Skip to main content

Smarter data: the sharpest weapon to fight eCommerce fraud

(Image credit: Image Credit: Gustavo Frazao / Shutterstock)

E-commerce offers an experience that transcends the barriers of time and distance, allowing consumers to browse and purchase items via a few swipes and the click of a button. It’s no surprise then, that the last couple of years has seen a steady stream of news stories highlighting the shift away from bricks-and-mortar stores to buying and exchanging goods and services online.

Last year, retail e-commerce sales worldwide amounted to $2.3 trillion. Additionally, e-retail revenues are projected to grow to $4.88 trillion in 2021, as many established retailers continue to migrate online. But as e-commerce grows, e-commerce fraud is growing even faster. It is estimated that card-not-present (CNP) fraud - which is when a transaction happens online and no physical payment card is presented to a merchant - will cost retailers $71 billion globally from 2017-2021 (opens in new tab).

With the rapid rise in CNP fraud, how can businesses detect fraud before a transaction gets processed? Every eCommerce transaction involves data, whether that be a name, a delivery address, an email address, a mobile number or a credit card number. Through the use of smarter data, companies can curb the chances of falling victim to online fraudsters.

Data fuels online transactions by helping to define, prove and verify identities, ensuring that the right person receives the goods and/or services requested. But data can be even smarter, or at least used in smarter ways to verify identities and detect suspicious activity before crime can be committed. Each person’s identity includes a map of data sets and points, which creates a profile that is unique to them. When data points are used meaningfully and effectively, they can help build barriers that prevent criminals from creating online accounts and engaging in nefarious activities.

Consequently, this saves business’s time, money, and resources, whilst simultaneously authorising legitimate customers, allowing them to access their accounts with ease. Smarter data is highly effective at weeding out bad actors (opens in new tab), especially when verifying identities at account creation. There are a number of ways that smarter data can help verify new customers with limited friction or effort on the customer’s part, whilst creating impenetrable barricades for fraudsters.

An email address is often our primary channel of communication and our first record of identity online, tracing our internet activity and contributing to our digital footprint. Since an email address is so commonplace and a unique identifier, it is an excellent data point for identification checks. An email, name, and mobile number checked against various sources, such as email databases and credit bureaus, gives companies increased confidence that the email belongs to the person they claim to be.

For companies looking to add an additional level of protection, a two-factor authentication process – commonly known as 2FA or two-step - can achieve this at account creation or when the user makes a transaction. It sends a code to the email address associated with the account, and once the code is entered, both the email address and the account are secured. If no code is entered, or a legitimate customer receives a code that was not requested, a potential case of fraud will be flagged. 

Having a risk-based approach helps determine at what point is it necessary to add another layer of security.

Reducing risk of fraud

But customers are no longer just shopping from their desktop or laptop screens – mobile responsive sites and apps are increasingly becoming a customer’s first port of call when it comes to shopping online. The data speaks for itself, with 65 per cent of Black Friday and Cyber Monday sales occurring on mobile devices last year and analysts estimating that up to 40 per cent of all ecommerce revenue will be derived from mobile transactions over the next 12 months (opens in new tab). The proliferation of mobile devices for eCommerce and financial transactions has made mobile verification for fraud prevention absolutely essential.

Examples of identity verification and authentication through mobile devices include two-factor authentication or through a process that matches mobile identity (opens in new tab) attributes, which utilise mobile network operator (MNO) information to confirm identities. Mobile data can be used to verify the user’s identity by cross-referencing MNO data for identity, matching, proximity location, device information and call forwarding statuses.

In the physical world, an identity card such as a passport, driver’s license, or other appropriate government-issued document is considered best practice when it comes to verifying identity. In the digital world, the same documents can now be used to authenticate online customers, without the need for manual verification. For instance, a customer can take a photo of their chosen identity document, along with a “selfie”, and then upload these image files on their mobile device when opening an online account. Identity document verification technology has the ability to scan and compare the data – including biometric points in the facial photo - to validate the document and verify the customer’s identity (opens in new tab). As a result of this, the risk of fraud is significantly reduced.

As the eCommerce market continues to expand, so too will the risk and cost of fraud. And unfortunately, bad actors will always be on the lookout for eCommerce sites that do not employ vigorous practices when identifying risks and verifying customers. Companies don’t have to put up with being vulnerable to fraud - they can strengthen their defences by using smarter data in order to ensure faster and easier identity verification. The most effective electronic identity verification solutions use a wealth of data to connect the dots from reliable sources across the world in real-time. This helps create the desired result of a seamless customer experience that mitigates the risk of fraud as well as adhering to compliance requirements, such as Anti-Money Laundering (AML) (opens in new tab) and Know Your Customer (KYC) (opens in new tab) rules.

Stephen Ufford, CEO, Trulioo (opens in new tab)
Image Credit: Gustavo Frazao / Shutterstock

A serial tech entrepreneur in the identity space, Stephen Ufford is well versed on the challenges and opportunities associated with identity verification, data privacy, fraud prevention and the ever-changing regulatory obligations that impact emerging start-ups and global enterprises alike.