Beating Online Retail Fraudsters at Their Own Game
Fraud affecting online retailers is on the rise. According to LexisNexis® Risk Solutions’ 2018 True Cost of Fraud for the Retail Sector study, successful retail fraud attempts rose almost 30 percent between 2017 and 2018. Every $1 of fraud costs midsize to large retailers an average of $3.29. So how can retailers protect themselves with an increasing amount of successful fraud attempts accompanied by more sophisticated fraudulent tactics? The answer is educating retailers on next-generation security technologies that evolve at a faster rate than fraudsters.
Next-generation fraud prevention solutions aim to provide security without introducing friction to the user experience. An example of friction is a false positive, which is the phrase used to describe the flagging of a legitimate customer’s purchase journey as fraud. It’s important to keep in mind that false positives, and other friction-causing security mistakes, can also impact a retailer's bottom line. Moving forward, retailers will need to combine security technologies that traditionally live under multiple domains — online fraud prevention, cybersecurity, and artificial intelligence — to create “full fraud stack” solutions to mitigate complex attacks that are becoming a commonplace for retailers.
A fraudster can’t buy behavior, and it's too difficult and time consuming for attackers to mimic human behavior effectively. Therefore, to increase effectiveness of e-commerce security, retailers’ fraud prevention technologies should leverage behavioral analytics and biometrics data. Retailers can use passively collected and anonymized data to gain a granular understanding of how specific users behave online. This data allows retailers to uniquely identify users by revealing how they hold a device, their typing speed, touch pressure and geographic location. This data can also be used at a macro level to examine broader consumer behavioral patterns and determine a normal journey path leading to transactions, such as how many times users typically view an item before purchasing. From there, retailers can differentiate between a normal journey and what should be considered suspicious.
Security experts are increasingly using artificial intelligence to make sense of this data and to better understand the risk context. For example, AI recognizes when a website is seeing an irregular increase in traffic, and adjusts its sensitivity levels to closely scrutinize traffic during the irregularity. It's also able to understand which events (e.g., payment vs. account sign up) pose a risk for the merchant’s threat model, and it can then tailor responses to the perceived risk. You’ll hear this referred to as contextually aware security, but the basis of this contextual awareness is heavily focused on AI enabling systems to make those classifications and adapt accordingly.
Retail fraud is a vibrant — and thriving — community of hackers who operate in a complex and secretive economy, sharing expertise, software and data assets. Layering these new techniques in fraud prevention and cybersecurity on top of prior approaches creates hardened fraud and cybersecurity systems that can defend against the new, complex landscape of cybercrime. The next wave of fraud prevention technologies must continually innovate and evolve to meet market needs.
Sam Bouso is founder and CEO of Precognitive, a fraud prevention and detection technology platform.
