Consumer habits have shifted markedly to digital channels in the pandemic’s wake. Ordering online to grab food, groceries or clothes was a necessity at first, since restaurants and stores were closed for in-person sales. But as Kount‘s Gary Sevounts noted in a recent conversation with PYMNTS, that has begun to shift from a necessity to a matter of convenience for many consumers.
“We’ve seen that digital ordering really is the model of the future, and it has come early,” Sevounts said. “This is now the experience consumers want, and it’s really hard to go back to old behaviors in light of the wholesale changes we’ve seen in some places.”
Much of that is good for both consumers and the merchants who serve them, he noted — but it’s also something of a beacon for fraudsters who are looking to cut in on all of that elevated online activity and illicitly siphon off some of the revenue.
Scams can take a variety of forms: account takeover fraud, credential stuffing, specialized bot armies and good old-fashioned brute-force attacks. But Sevounts said the stakes are higher than ever for merchants, and to truly transition to omnicommerce, they must raise their games in terms of identity verification and security offerings.
“There is sort of a double-edged sword that [merchants] need to address with their fraud platforms,” he said. “They have to be smart enough that they can figure out how to detect bad actors and protect the digital journey of a customer. But those tools [also] have to protect the company in their digital growth overall.”
Spotting Complex Frauds
While fraud is proliferating, it’s also getting harder and harder to spot in many cases.
In a world where account takeover fraud is on the uptick, Sevounts said it’s not enough to merely verify an account. Instead, one has to go to the next level and look at whether that verified account is actually trustworthy.
“With a full identity-trust platform, you can say that this identity seems to be verified, but there are anomalies,” he said. “For example, they’re using an address that may not be associated with this identity, or the credit card they’re using is not normal, or the IP address this is coming from is not right. Basically, [merchants must be] able to see that, yes, this is verified, but the transaction should not be trusted.”
According to Sevounts, taking additional steps beyond simple identity verification can make the critical difference between blocking a fraudulent transaction before it starts versus untangling a chargeback down the line.
Watch The Bots
Sevounts added that a “look-deeper” mentality should expand beyond the realm of just looking for human fraudsters. After all, bot attacks are becoming an increasingly common part of the fraud landscape, as bad actors learn to leverage bot armies for something other than shutting down networks.
Criminals are using bots to “take advantage of the digital journey” by turning them into tools to infiltrate consumer accounts and merchant websites, noted Sevounts. He added that defending against such threats is challenging because not all bots are bad bots — which means locking the bots out wholesale isn’t a good option for eCommerce players.
“It’s not just malicious bots out there,” he said. “There are actually some really good ones, like SEO engines’ bots and purchase bots that are useful to boosting revenue. That’s where it becomes really complicated for digital commerce providers [to] distinguish them, and to allow good bots and lock out bad ones.”
But again, the answer is a deep-digging system that can identify a bot, what it’s doing and whether it’s beneficial or malicious to the consumer journey, said Sevounts.
The Path Ahead
The digitization trend is almost certainly not going to reverse, nor is the rise in digital fraud attempts, predicted Sevounts. But he said the good news is that fraud isn’t new — it’s just more active.
And while fears are circulating about a coming tsunami of….