The chain of command in eCommerce is made up of links. And those links go something like this:
A consumer registers with a merchant, places an order and chooses payment; processing goes on in the background and the customer eventually gets what they order.
Simple enough in concept — but along the way, Arthi Rajan Makhija, SVP, Head of Global Fraud Risk at PayPal, told Karen Webster, there are numerous avenues for fraudsters to attack. And they generally attack the weakest link in the chain. That weak link, according to Makhija, can be found at the consumer level.
“Whether you are a merchant or a payment processor, you will always have an incredible diversity of consumer base,” she told Webster, warning that every customer interaction is an opportunity for a bad actor to compromise a session or an account and attempt to impersonate a good user.
A Learning Opportunity
“But it’s also an opportunity for us to learn how good customers behave,” she said.
As eCommerce continues to evolve, those customers may be struggling with passwords and keeping devices secure. And no matter what controls and safeguards financial institutions (FIs), merchants and processors put in place, the fraud attack patterns will vary, evolve and shift to take advantage of the path of least resistance.
We’re a long way away from the days when passwords will finally fade away — though there’s been some progress made by Apple and by various “passwordless checkout” initiatives that are out there. But, as Makhija noted, passwords are still the most commonly compromised data sets in the world, paving the way for fraudsters to concoct synthetic IDs.
Add into the mix that there’s at least a level of abuse by customers themselves (through first-party fraud), and the challenge for merchants and FIs is daunting indeed.
No surprise, then, that battling eCommerce fraud is a constant cat-and-mouse game that enterprises must conduct 24/7/365.
“The only way to keep your customer secure and get a handle on fraud, is to be better than – and a step ahead – of the fraudsters,” Makhija said. There is one certainty in the mix: the fraudsters are getting smarter and more sophisticated by the minute.
To put some numbers on it: PYMNTS has reported that digital fraud incidents are rising, as 37% of companies experienced automated clearing house debit fraud and 32% reported tampering with wire transfer payments. Those stats are eye-poppingly high because the fraudsters have the same technological tools in hand as the “good” guys.
The battle against fraud will be eternal, she said, but can be won with data.
“Data is an incredible asset,” she acknowledged, “and is powerful for protecting customers and businesses. But with great power comes great responsibility.”
The more data on hand with a merchant, the more the onus is on the FI and the payments processor to secure that data. Without the proper controls in place, the enterprise winds up becoming the weakest link in the eCommerce chain — and in the event of a breach, the brand may never recover.
Used wisely and proactively, that same data — which ascertains someone’s identity and location — can streamline the actual transaction itself and give rise to an enjoyable customer experience that keeps them coming back to buy more often.
As Makhija explained, eCommerce is generally rife with friction. Customers are loathe to go through dozens of steps filling out data fields every time they venture to a merchant’s site. “People want to shop, get their business done, and move on,” said Makhija.
To enable that seamless experience, she said, merchants and FIs need to understand customer behavior at a granular level. They need to have insight into the types of devices the consumer has in hand, where they are geographically and even take note of how the individual is entering data across those devices.
Biometrics, leveraging disparate data streams and machine learning (which analyze information in milliseconds) can help foster that level of insight, said Makhija, identifying patterns as those patterns continue to evolve.
Data, she said, can help enterprises separate the “good” user stories and profiles from the “bad” ones, allowing merchants to tailor their end-user journeys.
Providers like PayPal can aid those merchants in letting the transactions go through or inject more friction into the mix with the aid of continuous feedback loops that help render decisions nearly instantaneously. PayPal, she added, has a wealth of knowledge on hundreds of millions of users gleaned across P2P transactions, digital wallets, cards and an ecosystem that extends globally.
What emerges is a form of “story-based analytics,” said Makhija — “where the models evolve and help us learn along the way.” Binding a trusted identity with a device means that authentication can be repeated — and passwords become ever-more obsolete.
Story-based analytics, said Makhija, also improve the return on investment for every dollar spent battling fraud. And in the meantime, the “brand association” that a consumer has with the merchant improves with respect to security and the overall experience. One other benefit: The monetization path of the fraudster is effectively shut down.
“If we can fundamentally challenge those economics and disincentivize that behavior, and bad activity to begin with, this is the eventual path to being secure from an eCommerce perspective,” she told Webster.
“Eventually, everything comes back to data and how you stitch it all together.”
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.