The Art Of Balancing Fraud Prevention And Reduce Customer Friction Points
E-commerce fraud happens in a number of ways. However the most common payment fraud is initiated either by a smart attack, unleashed by a cybercrime gang, automated bot, or sophisticated hacker. Or by a customer, who doesn’t want to pay for what they’ve bought, claiming an unlawful chargeback, also known as ‘friendly fraud’.
For an online merchant, the result is the same: lost revenue, reduced profits and potentially stock that can’t be recovered.
There are other ways to attack online merchants of course. Phishing or malware viruses can go after customers’ details. Those details could be used to perpetrate fraud elsewhere, taking out credit and making purchases. With GDPR coming into force soon, retailers need to take extra care to ensure their systems can’t be compromised and data stolen, which could result in huge fines if the merchant is not GDPR compliant.
Online retailers have a duty to protect every avenue into their systems to prevent fraud. The most obvious route is through the checkout. Most cybercriminals will try that first, which is why every effort must be made to prevent in-checkout fraud. However, e-commerce brands also need to take care to avoid creating too many friction points that could prevent genuine customers from making a purchase.
Here is our best practice advice on how to ensure you balance customer needs with fraud prevention.
#1: Ensure 3D Secure remembers repeat visitors
In the UK and Europe, 3D Secure is everywhere. This fraud prevention tool will slow down the most determined of cybercriminals, even those with stolen or cloned credit or debit cards.
Unfortunately, it will also slow down shoppers. Some may abandon a cart as a result, especially if they can’t remember their 3D Secure password. So for those who’ve come back to buy more, keep them happy with a security system that remembers the customer’s browser and verifies them automatically. Most banks, card schemes and payment providers do this automatically; but make sure your customers benefit from this.
#2: Implement behavioural analytics
How do you know if a customer is a genuine customer?
Do they behave like one? Are they asking to ship goods to countries known for being high risk?
Machine learning security systems can identify patterns of fraudulent behaviour, and then automatically decline a transaction at checkout. However, you don’t want to rely 100 percent on automatic systems. Ensure there is some input from cyber security and fraud prevention experts when setting or adjusting parameters, to avoid excluding genuine customers who may not act the same way as other shoppers online.
#3: Leverage verification technology
Two of the most commonly used authentication solutions are an Address Verification System (AVS) and Card Verification Value (CVV). These verify that the cardholder is resident at the shipping address and that the person initiating the transaction is in possession of the payment card.
These aren’t failsafe, but they do go a long way towards preventing online fraud.
At the same time, reducing friction points means that repeat customers – whenever possible (unless they’re behaving unusually, within the perimeters of a fraud prevention system) should not need to enter address details again. Card verification however is automatic and part of every checkout, so this will always be requested.
#4: Secure guest checkout
Sometimes even repeat customers are in a hurry.
They want to click a few buttons and make a purchase.
With third-party authentication, using a social network (e.g. Facebook, Twitter) everyone should be able to go through a guest checkout quickly and easily, without needing to remember password details or create an account. This also gives retailers confidence since some customer data is captured in the process, to verify the transaction.
#5: Automatic device and location verification
Someone buying a ticket for a show on a Monday morning from a desktop device in Chester, England, is likely to be a genuine customer. The customer may have spent the weekend planning their purchase, checking availability and dates, only for a final decision to have been made and the customer completing the transaction on Monday or Tuesday morning.
But those same tickets, in the basket, with the so-called buyer doing so from a smartphone in Russia, at 2am local time, is far less likely to be genuine.
Device and location identifiers can pick up on this information automatically, preventing potential fraud and chargebacks around the clock. Since this is done automatically, it prevents genuine customers from being delayed when they’re in a hurry and have made a decision to make a purchase.
Balancing the needs of customers and fraud prevention is never going to be easy. Fraudsters and cybercriminals are constantly looking for new ways to evade security systems and steal from consumers and businesses. Fraud prevention experts and payment service providers will continue investing in new technology and processes to prevent, as much as possible, retailers from smarter and more elaborate ways to steal and con.
If you would like to discuss this in more detail with a security expert, contact our team.