Can digital ID fight the twin-headed monster of cart abandonment and fraud?
E-commerce's opposite threats of cart abandonment and fraud create butting heads, but advanced authentication could give merchants a new way to manage both challenges.
Real-time, cloud-based digital identity verification systems that are transferable could reduce the strain on merchants to add cumbersome steps to checkout to combat fraud.
"Cart abandonment is a [$7 trillion] per year problem," said Frank Teruel, senior vice president and general manager of system provider ThreatMetrix. "You have all types of opportunity to cross-sell and promote, and the consumer goes through all of the steps and then suddenly drops out for some reason."
In the last quarter of 2018 alone there were 1.3 billion to 1.5 billion bot attacks, the ThreatMetrix network reported, with 80% of those targeting e-commerce. That puts merchants in a tight spot, pressured to fight high-tech bot attacks and fraudsters attacking mobile transactions while at the same time under pressure to strengthen cross-border security.
Being excellent social engineers, fraudsters combine phishing e-mail attacks and malware in networks to obtain passwords and personal information that are then incorporated into a bot that will try those passwords and information on hundreds of thousands of sites to determine where a weak link may exist.
Protecting against that type of fraudulent activity leads to plenty of cart abandonment and, conversely, fraud rules that globally could result in most rejected transactions actually being legitimate customers, Teruel said. "A good customer should never have to jump through hoops, but at the same time, if something is not right you need a security function to deal with important markers to stop the bad guys," Teruel added.
An anonymous real-time global data network that compares transactions and behaviors against know threats, while also building a relationship between devices of individuals and transactions, is a key factor moving forward, he said.
By protecting a business with that type of global network, an e-commerce merchant can deploy other complementing safeguards such as tokenization or the card brands' 3-D Secure 2.0 to counter growing fraud schemes.
The most sophisticated merchants and banks understand this threat environment, but many others do not, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
"I also see a lot of FIs where innovation precedes security, and even though the fraud prevention guys know that real-time detection and mitigation is critical to protecting their environment, the business wins the argument and real-time payments are deployed without those controls," Conroy said.
While security layers will always be a critical fundamental strategy for banks and merchants, the 3-D Secure 2.0 upgrade is in its early stages and its effectiveness is not yet known. The payment networks should know more after quantifying the metrics of some test runs, Conroy added.
"The interest, especially from digital goods merchants, is primarily around the potential to stop false declines, rather than the fraud prevention aspects," Conroy said. "There are very few production transactions at this point, as it is too new."
In the meantime, ThreatMetrix predicts the coming year will see all major merchants overhaul their legacy approaches to security and embrace global threat insights. The ability to halt so many false-positives, especially for cross-border transactions, will help merchants deliver stronger revenue and less friction for customers, Teruel said.
"In cross-border transactions, more than 20% globally include identity spoofing, or dealing with someone who is not the person you think it is," Teruel said. "Or they use device spoofing in trying to trick the rudimentary fraud systems in place."
Seeking the digital identity behind a person for various key global perspectives is a far better approach than using legacy-based systems with overriding rules, such as no cross-border transactions over a certain amount, he added. "The only way to protect the global reality of commerce is to have globally shared intelligence that travels in real time," Teruel said.