As published on Digital Transactions April, 2020
MORE AND MORE BUSINESSES are seeing the convergence of fraud prevention, cybersecurity, and customer experience. From preventing the theft of data to stopping chargebacks to protecting the customer journey, there is a need to balance these three areas and work cross-functionally to achieve business goals. What have been traditionally cyber events alone now lead to fraud, including events such as ransomware, business email compromise, identity theft, synthetic ID, and stolen credentials. At the center of this cycle is account takeover, fraudulent accounts, and payments fraud. And that means modern fraud risk is changing. No longer is risk solely focused on chargebacks. It now encompasses regulatory concerns, poor conversion rates, brand reputation risk, data security, credit, poor customer retention, and more. As digital innovation continues to scale and customers expect less friction as they complete checkouts, businesses must take a multifaceted approach to fraud prevention that spans the entire customer journey.
IDENTITY TRUST: In a recent survey conducted by Kount and Javelin Research, 42% of businesses reported that digital fraud slows their ability to innovate and expand into new digital channels and services. At the same time, only 64% of customers have confidence in the security of digital channels. And 48% of customers are more sensitive to anti-fraud measures that disrupt their online experience than they were a year ago. Compounding these trends, businesses reported that top fraud threats include payments fraud, account takeover, fraudulent accounts, and friendly fraud. With the need to balance fraud, cybersecurity, and customer experience along with ever-evolving emerging fraud types, it is increasingly critical that fraud prevention not overly rely on any one tactic. Solutions that are one-dimensional cannot solve the complex business needs of today’s digital risk management. Effective fraud prevention must get to the core of identity trust. Identity trust is the ability to establish the level of trust for each identity behind every payment, account creation, and login event. Think of it as a spectrum: on one end is the lowest trust level, likely indicating fraudulent activity. These interactions should be blocked or encounter high friction. On the opposite end of the spectrum is the highest trust level, which includes returning, quality customers. These customers should not only be allowed through, but also treated like VIPs. That’s one way identity trust bridges fraud prevention and customer experience. Further, cybersecurity comes into play when considering that fraud prevention must span the payment transaction through the customer journey. From the moment a customer visits a Web site, to account creation, to login, to a payment transaction, there is opportunity to establish identity trust. Most companies engaged in e-commerce are aware of and working with solutions like Kount to prevent payments fraud. Yet, many aren’t as well-versed in account takeover, and they should be.
A LAYERED APPROACH: To effectively prevent account takeover fraud, businesses should look at three key layers in an ATO solution: protection, policy and customization, and reporting and data presentation. At the protection layer, solutions should evaluate user behavior, device and network anomalies to detect high-risk, anomalous login activity such as bots, credential stuing, and brute-force attacks. This helps determine in real time whether a login should be allowed, declined, or challenged with step-up authentication. In the policy and customization layer, customers should be able to customize user experiences and reduce friction by identifying and segmenting users based on common characteristics, such as VIP users or trial users. A rich set of data is essential for delivering adaptive friction with the necessary precision. This dataset includes user type, device specifics, IP risk, geolocation, custom data, and more. Some users are higher risk, some users are no-risk, and some users might require a personalized experience. Creating policies based on robust data allows businesses to decide what type of experience to deliver to their customer, from low friction to step-up authentication.
The reporting and data layer should provide login trend data that includes device and IP information, both of which are often not available to fraud teams. Having the ability to quickly identify and report on failed login attempts, risky IPs, compromised accounts, and inbound anomalies not only allows businesses to stop account takeover attempts, it uncovers trends that enrich their own data and inform future policies. With this layered approach, companies have access to a unified and customizable solution to combat malicious logins and bots, credential stuffing, and brute-force attacks while also enabling personalized customer experiences through an adaptive friction model. Fighting fraud is a multifaceted endeavor, and the best place to begin is at the very first interaction, not at the order form. That takes coordination across teams, organizations, and processes, and it’s also the future of fraud prevention.