Want Proactive Fraud Prevention? Start With the Customer Account

The average consumer today can reload their Starbucks mobile wallet while they wait in line for coffee, book a last-minute ticket for a day trip to SFO, and come home to their groceries delivered and even organized in their fridge — all with the press of a button. Consumers trust the figurative (and sometimes literal) fulfillment of their lives to merchants. With this trust comes great responsibility to provide the best customer experience possible.

But what happens when a consumer’s trusted merchant has suddenly approved $2,000 worth of transactions they didn’t approve of? Will they blame the faceless fraudster who stole their identity? Claim some responsibility for using the same password on every single account they open (including their account with the public library)? Or will they blame the merchant they trusted with their personal data, which (in their opinion) didn’t take the extra measure to care for it?

From the second a customer lands on a merchant’s site, the business should begin managing the delicate balance between providing a best-in-class customer experience and preventing fraud loss. Beyond standard post-authorization fraud assessment, what can a business do to get ahead of the problem? They can start with the customer account.

Account Opening

Customer accounts provide many advantages to both the customer and the merchant. Customers can save their billing/shipping details, payment method, easily return items and receive promotions. Merchants can better identify their customers as well as tailor their marketing according to their customers’ interests. Merchants inherently place more trust in transactions that occur when a customer is logged into their account. But what happens when a fraudster uses a synthetic identity — or real pieces of identity from multiple people stitched together — to create accounts? Assessing the risk at account creation is an integral step in proactive fraud prevention that more merchants are focusing on to reduce customer friction.

Most merchants want to create as little friction as possible at account creation, asking for only the most necessary information. At this stage, they usually collect name, email address, IP address, device ID, and perhaps behavioral data. Validating, verifying and accessing third-party networks will allow a merchant to decide if this appears low risk or if they should implement a progressive signup flow. At this point, merchants may choose to request more information (e.g., phone number or physical address) or two-factor authentication to ensure the account opener is who they say they are.

Account takeover fraud (ATO) rates, especially via mobile, have skyrocketed in recent years, costing businesses billions of dollars. Managing this threat, which involves a bad actor taking control of a customer’s account to make fraudulent purchases, presents a great challenge to both the customer and the merchant. Following an attack, the merchant, which has consistently seen good behavior from a customer, can be caught off guard by a sudden chargeback. And the victimized customer, who shops frequently with this merchant, no longer trusts that they're in safe hands. Risk assessment at account creation helps the merchant to minimize friction, while not losing sight of nefarious players.

Account Modification

Risk assessment shouldn’t stop at account creation; it should be part of the life cycle of the account. With any modifications that take place, merchants should use relevant data across the ecosystem to reduce friction while still catching fraud. Therefore, in a world where fraudsters are increasingly sophisticated in recreating customer identities, data from multiple sources can help find unique markers that identify the actual human behind a digital identity. Whether they change the shipping address to get the physical good, the email address to avoid the real customer from getting your confirmation, or there's suddenly a new device ID, there's a sign that this might be account takeover. Merchants can leverage identity verification within their models to monitor changes in behavior to avoid not only a loss in goods, but more importantly, a loss in the customer’s trust.

Machine Learning and Customer Trust

Sourcing identity verification data is only a part of the challenge. Even after ensuring security and privacy needs are met, the more significant struggle is putting this data to good use across the ecosystem. The use of machine learning (ML) modeling to assess risk can help. The unique needs of proactive, real-time fraud detection, including large and diverse data sets, real-time decisions, and continuous learning cycle times, make the account ecosystem a good candidate for ML modeling. We observe it in practice: our customers that use ML models realize disproportionately higher benefits vs. those who only use rule-based systems.

Understanding the customer's context is the way to drive better user experience, and an excellent user experience also drives consumer trust. To build a better online experience, you need to understand the context that brings consumers to your site. However, there's never a silver bullet to achieve this. The context keeps changing even within each customer’s journey, which is where proactive fraud prevention across the account ecosystem can help merchants establish and maintain customer trust.

Katie McGinn is the head of the e-commerce practice at Ekata, a provider of global identity verification via APIs and a SaaS solution.