By Ivan Walsh
eCommerce fraud detection and prevention is essential to protect both internet retailers and their customers. As the volume of eCommerce transactions increases, criminals are looking at ways to defraud retailers and consumers using increasingly complex software and techniques.
As a trusted intermediary, Postal Operators are providing fraud prevention measures that reduce risk levels, protect retailers against intrusions, making the internet a safe place to shop and encourage consumers to place orders online.
First, let’s quickly review the most common types of scams and fraud.
Different Types of Fraud
There are multiple methods of eCommerce fraud:
- Consumer identity theft — stealing personal information under false pretenses.
- Merchant identity fraud — using fake merchant accounts on behalf of a seemingly legitimate businesses and charging stolen credit cards.
- Pagejacking — rerouting traffic to websites with potentially malicious material.
- Phishing — emails or websites that require credit card, bank account or login credentials.
To put this into perspective, let’s review the costs associated with fraud, and then how Posts can help alleviate these issues.
The High Cost of eCommerce Fraud
In 2016, there was 1,093 data breaches, up 40% from 2015, according to the Identity Theft Resource Center. Credit card fraud was also up from 16% in 2015 to 32% in 2016, the 2016 Consumer Sentinel Network Data Book reports.
What’s behind these numbers?
Gartner highlight that, “The complexity and sophistication of fraud attacks increases as businesses implement digital initiatives. These attacks focus on new account fraud, first-party fraud, identity theft, synthetic identity, account takeover, payment fraud, claims fraud and others.”
The LexisNexis 2016 True Cost of Fraud study breaks down the average distribution of fraud costs across four subsets:
- Friendly fraud — 28%
- Identity theft — 23%
- Chargeback fraud — 28%
- Lost or stolen merchandise — 21%
How much do merchants lose per fraudulent transaction?
The LexisNexis Fraud Multiplier calculates the total amount of loss a merchant incurs, based on the actual dollar value of a fraudulent transaction. Every dollar of fraud cost merchants $2.40.
As customers increasingly shop online — mCommerce increased 42% in 2016 to $617 USD — fraud prevention and secure payment processing are required to minimize criminal activities and maintain confidence in the underlying eCommerce platform. With this in mind, how are Posts helping Internet retailers to mitigate against fraudulent activities, and protect customers when shopping online?
How Posts are Helping Reduce eCommerce Fraud
Building on their long tradition of providing trust services, Posts use their independent position to ensure retailers are paid, consumers receive their goods, and that both parties feel confident when transacting online.
Posts protect Internet Retailers and consumers in several ways, in particular, by offering digital identity services, escrow, and tracking services.
Digital identity ensures that both consumers and sellers are identified before transactions take place, using a combination of electronic, in person and address verification methods.
With Digital iD™, Australia Post offers Internet Retailers and customers a secure digital verification system. It conducts over 6 million identity checks each year on behalf of its business and government customers through their post office network. If, for some reason, a customer can’t complete the verification process online, or if additional verification is required, they can complete the process in person at a participating post office.
For eCommerce merchants, the main benefit is that it improves the customer experience. Once customers have a Digital iD™ account, they can share their pre-verified identity information with merchants rather than going through the full application process. This increases the number of sales and reduces shopping cart abandonments rates.
As mentioned, eCommerce fraud prevention typically involves deploying policies, process, and systems.
To protect both merchants and consumers, Posts are providing a range of services, including:
Digital Identity — increase the security and privacy of physical and digital eCommerce transactions, Posts can provide verification and authentication services to verify both the buyer and seller’s identities
Escrow — serve as a trusted third party, releasing funds only when goods are accepted. For consumers, it guarantees delivery. For sellers, it guarantees payment
Tracking — provide flexible tracking tools to track goods by reference, email, and SMS, in particular if goods are misdirected or lost in transit. Tracking provides greater transparency as consumers can use the tracking number to locate the package, determine expected delivered time/date, and confirm when delivered.
Buyer Protection — policies and procedures to help consumers if goods are incorrect, misrepresented, or include unexpected ‘hidden’ fees. Cross border customers frequently require assistance with custom charges, packaging, and paperwork.
Security Protocols — including SSL, digital signatures/digital certificate to validate the sender and timestamp of transactions; compliant with government legislation
Authentication — verify the identity of an individual, merchant, service, or website
Authorization — determine the services an authenticated entity is allowed to access
Nonrepudiation — ensure that recipients cannot deny (repudiate) their purchase
Encryption — encrypt eCommerce transactions against unauthorized persons
Public Service Announcements — improve consumer awareness of fraud-related activities
By deploying these solutions, Posts can help Internet Retailers create stronger connections with consumers, leading to greater confidence in eCommerce platforms.
How Posts are Protecting Internet Retailers against Fraud
Here are some specific examples of how Posts are helping Internet Retailers reduce fraud.
For Internet Retailers, eCommerce fraud undermines their relationship with consumers.
In relation to eCommerce fraud, BigCommerce categories fraud into two broad categories:
- Account takeover — attackers target personal information, financial data and purchase history, often using phishing schemes
- Identity theft — criminals break into databases and steal usernames, passwords, credit card numbers and other personal information
To mitigate against fraud, Posts are helping Internet Retailers address the following challenges:
- Replacing traditional fraud systems with more secure systems
- Ensuring Anti-Money-Laundering (AML) programs are in place
- Implementing fraud detection software that responds to criminal attacks and emerging trends, for example, social selling and mCommerce
- Improving fraud detection tools to help reduce fraud rates while increasing authorization rates
- Refining their returns management process to deal with fraudulent sales
By implementing these, Internet retailers can:
- Align fraud detection policies across multiple channels
- Merge legacy rule-based systems with ‘modern’ data analytics software
- Promote fraud awareness, including additional training on fraudulent behavior, anti-money laundering, and awareness of social engineering attacks
How Post are Protecting Consumers Against Fraud
The Posts are also well-positioned to protect consumers when shopping online. This includes both the purchase — whether by card, cash, or alternative method — and also when receiving the actual goods.
For many of us, the web is now the go-to destination for shopping. Even if we plan to buy offline, we’ll often research the item online first, compare prices, look for reviews, promotions, discounts, special offers — and then make the actual purchase.
At each step in this process, criminals attempt to deceive us using different tactics: popups, malware, Trojan horses, social engineering, and more.
Despite all the warnings, as shopping online becomes more convenient — and will become more so with 1-click payments etc — Internet retailers need to proactively protect their shoppers.
To help protect consumers against fraud, Posts are:
- Providing identity services that verify both the merchant and customer. This gives both parties the confidence to trade online, as the risk of potential fraud has been significantly minimized by the Posts identity management procedures
- Educating consumers about online shopping best practices, for example, the importance of checking the returns process.
The USPS Postal Service and Postal Inspection Service dedicate one week in March every year — National Consumer Protection Week — to educate consumers about identity theft and other fraud schemes and provide tools and information to combat these crimes.
- Highlighting potential hidden charges/taxes when receiving goods cross borders in order to avoid chargebacks and fraudulent orders
- Explaining the benefits of using Two Factor Authentication (2FA) and other security measures by strengthening password and PIN security
- Understanding how to get assistance when goods are lost, damaged, or incorrect
4 Steps to Fraud Protection
The fraud landscape will continue to pose threats to Internet Retailers and consumers as new risks emerge from alternative payment methods, mobile commerce, and cross-border transactions.
To protect Internet Retailers against vulnerabilities, so they can provide secure eCommerce services to their customers, a four-step process is recommended:
- Identify Fraud Management Goals — examine where the business, customers, and partners, are most at risk from fraud.
- Develop Fraud Prevention KPIs — define fraud management targets, metrics, and escalation processes for monitoring and responding to fraudulent activities.
- Evaluate Current Performance — assess fraud management at each point of service, then identify areas for improvement.
- Define Optimum Solution — integrate fraud prevention solutions into your online business.
Despite the rise in fraud attempts, Internet Retailers can implement effective measures to protect customers from fraud at different points in the eCommerce lifecycle.
By controlling this area, Posts help Internet Retailers reduce time firefighting fraud on a case-by-case basis and instead focus on what’s important — growing their online business.