending off fraud is critical as competition intensifies, consumers lose patience and spending ramps up on the approach to Christmas. We are likely to see record levels of CNP transactions, and cyber-criminals won’t miss the opportunity to cash in.
While it’s imperative that retailers are able to unmask fraudsters, they must also juggle pressure to deliver seamless payment experiences. Taking a risk-based approach to authentication allows organisations to make faster and better-informed decisions about fraud, without compromising on the customer experience. This way, retailers can outsmart cyber-criminals, protect their brand reputation and secure the frictionless, seamless, and above-all safe future of retail.
There’s no time like the present, and by tackling fraud, retailers can help to ensure that the last quarter of 2021 delivers success and marks the beginning of better times to come for the industry.
Armen Najarian is Chief Identity Officer at Outseer
Main image courtesy of iStockPhoto.com