From giving gifts to giving back, a lot of money changes hands online during the holiday season. In 2016, Cyber Monday saw a 12.1 percent jump over 20151, with $3.45 billion in sales. And $168 million was raised online on Giving Tuesday, a 44 percent increase from 20152.
This increase in online spending puts your company at risk not only for financial fraud, but also breaches in customer data. Security technology provider ThreatMetrix predicts there could be as many as 50 million cyberattacks on e-commerce companies during a peak holiday shopping week this year.
The Cost of Cybercrime
As e-commerce evolves, new vulnerabilities are revealed to clever fraudsters ready to step in and take advantage. Fraud can take a significant financial toll on e-tailers — both because of the revenue lost by chargebacks and the loss of consumer confidence in their sites, which results in fewer return customers. Home Depot estimated the cost of its massive 2014 data breach at $62 million.3
The hits to sales and stock prices are often temporary — Target saw sales plummet 46 percent and its stock dip 10 percent in 2013 following news of 100 million customer records being stolen, but both numbers recovered quickly.4 However, smaller companies might find it harder to ride out storms of this magnitude. A 2012 study by the National Cyber Security Alliance found that 60 percent of small businesses go out of business within six months of a data breach.
The loss of customer confidence can be harder to quantify financially, but a 2016 survey by brand protection firm MarkMonitor found that 71 percent of consumers said they believed these events damaged an organization’s reputation.
So what should you do to safeguard your business and your reputation? Where there’s a need, innovation always follows.
Much of fraud prevention focuses on identifying suspicious online behaviors and rejecting purchases based on a set of rules. But cybercriminals continually attempt to outwit these methods by changing their behavior to avoid detection. Many newer anti-fraud products use “machine learning.” Rather than using a static set of criteria, these products automatically analyze myriad data, including recent chargebacks, to detect fraudulent activity.
Payment technology provider up-and-comer Stripe recently unveiled Radar, a suite of tools that evaluates every transaction for fraud and uses machine learning and algorithms to collect and analyze data from transactions made by hundreds of thousands of Stripe users.
Another fraud-prevention company, Forter, provides software that analyzes thousands of data points and users’ behavior while on an e-commerce site, using a combination of machine learning and human intelligence. And ThreatMetrix and Riskified also offer real-time, behavioral analytics-based fraud detection and prevention.
Reducing the Damage Done by False Declines
One of the main benefits of machine learning in fraud detection is preventing rejection of legitimate purchases — an extremely negative customer experience that e-commerce sites want to avoid. Riskified promises to approve 66 percent of orders that retailers would otherwise decline and is so confident in its methods that it guarantees every order it approves. The instantaneous decision making of machine-learning technology can also make fraud prevention an invisible and frictionless part of the buying process for consumers. (Older methods often involved a hold on purchases with a phone or email follow-up with the consumer, which risked making e-commerce inefficient for the consumer and burdensome for e-tailers.)
As more consumers buy online and pick up in-store, fraudsters’ attempts to buy online using someone else’s information increase. ACI Worldwide reports that fraudulent attempts to buy online and pick up in-store rose 47 percent in the 2015 holiday shopping season over the previous year. Why? In part, it’s because these orders don’t require a shipping address. And retailers may be reluctant to implement a cumbersome verification process, especially during the holiday rush.
Fortunately, machine learning can flag suspicious omnichannel transactions through multiple data points, such as larger-than-normal orders, multiple orders of the same product and billing address proximity to the pickup location.
The growth of mobile sales presents a huge opportunity for e-tailers and cybercriminals alike. According to Forrester Research analysts, mobile offers fraudsters more options than any other channel. “They can register stolen cards to mobile wallets, take over victims’ accounts via mobile banking apps, use retailers’ mobile apps to make fraudulent payments, disable SIM cards in the victim’s phone, and divert one-time passwords in text messages to their own phones,” Forrester says.
However, some features inherent to mobile devices can actually help detect fraud. For instance, GPS information can give clues about the user’s location. And jailbreak and root detection technologies can help alert e-tailers when a phone’s security has been compromised.
Even though machine learning and behavioral analytics can help prevent mobile e-commerce fraud, experts note that because mobile behavior is significantly different from other online behavior, a whole different set of data points and interpretation is required. And as e-commerce grows, it’s safe to say machine learning will, too, along with a variety of ever-more-sophisticated data-analysis techniques.
Did you know?
- $1 billion
Mobile sales on Cyber Monday 5
Percentage of U.S. consumers who plan to pick up online purchases in stores this year, up from 36% in 2015 6
Increase in e-commerce fraud attack rate from 2015 to 2016 7
Percentage of small businesses who will go out of business within six months of a data breach
Percentage of consumers who believe a data breach damages an organization’s reputation