Kooomo are exhibiting at this year’s eCommerce Show North. The below blog originally appeared on their website.
There’s no way to completely avoid eCommerce fraud. There, we said it.
Sure, there are plenty of measures that retailers can take to ensure that they’re as protected as possible against fraud. Having a world class eCommerce platform with a built in automatic order system and algorithms designed to detect fraud is one that we happen to know a thing or two about!
And sure, there are lots of ways that you can limit the amount of fraudulent transactions coming through your online store. Like using CVV numbers. Making sure that you are fully PCI Compliant. Always checking that billing addresses match IP addresses. Tracking your packages. Honestly, we could go on all day.
Whether we like it or not, fraud is and will probably always be the number one threat to online retailers. Account takeover fraud rose by 45% in Q2 2017 alone, at the monstrous price tag of $3.3 billion. Merchants are up against it in a big way. Fraudsters are no longer just stealing card details – they’re using local data to ensure that all of the information they provide online stacks up – names, postal addresses, IP addresses, the lot. Throwing even more fuel on the fire is the timeline that brands face when dealing with chargebacks, sometimes up to 180 days of investigation before liability is ultimately determined. Oh, and that liability tends to fall back on merchants more often than not, with an average of 8% of retailers’ revenue being pumped into managing online fraud.
Now on one hand, you can ramp up your security measures in a bid to shift liability and keep chargebacks to a minimum. But on the other hand, by doing that, your customer experience is undoubtedly going to take a hit.
Because what do real-life, legitimate customers want? They want frictionless checkout. And by frictionless, we mean one page wherever possible. They want the option to check out as a guest if they haven’t already registered on your site. They probably don’t want to be taken away from your website to complete 3D Secure authentication, then try to remember their password and possibly have to contact their bank to either set or reset their credentials. And they certainly don’t want to be contacted by a loss prevention manager for further authentication details simply because they decided to have an online shopping spree on payday!
A fine line
Clearly, we’re dealing with a fine line here. So are you damned if you do and damned if you don’t?
Well…yes and no.
Apart from the obvious financial implications around eCommerce fraud, the key cause for concern is really the reputation of your brand, and how it’s being viewed by your potential and existing customers. If, for example Dave randomly checks his bank account and sees transactions from your online store that he never made, he has to go through the rigmarole of contacting his bank and being out of pocket for however long it takes for the charge to be returned to him, through no fault of his own. Sure, chances are that Dave understands how online fraud works and that he’s one of the unlucky ones that unfortunately has to take it on the chin. But from that moment forward, every time Dave sees an ad for your company, or someone mentions the brand in passing, he will always remember the grief that the experience caused him. At some point he has probably questioned the level of security behind your website. And you can bet your bottom dollar that he has told his friends, family and colleagues all of the gory details. Not ideal. Not ideal at all.
Finding the balance
When it comes to detecting, preventing, and managing online fraud, it’s really all about balance. Because it’s just as important for brands to create as seamless a purchasing experience as possible as it is to deter hackers from their online stores. Should brands be implementing one page checkout as much as possible? Absolutely. Should they also be taking the appropriate measure to protect themselves against fraud? Of course they should! But how can you effectively achieve both? Well, we’ve already mentioned how important it is to have an eCommerce solution that will not only safeguard your store against scammers, but that also has data share in place to detect profiles that have performed fraud elsewhere on the platform’s network.
It’s also vital that behind that platform sits a highly qualified loss prevention specialist with the knowledge and experience to be able to 1) quickly take action on potential fraudulent activity, 2) determine which transactions are ok to authorise, and 3) strike a balance between the two.
At Kooomo, we call that person Peter.
But wait, there’s something else you can do to keep the fraud scales balanced and that is to test, report, and optimise. If you’ve decided to add another layer of security to the online checkout process with the likes of 3D secure, that’s all well and good. But while you’re doing that, you may also want to monitor your shopping cart abandonment rate. If it suddenly starts to go through the roof while your conversion rates simultaneously start to plummet, you could actually be putting your brand at a greater risk by losing legitimate customers. If your cart abandonment rate remains largely unchanged on the other hand, you could quickly start to see a fall in the number of chargebacks coming through. The point here is that you shouldn’t be making a judgement call on the security of your online store without testing out various measures, tracking the results, and optimising for customer experience while still limiting the risk of fraud.
There’s always going to be advances in technology to protect merchants, as well as advances in all of the ways that scammers can outsmart that technology. The big question always tends to be ‘who is two steps ahead?’ The answer is debatable. But in terms of what sits at the root of all this chat about security, and the answer is always the same – the customer.