The holiday shopping season is always a big gift to fraudsters. Meanwhile retailers rarely get what's on their lists— i.e. more revenue, fewer chargebacks, and stronger customer relationships.
Unfortunately, the holiday-season fraud problem is growing year over year. There was a huge spike in e-commerce fraud between 2015 and last year, reaching
Account takeover fraud, in which criminals hack into store customers' accounts to make their own purchases, was already on the rise before thieves gained access to Equifax data. Now, fraudsters have
To detect account takeover fraud, you will need to use multiple factors to verify the customer's identity each time they shop with you. Logins from new devices, larger than usual orders, dramatic location changes, and multiple attempts to log in are some of the indicators that the order needs manual verification. You can also configure your site to lock customer accounts after several failed login attempts and send an alert to their email or smartphone.
Fraudsters are always on the move and changing tactics, so static fraud-detection data that was accurate last holiday season may be nearly useless this year. For example,
Express or overnight shipping is another example of a factor that could indicate fraud—most fraudsters prefer to get items for resale fast, before their scam is discovered—or could indicate a valid customer who's counting on your business to get a gift to someone on time. Canceling the order based on automated shipping-method flags is going to create ill will with these shoppers. To avoid that, ensure that analysis of orders draws on real-time data and customer behavior, which might require some the human touch.
When an order raises red flags for fraud, it's best to have it manually reviewed. Having a person reach out to the customer on each flagged order can be a logistical and staffing challenge during holiday sales peaks, but meeting the challenge can pay off over the long term. That's because when someone from your business reaches out to the customer, it greatly reduces the likelihood of a false decline, because humans understand context and nuances that machines cannot.
That outreach protects your store's revenue and reputation going forward. It also increases the customer's trust in your store, because he or she knows you're watching out for them. That trust can boost the lifetime value of the customer to your business and help you gain word of mouth referrals. The only potential downside to adding human outreach to order analysis is the time involved. For businesses without the staff or training resources to devote to this, it may make more sense to contract out the customer outreach portion of order analysis.
One other element that could contribute to a spike in account takeover fraud this holiday season is phishing. Experts predicted a phishing frenzy after the Equifax breach. Indeed, Equifax itself got ensnared in a
Armed with this trove of new data, thieves are already posing as major banks to try to trick consumers into sharing missing pieces of data needed to steal their payment information and identities. Criminals could easily take the same approach by spoofing retailers to steal more data from their customer accountholders. Now is a good time to create a campaign to remind your customers that your company will never ask for their passwords via email, phone, or text.
By reviewing all of these security elements now, before the holiday shopping season kicks into high gear, you can protect your revenue, reduce your chargeback costs, and keep your real customers happy, all things that are at the top of online retailers' holiday wish lists.
