Fraudsters are flocking to online/in-store hybrids

Register now

Ensuring a flawless experience for customers is one of the biggest challenges for retailers who are trying to lower fraud at the same time.

Retailers are undergoing a dramatic transformation with a push from millennials who want frictionless shopping from anywhere. In fact, 73% of customers want order tracking across all touchpoints to start anywhere and finish their shopping anywhere according to a survey by BRP Consulting.

Part of the shopping anywhere experience is the buy online and pick up in the store option (BOPIS). About 40% of retailers that make more than $100 million in annual revenue see BOPIS as a strategic initiative but are having to deal with added fraud concerns, according to a report from Signifyd.
Once regarded as a safer option for consumers, BOPIS has now joined the ranks of targets that cybercriminals are learning to exploit. It comes down to correctly identifying the shopper. To ward off fraud, retailers need to catch this problem at the start of the chain when customers log in.

Traditional credentials are no longer valid and card-not-present transactions are gaining in popularity. Correctly identifying customers is critical at the start of the transaction. Identifying customers by their behavior using passive biometrics and behavioral analytics, along with a multilayered security solution, is the most efficient way to stop this type of fraud from occurring.

Identifying consumer behavior and interaction patterns helps e-commerce companies to protect their accounts without inconveniencing the real shopper. Customers are identified by how they interact in a session. Identifiers such as input speed, keystroke deviation and how a device is held all help to identify a human versus nonhuman interaction and also help to authenticate the human behind the machine.

As it builds a larger user profile, the system compares this to a database of login events to identify and authenticate user behavior. The challenge with BOPIS is in-store, where there is often a low level of verification used to ensure the pickup person is the correct person.

Many times, only an ID or a confirmation number is required to retrieve the item at the store. The card-not-present purchase event is also commonly set up through a guest purchase.

This enables the cybercriminal to enter the information of the malicious pick-up person so that the ID checked in the store is correct. These methods make it easier for bad actors to get past in-store checks. However, inconveniencing the customer has immediate detrimental effects.

The evidence shows that making it hard for consumers to identify themselves online, jump through login hoops and lengthy return procedures is a sure way to lower the bottom line. Retailers who offer a frictionless purchasing experience saw a 48% boost in revenue and a 45% increase in income compared to peers who offer a poor purchasing experience, according to a report from NTT Data.

As retailing evolves into a mix of online and on-premise shopping, technologies with a new approach to authentication must be employed to keep up with this dynamic environment and to help retailers remain competitive while providing a positive experience for their customers.

For reprint and licensing requests for this article, click here.
E-Commerce Retailers Payment fraud ISO and agent