eCommerce Fraud Battle Tactics: Top Tips
Posted August 16, 2016
Life at the front line of fraud prevention for online retailers can all seem a bit doom and gloom at times. As we covered off in our recent blog “The Ecommerce Fraud Battleground” the ecommerce sector is being hit by a barrage of attacks, coming from organised crime rings employing a range of sophisticated methods and automated tools.
However, all is not lost! Just as the cybercriminals are becoming increasingly canny in their tactics and techniques, online retailers – and the security solutions available to them – are increasingly sophisticated in their defenses.
Here we are going to explore some top tips for protecting your online retail business from the increased fraud attacks – thus protecting your customers and also your own bottom line.
Fraud in the crosshairs: Improve your accuracy
Finding fraud accurately depends on a holistic approach that looks for anomalies in the way trusted users transact online. The interesting thing about the world of retail today is that users leave an incredible amount of information as they transact across various sites, almost like a unique online footprint. By analysing the connections between a customer’s devices, locations, behaviours and detected threats using anonymised data one can stitch together a user’s true digital identity. Through understanding digital identity, fraudulent behaviour becomes easier to detect with far greater accuracy.
Bring down the barbed-wire defences
Online retailers are performing a balancing act between tackling rising online fraud levels, whilst still allowing easy access to online goods in the highly competitive ecommerce landscape. Fraud departments are under increasing pressure as they face rising attacks and increased fraud losses, chargebacks and operational costs. However, stricter security measures risk impacting the customer experience and affecting sales conversion rates. Asking customers to jump through hoops to prove that they are legitimate is not feasible, because customers will go elsewhere. Invest in a digital identity strategy based on trust, which recognises returning customers rather than just looking for the bad guys.
Leverage the next-gen armoury
Retailers have increasingly sophisticated technologies available to them that can be embedded into their websites in a way that is completely invisible to their users. The latest innovations in online fraud prevention enable retailers to analyse their transactions in real time based on hundreds and hundreds of criteria, whilst looking for evidence of malware and protecting against automated bot attacks. Just as fraudsters are leveraging automation to increase the sophistication of their attacks, a technology-first approach is providing advanced protection for retailers.
Embracing advanced online fraud prevention technologies means that in-house fraud experts are free to focus on truly risky cases. Decreasing false positive alerts relieves the pressure on manual fraud review teams, reduces operational costs and means that human expertise is leveraged to maximum benefit.
International battle frontiers
Retailers are facing real challenges when looking to transact internationally. Cross-border transactions are 2.5 times more likely to be rejected compared to domestic transactions (Q2 Cybercrime Report) This is partly due to elevated attacks levels, but also because businesses are rejecting legitimate transactions due to the perceived risk, which negatively impacts ecommerce revenues. Location spoofing is very elevated among cross-border transactions, and therefore sophisticated location cloaking detection is vital to cross-border fraud prevention; however, assessing a transaction’s legitimacy based on a basic assessment of location is no longer feasible in today’s globalised world.
It takes a network to fight a network. The only way to effectively fight the organised cybercrime that is targeting retailers today with such ferocity is through knowledge sharing and leveraging historical user data. Look for solutions that bring global shared intelligence across the customer’s digital history.
If businesses can effectively adopt a multi-layered defence to accurately assess whether a transaction is legitimate or not, it avoids the risk of many technologies working in silo. Retailers need to obtain a unified view in real-time of the risk of a transaction based on many layers of analysis. This will enable instant decisioning and improved conversion rates.
Danger: Malware ahead
Retailers must watch out for tell-tale signs of fraudulent activity such as the presence of malware on devices, mobile apps that have been tampered with or reverse-engineered and the use of location cloaking and TOR in conjunction with other suspicious transaction behaviour. Complement standard anti-virus software with signature-less malware protection and behavioural-based assessments, which flag suspicious patterns of behaviour such as bot attacks and Remote Access Trojans.
The complex, highly organised, multi-faceted world of online fraud is evolving faster than many businesses can keep pace. As customers adopt new technologies, their underlying behaviour is rapidly evolving, while fraudsters are becoming more and more adept at mimicking the behaviour of a trusted customer. Retailers have an unenviable task, but the technology and expertise exists allowing them to successfully handle fraud mitigation while lowering friction for good customers.
For info on how ThreatMetrix helps protect online retailers please see our ecommerce page.