Prior to the COVID-19 pandemic, 63% of consumers said they referenced their mobile phones as a resource while shopping in stores1. Today, due to the lack of face-to-face interactions resulting from COVID-19, we’re seeing a rapidly accelerated adoption of eCommerce as a marketplace. The week following the pandemic declaration, eCommerce traffic increased 23% and it’s unlikely this trend will slow as companies look to reopen brick-and-mortar stores.
Fraudsters have also noticed this shift, and have been quick to exploit merchants grappling with how to manage the surge in online volume. In a recent consumer survey by TransUnion (Formerly iovation), 29% of consumers indicated that they had already been targeted by digital COVID-19 scams. These attempts are especially concerning because breached personal data and compromised credentials harvested from such attacks are just a step towards perpetrating other types of fraud.
As fraud continues to grow in sophistication, so are the strategies required to successfully mitigate such attacks.
Last month, we presented to the RH-ISAC Digital Fraud Working Group about fraud trends that are being observed across the industry, including proven solutions to combat fraud and meet the challenges of the COVID-19 era. With over 100 registered for the event, we wanted to highlight the three solutions discussed to help mitigate fraud in the shifting economic climate:
1: Assume that bad actors have perfect information.
The days of assuming that a customer is “good” due to having perfect information are behind us. Fraudsters are now succeeding at mimicking the behavior of good customers to commit account takeover (ATO) and other types of fraud. In 2019 alone, there was a 347% increase in ATO2, a number we’re sure to see climb as credentials are compromised due to phishing scams. Layering in additional methods of authentication helps mitigate risk throughout the customer journey while still maintaining a great customer experience.
It’s important to consider that not all points throughout the customer journey hold the same level of risk. For lower risk transactions, you should avoid adding unnecessary friction. Adding device-based authentication is a simple solution that utilizes the consumer’s device as a transparent second factor of authentication, and can easily be layered on top of current authentication methods such as one-time passwords or username and password combinations.
To protect higher risk transactions including large purchases, changes in account details, or outreach to call centers, utilizing mobile multifactor authentication (MFA) provides a comprehensive authentication solution that utilizes the capabilities of mobile devices that consumers already own. MFA is a highly secure experience for your customers, offering all three types of authentication factors: knowledge, possession, and inherence. These factors come in the forms of various methods such as fingerprint recognition, facial recognition, PIN code, pattern code and geofencing, making it incredibly difficult for a fraudster to successfully infiltrate an account.
2: Think beyond checkout and look at every step of the customer journey.
Today’s levels of fraud sophistication go beyond a single point of risk such as checkout or account changes, which is why a holistic approach is needed to effectively combat fraud across the entire customer journey. Take the rise of shipping fraud as an example, which increased 391% from 2018 to 20192. Fraudsters will successfully take over an account, make minor changes to things like the phone number or email address, but leave the shipping address untouched to avoid alerting the merchant that the account has been taken over. Then, the fraudster may closely track a package and change the shipping address once it hits the carrier, or even intercept the package at its final destination.
To help combat criminal methods like shipping fraud, there are a number of tools retailers can utilize, such as adding additional authentication for high risk transactions or using velocities to uncover unauthorized devices and fraudulent behavior. Having two-factor authentication solutions in place at key risk points helps to strengthen security by requiring specified behaviors (like leaving a package at the door or a purchase over a certain price point) to be authorized by the customer, and their authorized device, prior to being accepted.
3: Create a friction-right experience that balances security and convenience.
Protecting the customer journey is a constant balancing act of reducing friction while ensuring account security. The good news? Modern day consumers expect and value a secure digital transaction experience. Our recent global eCommerce report revealed that 95% of shoppers view additional identity validation as positive. Even more compelling is that 63% of consumers report that they’ve abandoned a transaction due to a poor identification process3.
Properly using risk signals to reduce friction for good consumers provides additional assurances while also helping to reduce false positives. When you consider that in 2019 there was an estimated 340B in lost revenue from false positives2, this balancing act becomes even more important for the eCommerce industry. It is critical to look past single anomalies and consider all risk signals holistically in order to reduce false positives and avoid rejecting good business.
To learn more about protecting consumers from fraud, listen to our recent webinar which dives into our latest eCommerce report. This webinar also provides insights into the top fraud trends retailers are facing in the COVID-19 era, and reveals how to combat them while meeting consumer expectations.
1BRP Consulting, 2019 POS Survey
2TransUnion (Formerly iovation) consortium data
3TransUnion (Formerly iovation) Holiday Retail Fraud Survey, 2019 Insights