Your browser is no longer supported. For the best experience of this website, please upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

The Next Tech: How to protect your business from online fraud

 

 

Drapers investigates the latest developments in online fraud and how best to protect your digital business.

While recent developments in technology provide a number of opportunities for retailers, they also carry risks. Fraud is becoming more sophisticated as well, with criminals working out new ways to access sensitive data, and the meteoric rise of internet shopping has led to an increase in the volume of attacks.

The amount lost as a result of financial fraud across payment cards, remote banking and cheques totalled £755m in 2015, an increase of 26% on the year before, reports Financial Fraud Action UK, the industry body sponsored by the UK Cards Association to tackle this issue.

It attributes this largely to the growth of impersonation and deception scams, as well as online attacks such as malware and data breaches.  On the rise are sophisticated phishing emails – when an email that appears to be from an individual or business a consumer knows is actually from hackers trying to obtain personal information –  and the use of malware to infect devices with software that allows criminals to steal their data.

Drapers Digital Week: The Next Tech

On Thursday follow @drapers and keep an eye on drapersonline.com to keep abreast of all the news at it unfolds from Drapers Digital Forum, which brings together the most forward-thinking operators in the digital retail space.

And on Friday morning you can see all the winners and action from the Drapers Digital Awards 2016.

Other forms of fraud are becoming increasingly common. For example, more people are falsely claiming goods purchased online have not been delivered and, over the coming year, click-and-collect services are expected to become more of a target, payment systems company ACI Worldwide reports. The sharp growth in mobile commerce has also opened up another avenue for fraud, as it is harder to prevent fraud attempts on mobile devices than on desktop computers due to the movable nature of the IP address.

Data firm Experian reports that, on average, cyber attacks take around six months to detect and deal with. Having as many measures in place as possible to prevent against and respond to online fraud is of the utmost importance.

The expert view

 

Online fraud nick mothershaw

Experian’s UK ID and fraud director Nick Mothershaw

 

 

“Clear visibility into fraud attacks is difficult given the relative anonymity of the web. However, if you make sure any transactions are underpinned by reliable device intelligence and real-time risk analysis, you will be better able to protect your business.

”Although it will mean higher operational costs, you should consider undertaking manual reviews of transactions at peak times. It’s also worth proactively contacting customers if fraud is suspected or if transactions look suspicious, or reflect any unusual payment patterns.

“Consider informally collaborating with other fashion retailers and brands whenever a new threat emerges. What goes around comes around: while it may be your turn this week, there’s no doubt fraudsters will switch attention to any perceived soft targets elsewhere next week.

“Most fraud prevention controls are focused on transaction systems, but account creation, profile management and loyalty programmes are also soft targets for attackers. Online defences can be shored up by ensuring that all points of account entry and management are equally protected from fraudulent access.

“Getting armed with a layered security strategy that includes device intelligence to block compromised card use, fraudulent enrolments, phishing attacks and attempted account takeovers is worth the investment.”

Case studies: How retailers protect themselves

 

Online fraud karyne stevely

Karyn Stevely, customer services manager at Schuh, whose team handles fraud processes at the retailer:

 

“In our experience, fraudsters are reacting to the current demand for receiving goods quickly, such as click-and-collect services and even same-day services. At Schuh we have a second-level in-house fraud system [payment-provider-approved transactions are fraud checked a second time by a system built in house], where we make further security checks before we despatch orders placed on our express services. We find this reduces the risk and helps prevent further online fraud on Schuh.co.uk.”

 

 

Online fraud george graham

George Graham, chief executive officer and co-founder of Wolf & Badger, who last year acquired online marketplace Boticca:

 

“We used to have significant issues around fraud and attempted fraud online which, at first, cost us significantly, both in terms of resource allocation and in occasional chargebacks. However, since the introduction of 3D Secure and by also using a third-party fraud detection tool – SiftScience – we have now reduced successful fraud by over 90% and spend significantly less time on manual reviews. Nonetheless, the issue of fraud remains troublesome for us and the industry as a whole. Even though technology to combat fraud is improving, the number of attempts seems to be on the increase and there seems to be little support from the card issuers or other bodies, with the onus falls on the retailer to work constantly on staying ahead of the tricks employed by these criminals.”

 

 

Online fraud deryane tadd

Deryane Tadd, owner of womenswear indie The Dressing Room:

 

“We learned the hard way. When we first launched our site in 2008, we were targeted and lost money due to fraudulent transactions. We soon implemented tougher checks, and our current ecommerce platform has all the relevant fraud protection built in through our payment gateway provider. We also sense-check transactions and will on occasion decline suspicious transactions. The only way to prevent risks is to ensure you are using a decent payment gateway provider and make sure that all the relevant data and security details match. We will never process a transaction if there is any unmatched data.”

Readers' comments (2)

  • Fraudsters are targetting fast-delivery services a because they know the majority of businesses have very poor strategies in place to manage fraud in a hurry. Relying on the PSP fraud checks plus some manual checks will either be ineffective, expensive or in many cases both. Wolf + Badger's investment in Sift is the right approach. For a similar vendor in the UK I would recommend Ravelin (whom I work for) - who specialise in preventing fraud at fast-fulfilment businesses like taxi apps and food delivery. The strategies we take and technologies we use are similar to Amazon or Apple; and will allow retailers to take orders in fast-delivery channels with confidence.

    Unsuitable or offensive? Report this comment

  • We use a Shopify site that has its own in built security checks and we have never had a single sale that we have lost. Plus we blacklist some countries, such as Indonesia. Everything is flagged up and with a bit of common sense and experience, you should always be on the right side.

    Unsuitable or offensive? Report this comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.