December 03, 2021
Fighting Fraud Without Friction
Exploring the impact of fraud innovation on conversion
By Kieran Mongey, Payments Optimization Consultant at ACI Worldwide.
Will the new 3DS2 live up to the hype of keeping transactions secure without sacrificing the UX? Kieran Mongey, Payments Optimization Consultant at ACI Worldwide explores the latest fraud trends and whether new security initiatives can ensure safety doesn’t compromise conversion.
As a result of the pandemic, customer buying journeys have changed, driving the rise of eCommerce. Consumers flocking online expect frictionless check-out and merchants want to remove traditional purchase workflows to make payment a near invisible process. However, payment evolution must keep fraud control and consumer authentication front of mind for payment managers, even if it is back of mind for consumers. A difficult but critical concept to balance.
This means merchants embracing payments innovation to keep pace with digital demands, must also deal with the challenges of an evolving fraud landscape. Failure to do so puts them at risk of incurring excessive chargebacks, losing customers and ultimately revenues. At the same time, adding too many authentications and checks creates barriers and friction and slows the user journey, which can dramatically increase cart abandonment and stifle conversion.
It’s a dilemma that represents a major issue for retailers already under pressure to boost profit, and whose drive for returns often exceeds their appetite for risk.
Customers and fraudsters are migrating online.
According to ACI's eCommerce Fraud Index global eCommerce sales increased 15% percent during the first half of 2021, compared to the same period in 2020 showing that consumers are still migrating more of their spend online.
New first-time online buyers have also emerged. New customer equates to new profiles that fraud tools must be able to approve. Whatever the demographic though, they all want their ecommerce experiences to be fast, frictionless and safe.
The report also shows that fraudsters have been adapting quickly to new customer buying and payment journeys because of the pandemic. They too are actively targeting new channels like mobile and BOPIS (buy online & pick up in store), which both saw a rise in fraud attempts in Q1 2021.
A melting pot of vulnerabilities.With consumers driven by convenience and choice, there are now more payment methods than ever including buy now pay later (BNPL), mobile in-app payments, eWallets (e.g., PayPal, Google Pay, Apple Pay, etc.). Add to this social shopping ‘buy now’ buttons and new hybrid services and you have a melting pot of new vulnerabilities for fraudsters to exploit.
There is also the growing threat of cybercriminal networks. These ‘connected’ fraudsters are fast to identify system vulnerabilities and can act quickly when they find a crack in a merchant’s fraud prevention solution. That is why it is important to focus on ‘exposure to risk’ or how quickly fraud tools and processes can detect and mitigate emerging trends in purchase behaviour, when developing your end-to-end fraud strategy.
ACI has also found increased incidents of BOT attacks and phishing scams with the rise of account takeover and synthetic fraud. Low-friction UX sectors, like gaming and digital downloads have been among sectors particularly impacted.
Authentication and impact on sales flow.
Here lies the challenge for merchants. They know they must work harder to ward off constantly evolving and increasingly aggressive cyberattacks but fear the impact on their sales funnel from excessively restrictive safeguards that turn off legitimate customers or result in high levels of false declines.
At the same time, there is concern that this will be compounded by the new PSD2 strong customer authentication (SCA) mandate. Merchants remain anxious that this will introduce new friction points for online and mobile shoppers. It is also proving complex for issuers and acquirers to implement, which has led the UK the Financial Conduct Authority to delay full implementation to March 2022.
Is 3DS2 enough to allay concerns?
To satisfy the needs for SCA but to minimise friction, EMVCo [MS1] has developed the new 3DS2 standard. This uses more data points around customer behaviour in the authorisation chain, reducing effort for the cardholder. It also means that, where risk is low and values are below 500 Euro, issuers and acquirers can request PSD2 exemptions which could help to reduce any negative impact on conversion. TRA (Transaction Risk Analysis) allows data points to be used to differentiate exemption strategies for each merchant, so careful consideration must be given to how best to adopt it.
However, initial feedback from some ACI merchant customers who have already implemented 3DS2 is that soft decline rates have been higher for some connectors. It’s clear that more work must be done to understand the new decline codes and possible payment flows (soft declines for example) as well as the overall customer experience impact. For example, did the customer authenticate or receive an issuer exemption? How does the authentication process impact the merchant fraud strategy? Technical support from providers such as ACI is essential in this process, helping to define the optimum fraud and risk strategy to ensure low fraud and high acceptance rates.
Merchants need to plug the gaps now.
Merchants cannot afford to wait. Basic compliance is no substitute for proactive anti-fraud management. To take advantage of ecommerce and mobile shopping growth now, they need to look at other innovative real-time screening and data security technologies to help them scale their payments, prevent abuse, and manage costs – without excessive friction.
Multi-layered approaches that involve deploying several tools and technologies can enable merchants to keep pace with the ever-changing face of fraud. It also lets them move strategies beyond static, rules-based legacy systems.
Innovation will keep them ahead.
As online fraud becomes more sophisticated, this too will not be enough. Fraud prevention solutions based solely on machine learning models and built around siloed data will prove less than ideal as they degrade quickly and fail to keep up with emerging threats and fraud patterns. To improve and maintain performance over time, models need to be cutting-edge, adaptive and innovative.
Incremental, self-learning technology is one approach that addresses this issue. It continuously monitors features and profiles in data and ‘thinks for itself’, automatically refreshing fraud models in quick time – ensuring they stay efficient (false positives) and effective (actual detection). These models can make predictions and dynamically adapt to new behaviour and fraud patterns seamlessly.
Ultimately, fraud and conversion rates do not have to work at cross-purposes.
It is important to remember that fraud management is not just about safeguarding reputations and blocking fraudsters, it’s also about helping merchants to positively identify customers, genuine sales and emerging trends and individual preferences. In a world of hyper-targeting and personalisation, this can also be used to help to build more positive engagement and experiences - not only optimising conversion but ensuring customers are more likely to return.
A robust and adaptive end-to-end fraud strategy can drive significant profits into merchants’ businesses, so it is critically important that they can quantify and substantiate the total cost of fraud on a continuous basis – and that is not just referring to chargebacks.