Between 2017 and 2018, the percentage of retail revenue lost due to chargebacks, account takeovers, identity theft, and other forms of fraud rose from 1.58% to 1.80%1. As the volume of fraud attempts and botnet activity has increased, fraud prevention strategies have stagnated.
Over 52% of e-commerce enterprises have difficulty identifying fraudulent orders because their fraud management platform fails to provide them with a comprehensive view of customer data2. Comprehensive customer data would provide security teams with enough context to differentiate between good purchases and fraudulent purchases. Instead, older fraud management strategies rely on limited security protocols, like passwords and rules, to notify the security team when a potential instance of fraud has occurred.
Without layered fraud detection that cross-references expected customer behavior with suspicious activity, differentiating between valid purchases and fraudulent purchases becomes a challenge. Inaccurately labeling good customers as fraudsters results in lost revenue for retailers, increased customer frustration, and allows actual fraudsters to steal customer and business data with ease.
Beyond a limited view of customer activity, outmoded strategies like retroactive manual fraud detection, and a reliance on rules-based security protocols have all lead to significant revenue loss for retailers.
Ecommerce Fraud Prevention Strategies That Hurt Retailers
1. Limited View of Customer Activity
To separate fraudulent activity from good logins and purchases, security teams and fraud management platforms need contextual customer data. Anytime a customer logs in to an ecommerce platform they leave traces of their digital identity and their personal identity. While more modern fraud prevention platforms survey thousands of data points in real-time, legacy platforms only view a small subset of customer activity.
Personal identity, or the information manually submitted by the customer to the retailer, represents the primary defense for legacy systems. While usernames, passwords, names, addresses, date of birth, and phone numbers are all helpful forms of authentication they can be stolen and leveraged by fraudsters.
Cross-referencing a customer’s personal identity with their digital identity, IP addresses, devices used, biometrics, and common geolocation, helps retailers contextualize data and identify when suspicious activity has occurred.
2. Reliance on Rules-Based Security Protocols
While rules-based engines used to be the gold standard for online ecommerce fraud prevention, they have had a difficult time keeping pace with increasingly sophisticated fraudsters. Rules are effective at stopping simple, known patterns that the security team has programmed the fraud management platform to detect. However, organized fraud attacks have become more diverse, complex, and frequently subvert rules-based engines.
Rules-based engines also rely heavily on large security teams to keep rules up-to-date and the security team must manually review chargebacks and other instances of fraud that have been flagged by the platform. Rules can also be prone to human error and, if coded incorrectly, can label good customers as fraudsters.
Lastly, rules-based engines reliant on manual review processes that detect fraud after it happens. In the fast-paced retail industry, reactive fraud detection allows fraudsters to get away with fraud and exposes ecommerce enterprises to significant amounts of annual revenue loss.
To prevent future acts of fraud, retailers will need to build comprehensive customer profiles that provide security teams, and their fraud management platform, with data that can help differentiate fraudsters from good customers. Doing so will empower the security team to provide comprehensive security and maximize online retail revenue.