Drapers investigates the latest developments in online fraud and how best to protect your digital business.
While recent developments in technology provide a number of opportunities for retailers, they also carry risks. Fraud is becoming more sophisticated as well, with criminals working out new ways to access sensitive data, and the meteoric rise of internet shopping has led to an increase in the volume of attacks.
The amount lost as a result of financial fraud across payment cards, remote banking and cheques totalled £755m in 2015, an increase of 26% on the year before, reports Financial Fraud Action UK, the industry body sponsored by the UK Cards Association to tackle this issue.
It attributes this largely to the growth of impersonation and deception scams, as well as online attacks such as malware and data breaches. On the rise are sophisticated phishing emails – when an email that appears to be from an individual or business a consumer knows is actually from hackers trying to obtain personal information – and the use of malware to infect devices with software that allows criminals to steal their data.
Drapers Digital Week: The Next Tech
- Fashion’s technology trailblazers
- Maximising and monetising social media – with Snapchat, Instagram, smartphones and apps
- Personalisation – perfecting customer service
- Wearable technology – pushing the boundaries
- How to protect your business from online fraud
On Thursday follow @drapers and keep an eye on drapersonline.com to keep abreast of all the news at it unfolds from Drapers Digital Forum, which brings together the most forward-thinking operators in the digital retail space.
And on Friday morning you can see all the winners and action from the Drapers Digital Awards 2016.
Other forms of fraud are becoming increasingly common. For example, more people are falsely claiming goods purchased online have not been delivered and, over the coming year, click-and-collect services are expected to become more of a target, payment systems company ACI Worldwide reports. The sharp growth in mobile commerce has also opened up another avenue for fraud, as it is harder to prevent fraud attempts on mobile devices than on desktop computers due to the movable nature of the IP address.
Data firm Experian reports that, on average, cyber attacks take around six months to detect and deal with. Having as many measures in place as possible to prevent against and respond to online fraud is of the utmost importance.
The expert view
“Clear visibility into fraud attacks is difficult given the relative anonymity of the web. However, if you make sure any transactions are underpinned by reliable device intelligence and real-time risk analysis, you will be better able to protect your business.
”Although it will mean higher operational costs, you should consider undertaking manual reviews of transactions at peak times. It’s also worth proactively contacting customers if fraud is suspected or if transactions look suspicious, or reflect any unusual payment patterns.
“Consider informally collaborating with other fashion retailers and brands whenever a new threat emerges. What goes around comes around: while it may be your turn this week, there’s no doubt fraudsters will switch attention to any perceived soft targets elsewhere next week.
“Most fraud prevention controls are focused on transaction systems, but account creation, profile management and loyalty programmes are also soft targets for attackers. Online defences can be shored up by ensuring that all points of account entry and management are equally protected from fraudulent access.
“Getting armed with a layered security strategy that includes device intelligence to block compromised card use, fraudulent enrolments, phishing attacks and attempted account takeovers is worth the investment.”
Case studies: How retailers protect themselves
“In our experience, fraudsters are reacting to the current demand for receiving goods quickly, such as click-and-collect services and even same-day services. At Schuh we have a second-level in-house fraud system [payment-provider-approved transactions are fraud checked a second time by a system built in house], where we make further security checks before we despatch orders placed on our express services. We find this reduces the risk and helps prevent further online fraud on Schuh.co.uk.”
“We used to have significant issues around fraud and attempted fraud online which, at first, cost us significantly, both in terms of resource allocation and in occasional chargebacks. However, since the introduction of 3D Secure and by also using a third-party fraud detection tool – SiftScience – we have now reduced successful fraud by over 90% and spend significantly less time on manual reviews. Nonetheless, the issue of fraud remains troublesome for us and the industry as a whole. Even though technology to combat fraud is improving, the number of attempts seems to be on the increase and there seems to be little support from the card issuers or other bodies, with the onus falls on the retailer to work constantly on staying ahead of the tricks employed by these criminals.”
“We learned the hard way. When we first launched our site in 2008, we were targeted and lost money due to fraudulent transactions. We soon implemented tougher checks, and our current ecommerce platform has all the relevant fraud protection built in through our payment gateway provider. We also sense-check transactions and will on occasion decline suspicious transactions. The only way to prevent risks is to ensure you are using a decent payment gateway provider and make sure that all the relevant data and security details match. We will never process a transaction if there is any unmatched data.”