September 25, 2018
September 20, 2018
Posted August 16, 2018
Consumers are big on BOPIS—but is it also becoming an irresistible new attack vector for fraudsters?
According to FierceRetail, fraud rates for BOPIS (“Buy Online, Pickup in-Store”) have been a fraction of those seen in eCommerce. But over the last year, some merchants reported seeing BOPIS fraud jump as much as 250%.
Now, with back-to-school shopping in full swing and the holiday season on the horizon, retailers that have embraced BOPIS as a way to get shoppers into stores are angling for ways to put the brakes on fraudsters aiming to exploit it.
Typically, consumers purchasing online and picking up at a physical location have only had to show a confirmation number. Occasionally, a driver’s license may be required. Still, these identifiers alone haven’t slowed crooks down. And adding more friction to make sure customers are legitimate? That could be a tough sell.
According to research from NNT Data, retailers with the least purchase friction can see a 48% boost in revenue and a 45% increase in income compared to rivals offering a poor purchasing experience.
So how can retailers hoping to make the most of BOPIS strike the right balance?
The appeal of BOPIS to retailers is clear, as eCommerce sales grew by 16.4% during Q1 2018 compared to Q1 2017. A key driver of this growth is mobile. According to the Q1 Cybercrime Report, 51% of transactions in the Digital Identity Network come from mobile devices, a 170% increase compared to Q1 2015.
As online purchases rise, BOPIS is a powerful way for brick-and-mortar shops to remain relevant to the modern consumer. Shoppers see it as a convenient way to leverage the ease of browsing for items online, but then receiving items quickly and avoiding delivery charges. BOPIS is a safer alternative when buying more expensive items and making them available for porch theft. At Lowe’s, for instance, 60% of online orders are BOPIS, and 40% of those customers make additional purchases when they’re there. Indeed, according to a survey from TotalRetail, 50% of US consumers had used BOPIS in the preceding 12 months—a 43% increase over the previous two years.
As it stands now, 44% of retailers with more than $100 million in annual revenue view BOPIS as nothing less than a competitive imperative. Unfortunately, the bad guys have noticed, sending fraud rates skyward.
Here’s the problem. According to Multichannel Merchant, most retailers today use separate, siloed systems for internal and online purchases, which limits their ability to verify customer identities and pinpoint fraudulent orders.
Shipping address can be a key attribute for detecting fraud online, however how would an in-store employee know that someone purchased 92 identical items, with 47 different identities and plans to pick them up at multiple locations? Asking to see a driver’s license and maybe even a credit card at pickup won’t tell them that. And these forms of ID are hardly foolproof anyway.
As PaymentSource points out, fraudsters often place guest purchases and enter the identity information for an accomplice who will do the pickup, so that the ID checked in the store is correct. Think money mules, only for shopping malls.
To fight back, retailers and their payments partners will obviously seek to prevent fraudulent purchases from happening in the first place. But how?
Rather than relying on identity checks in-store, it is important for merchants to deploy modern, digital-first technologies that can verify the identity of the individual on the other end of a transaction by analyzing their identity information, devices, locations, past transactions and real-time behaviors in search of anomalies that may signal fraud.
To be effective against BOPIS, retailers need to be able to spot fraudsters the first time they attempt to set up an account or make a purchase. Proprietary data will only be of limited help on that score, even with siloes taken down between eCommerce and in-store systems. Even data from retail consortiums doesn’t cut it.
Understanding the true digital identity of your consumers requires access to dynamic data that combines online and offline identity intelligence from businesses across numerous industries and geographies– giving a more accurate assessment of whether behavior looks legitimate or not.
Being able to spot the use of fraudulent identities associated with either online transactions or offline pickups may be retailers’ best bet for stopping BOPIS fraud before it happens.
Will any of this actually work? It depends on how quickly merchants can put these kinds of solutions in place.
While it’s too late for new initiatives to impact back-to-school season fraud levels, it’s important to note the 4th quarter holiday season is expected to see eCommerce revenue growth hit 15.3% year-on-year.
For some merchants, that may be the first big test of their new anti-BOPIS fraud efforts.
To learn more about reducing eCommerce fraud such as BOPIS, download an exclusive solution brief, “Minimize Payment Fraud: Reduce Fraud and Protect Revenue Without Customer Friction”