Technology
The mentality, technology and tools that hold back e-commerce
Presented by TeleSign
Ecommerce fraud is on the rise: here’s how to stop it. Follow this on-demand VB Spotlight for insight into the most common types of fraud. Participants will come up with a plan for a strategic and technological framework that protects against these threats without disrupting users.
While we all know that the pandemic sparked a digitalization boom in 2020, the e-commerce landscape has been evolving since then. U.S. e-commerce is expected to surpass $1.3 trillion by the end of this year. Along with that kind of growth and revenue comes a major increase in fraud, with companies losing an estimated $100 billion last year alone. Just a few years ago, account takeovers doubled and social engineering is getting a big boost from artificial intelligence.
Based on insights from Telesign’s recent whitepaper: “Reduce friction and combat fraud in e-commerce”, e-commerce experts Michael Lappin, head of solutions engineering at Telesign, and Bart Goethals, head of solutions engineering at TeleSign, spoke in depth about the current state of e-commerce and how we can tackle a growing fraud problem.
“On one in three platforms, even if it’s a billion-dollar company, I can still create a fake account,” Lappin said. “That’s shocking.”
Goethals adds: “Every company in the world is responsible for securing, protecting and encrypting their data. Every minute there is a breach happening in the world – my name, my address, all my information, where I have accounts – it’s there for the taking on the dark web.”
Important types of fraud to look out for
There are six prominent fraud risks today. Some are new-fangled and rely on artificial intelligence, some are old-fashioned, and all are causing chaos.
They include social engineering, which includes things like phishing and personal attempts to gain access. Fraud involving fake accounts is also on the rise because companies still don’t have many security measures in place to verify the identity of someone who registers. Account takeovers are still a major risk, as is promotional abuse.
Fraudsters can also very quickly identify any weaknesses or loopholes in a promotion or coupon, and there are also very few safeguards in place. Chargeback fraud is a never-ending problem, as is artificially inflated traffic, or AIT, its spiritual successor. And then there is mass pumping, which uses the communication flow. Fraudsters send a mass of one-time passcodes through an ecosystem to drive traffic, generating revenue streams for the end network, where fraudsters have set up revenue sharing schemes.
Artificial intelligence makes all these plans infinitely more sophisticated. There are fraud-as-a-service tools like fraudGPT that can launch phishing campaigns based on the fraudster’s clues. Private fraud conferences on communication channels also play a role, turning crowdsourcing ideas from thousands of people into reality.
Balancing security and customer friction
Security measures usually require additional steps, for example two-factor authentication or requiring an ID for an onboarding experience. The difficulty is balancing critical security controls with keeping the customer happy and consuming the products and services they want.
“It is always a trade-off between high friction and little or no friction, high safety versus low safety, high costs and low costs,” says Goethals. “By doing multiple combinations, and also multiple combinations across solution providers, you can quickly set up a solution in real time.”
For example, today machine learning solutions can identify the actual real-time risk of a new customer based on a few digital identifiers such as phone number, IP address and email. Depending on the result, you’ll have set a trust factor, which can result in blocking, confirming, etc. But multi-factor authentication, no matter how you set it up, is still critical, Goethals adds, especially because fraudsters are opportunistic. If you make it harder for them, they will quickly give up because it is a numbers game for them.
Investing in technology and the right perspective
It is critical to track every change in account login, from behavior to device or IP. It requires a risk assessment and a process to anticipate and respond immediately to these changes. For example, someone who normally has $200 transactions suddenly spends $5,000 – how does your ecommerce platform handle that?
“Your system needs to be configured in an automated way so that it understands: I should allow this or I should not allow this, for example to handle chargebacks,” Goethals said. “The always-on approach is virtually a zero-trust policy. Today, in 2024, you have no idea who’s coming to you unless you have a lot of well-configured protections in your flows. I think this is key for today’s businesses.”
Companies on a global scale view digital identity solutions, verification solutions, authentication solutions, behavioral solutions and biometrics as a nuisance cost to doing business, but that is the wrong perspective, he added.
“The way you have to look at these things is this is going to be an investment,” he said. “These aren’t really costs because if you have your security in the right place, at the right time and always, it’s not a cost. It is an investment and it ultimately gives you a nice and clean ecosystem, with high income and potentially good profits.”
If you want to learn more about the fraud landscape, techniques and solutions to stay safe no matter the size of your business, and more, don’t miss this VB Spotlight event.
Presenters
- Michael LapinHead of Solutions Engineering, Telesign
- Bart GoethalsLead Solutions Engineering, Telesign
