Why Outdated Fraud Detection is Costing Companies Customers

Written by

Why are retailers driving customers away in their bid to secure sensitive data? Online fraud prevention specialist, Tony Larks, investigates the flaws in today’s authentication solutions and sets out a new path for protecting valuable customer relationships

Every day, in store and online, retailers lose business from loyal customers for one very simple reason: the fear of fraud.

From major US retailers, such as Target and Home Depot, to online giants such as Apple Pay, there have been some seriously high-profile cybercrime incidents in recent months – and this has led many companies to tighten security controls.

However, turning a business into a security Fort Knox can actually have a detrimental impact on trading, particularly online. This is because the majority of retailers are using fraud detection systems with burdensome second-level authentication processes like 3DSecure, which frustrates customers and can lead them to abandon their basket before purchasing.

At a time of fierce competition, where customer loyalty has become a viciously contested battleground, it’s hard to believe that so many organizations’ attempts to protect shoppers are backfiring on their retention strategy, but it’s true.

The difficulty retailers face with their current web fraud detection solutions lies with two fundamental changes in customer behavior. Firstly, we are living in the ‘I want it now’ era – which means even taking a couple of minutes to re-enter a password is deemed inconvenient by shoppers.

Secondly, consumers today will shop wherever they are, however they want, which often involves logging on from multiple devices. Present customer authentication solutions may be optimized for recognizing a regular shopper on their laptop computer, but have no idea it’s the same person – or even if they’re real – when they access the site from their smartphone or tablet.

Recent ThreatMetrix Cybercrime Index figures identified that 25% of online retail transactions are now made via mobile, making the identification of high-value shoppers more difficult than ever.

This creates a situation in which genuine customers are mistaken for cyber-criminals. Meanwhile, fraudsters exhibiting what the authentication mechanism deems to be ‘normal’ behaviors are perceived to be trusted consumers. 

"We are living in the ‘I want it now’ era... taking a couple of minutes to re-enter a password is deemed inconvenient"

For instance, an increasing number of criminals are creating virtual identities – setting up social media accounts, creating online dating profiles and such like – to improve their online credentials. In addition, scams such as malware and phishing are enabling them to steal real customer identities and use them to log on, purchasing goods without retailers realizing the shopper is not all that they seem.

So while it may seem on the surface that keeping criminals out means tightening the fortress doors, in reality this couldn’t be further from the truth. A new ThreatMetrix cybercrime report has revealed that 98% of fraud prevention is down to better customer authentication – and adopting a new approach could cut retailers’ security costs as well as enhancing conversion.

Instead of relying on customers proving they are genuine at the final hurdle, when they’ve already loaded their online basket, retailers should move to a context-based authentication and persona recognition solution.

Putting customers into context not only starts treating them like people – rather than threats – it reduces the need for manual checks in the final stages, which can create the frustration that leads to basket abandonment. Quite simply, it takes the burden of authentication out of consumers’ hands.

The approach works by using multi-factor techniques to identify shoppers at the point they log on, throwing out suspicious behavior at this stage. This can include devices connecting from known botnets, users whose credentials are known to have been compromised and devices disguising their geo-location.

Context-based authentication is certainly cheaper – it can streamline security protocol and reduce web fraud losses by up to 50% – but more importantly, it safeguards retailers’ reputations. Instead of bolting the door just as the customer wants to leave, it rolls up the drawbridge as they enter and leaves them to peruse at their leisure, with checkout processes optimized and waiting for when they’re ready to make a purchase.

No longer Fort Knox; the customer has found their castle.


About the Author

Tony Larks is director of research at ThreatMetrix, provider of sophisticated context-aware authentication solutions. Tony is a leader in the fraud prevention industry with previous roles at WorldPay and TrendMicro


What’s hot on Infosecurity Magazine?