It’s a war out there for eCommerce marketplaces right now, as they face a swirl of fraud attempts and bot attacks looking to steal customer data or score free merchandise. In this month’s “Alternative Payments Tracker,” Mark Spencer, senior vice president of commercial operations for fast fashion retailer Jane, tells PYMNTS how they’re fighting back, without saddling customers with friction.
eCommerce marketplaces are at the forefront of fraud prevention. These marketplaces must be able to protect the treasure trove of data they host, data that bad actors work tirelessly to get their hands on. Credit card information, usernames, passwords and the merchandise itself are all targets. Fraudsters are pulling out all the stops to exploit them for their own gains.
Robust digital identity tools are the lynchpin to ensuring that this data is kept safe and secure. One company working to keep its customers’ data safe is fast-fashion retailer Jane, which deploys a multifactor authentication (MFA)-based approach in its cybersecurity stack.
“My biggest hope is that we can establish, as an eCommerce industry, a more seamless, secure and less invasive interaction with the consumer,” said Mark Spencer, senior vice president of commercial operations for Jane. “[It’s all about] informing [customers] and really ensuring that [their] online safety is top of mind in the very beginning.”
Spencer provided PYMNTS an inside look at the most common threats eCommerce marketplaces face daily and how Jane leverages digital identity protocols for cybersecurity.
Fraud Threats
eCommerce storefronts face a massive array of fraud threats, but one of the most concerning is the use of botnets. Hackers deploy countless automated programs to flood checkout pages and onboarding forms to overwhelm automated defenses and score customer data or free merchandise.
“The bots try to stage [account takeovers] so they can change the delivery addresses,” said Spencer. “It’s primarily aimed at the luxury products that we carry, as well as the electronics.”
Fighting these automated systems can be extraordinarily difficult, though, as fraudsters are innovating and refining their techniques just as quickly as cybersecurity staff can develop defenses. Every new defense means a new workaround, resulting in cybercriminals and cybersecurity experts locked in an endless arms race.
“It’s a cat-and-mouse game,” Spencer said. “As quick as we find systems to stop fraudulent activity or make life easier for customers, there are bad actors that are out there looking to circumvent it. There’s a lot of time, money and effort [being] spent on keeping consumer data and consumer information private.”
Some of the most effective methods involve digital identity verification techniques. Jane deploys several different methods to keep customers safe.
Protecting Against Fraud via Customer Verification
The most effective digital identity tool against fraud, Spencer explained, is MFA, which requires customers to enter a code sent via text message along with their password. This method dramatically limits the damage a bad actor can do by purchasing credentials from a data breach, as they would have to find a way to intercept the text message as well. Jane also cross-references credit card verification values (CVV) to ensure the card is in possession of the customer and is not a stolen card number.
“We have [two-factor authentication], and when we feel that something is not right, we ask for the CVV to be reinforced again at checkout,” said Spencer. “There are also factors that alert one of our systems to ask for the consumer to enter in something additional. For example, as soon as we see a delivery address change, we will be asking them for a revalidation of their credit card details.”
There is a constant tension between customer security and streamlined experiences, however, with verification requirements adding to customer inconvenience. Spencer said he hopes that the next step in digital identity innovation could ease this conflict.
“[eCommerce is looking for] a more streamlined verification process that doesn’t detract from the actual process of checking out,” he said. “We’re all really wanting to find ways [to have] less clicks on the path to checkout. I think the more that organizations can come together on a central database of verified data for the payment processes, the closer to utopia we could be — where we could make one determination via a central [application programming interface (API)], and that’s it.”
Closer cooperation between businesses will be necessary to make this dream a reality. Until then, organizations will have to use the best tools available to protect against fraud, and digital identity protocols are a key facet of this defense.