By Bruno Farinelli, ClearSale
The 2016 holiday season holds promise and threats for e-Commerce retailers. On the positive side, U.S. online retail sales are expected to increase by 17% this year compared to the 2015 holiday season. On the negative side, fraud attempts increased by 8% last year and they’re poised to rise even more this holiday season. The cost of fraud to e-Commerce merchants is on the rise, too. It’s now at an average of 1.47% of revenue. The message from these figures is this: Online retailers who want to make the most of rising holiday sales must plan now to thwart fraudsters while maintaining a good shopping experience for legitimate customers.
E-Commerce Under Threat
The Threatmetrix Cybercrime Report for Q2 of 2016 found that “this quarter saw the highest level of attacks on e-Commerce with more than 69 million rejected transactions, representing a 90% increase over the previous year and a 12% increase over the previous quarter.” Fueling the problem are a migration from point-of-sale to online fraud after last year’s EMV liability shift, a yearlong rising tide of botnet-powered fraud, and a surge in hard-to-detect account-creation fraud using the stolen credentials from data breaches worldwide.
Retailers Must Shore Up Defenses Ahead Of The Holidays
As always, the challenge for e-Commerce retailers is to stop fraud without falsely declining valid orders. The extra challenge during the holidays is maintaining that balance at speed when order volumes spike. To accomplish that, here are fraud-prevention elements to review now, before holiday shopping begins.
Advertisement
Review new-account screening
The number of new accounts rejected by retailers and financial institutions in Q2 rose 250% over the same time last year. While banks and lenders are often the primary victims of account creation fraud, e-Commerce retailers are targets as well. Review your company’s practices for account creation and verification to look for weak points that need reinforcement.
Take a fresh look at your mobile security
LexisNexis found that in 2015, online retailers accepting mobile payments lost a larger percentage of their revenue to fraud than online retailers did overall, due in part to weaker security over mobile. Does your mobile screening process include geolocation, two-factor authentication, device identification and behavioral data? If not, now is the time to strengthen your mobile order screening process.
Review the role of location in order screening
Many e-Commerce retailers limit themselves to orders from within the US, fearing a higher risk of fraud from cross-border transactions. However, the ThreatMetrix report found that the U.S. was one of the top five countries where fraud attacks originated, a top attack destination. No U.S.-based retailer would consider blocking all in-country orders, of course, but your fraud prevention program should factor in the most up-to-date information on risky U.S. billing and shipping zip codes. Experian regularly updates its list of the zip codes with the highest rates of billing and shipping fraud, which change often as fraudsters move around. Likewise, a fraud prevention program that uses up-to-date data to pinpoint high-risk areas abroad can allow merchants to accept cross-border orders without taking on undue fraud risk.
Check your transaction limits, velocity controls and data-entry attempts
In most cases now, e-Commerce fraud is perpetrated on a large scale at rapid speed by botnets using stolen data. To protect against these attacks, look at the order value and frequency limits you’ve set to trigger scrutiny, while keeping in mind the increase in volume and value you expect from legitimate customers during the holidays. In addition, limiting attempts to enter transaction data correctly can thwart the kind of rapid-fire data entry that signals card-testing fraud, in which someone with a stolen card number guesses at the CVV and expiration date until they get it right.
Go over your customer contact policies and practices
During the holidays, your business not only has to fight fraud but keep legitimate customers happy. That means valid orders need to be approved quickly, and orders flagged for further scrutiny should be handled promptly and with care. A courteous and professional call to the customer can help determine the order’s legitimacy, and if it’s done properly, it can build trust with the customer. Now’s the time to go over your customer-contact protocols and scripts.
Fraud is a complex and rapidly changing hazard that all e-Commerce retailers face. Regular review of your company’s fraud prevention practices, especially ahead of peak sales seasons like the winter holidays, can help your company reap the benefits of the e-Commerce boom and limit the impact of fraud.
Bruno Farinelli is an expert in biometrics and browsing behavior, and heads up the Fraud Analytics department for the ClearSale U.S. branch. Farinelli holds a Bachelor’s degree in Statistics from top Brazilian University UNICAMP and an MBA in Business Intelligence from one of the most well-known Technology Institutes in Latin America FIAP. Follow on twitter @ClearSaleUS.