GIACT is a leading eCommerce fraud prevention company that specializes in using advanced identity and account verification technology to help companies positively identify and authenticate customers.
In the wake of the COVID-19 pandemic, we sat down with David Barnhardt, Chief Experience Officer, GIACT, to talk about how merchants can handle an sharp increase in the number of online orders they must screen for fraud. We discussed how to screen new account creations for fraudsters before they can even make a purchase, best practices for authenticating identities, strategies for scaling fraud operations, and more.
1. With more transactions moving online, what can merchants expect in terms of fraud?
Merchants can expect an increase in fraud activity.
As result of quarantine measures and social distancing, all made to keep people at home and non-essential storefronts closed, there’s been a massive uptick in online sales volumes. Not so coincidentally, this shift has been accompanied by an increase in fraud.
Fraud operators know that online volumes are surging; and that now is the time to take advantage by hiding in the crowd and take advantage of companies who aren’t used to heavy online traffic.
2. What are the strategies you are seeing fraudsters use right now to try and capitalize on the increasing numbers of people turning to online channels to make purchases?
Fraudster operators are using the same tactics as before to the outbreak but accelerating those tactics (including the use of fake identities to open new accounts or takeover an existing account) to meet the moment.
To make up for a lack of in-store sales, and seeing opportunities online, some merchants have been tempted to relax their fraud controls to streamline the online buying process. That is a mistake. And plays exactly into what fraud operators are looking to exploit.
3. How can merchants balance an increase in the number of account creations during social distancing, while still maintaining good fraud practices?
In order to streamline account openings, merchants need to take a real-time, fact-based approach. By verifying ever piece of the customer’s “digital DNA” (that is, the multiple digital fact-points that make up the string of real personally identifiable information of the true individual), merchants can better authenticate that the person is who they say they are.
Importantly, to reduce fraud, merchants also need to manage the entire customer lifecycle. Not just at account openings, but at payment, and on an ongoing basis, as change events occur.
4. Which parts of the customer lifecycle do you think are most susceptible to fraud right now?
Every stage of the customer lifecycle is under threat. Fraud operators will take whatever route gets them to their goal the fastest. This includes the creation of fictitious identities to bypass enrollment or the takeover of an account to change payment information. Every opportunity to take advantage of weaknesses in a merchant’s identity controls will likely be taken. Every touchpoint must be fortified by verification and authentication, if not the fraud operators will prevail.
What makes times of crisis unique, like with the crisis today, is that fraudsters know that the online system is overwhelmed. Fraud operators are trying to take advantage of that fact as quickly and with as much force as possible.
5. What are some of the biggest identity fraud challenges facing merchants?
Balance is going to be one of the biggest challenges facing merchants. Merchants (now, more than ever) want to prop up sales. Especially those trying to satisfy demand online to make up for whatever in-store losses they might be experiencing.
The balance between ensuring a streamlined customer experience and deploying the proper fraud controls should be carefully considered. Merchants don’t want to drive customers away, or turn down good customers, by applying onerous, time-consuming controls. Merchants should also be careful not relax controls which, after the dust settles, might end up hurting real consumers with fraudulent transactions.
6. In what ways have some merchants fallen short in the identity verification process?
Merchants can fall short if they don’t have the proper fraud controls. This includes merchants who don’t apply out-of-band authentication, for example, when an identity appears to be questionable. Or a merchant who doesn’t investigate a change of address, or other changes, that might be the result of an account takeover.
In addition, merchants that don’t apply fact-based data will also become at risk. Merchants that don’t use traditional data (name, address, DOB, etc.) and non-traditional data (e-mail, phone, social media, etc.) to verify the digital DNA of their customers will likely succumb to fraud losses.
7. How can merchants improve identity verification?
There are several best practices merchants should use to improve their identity verification process. Included:
- Improve merchant-to-customer communication. Improve your authentication process by applying a multi-faceted transaction verification process. (For example, use phone or text communication to verify the identity of the account owner.)
- Train your employees. Train employees at all levels to recognize suspicious and/or social engineering attempts.
- Validate identity on an ongoing basis — not just at enrollment. By managing the entire customer lifecycle, merchants will be better able to spot and stop fraudulent activity. In addition, by staying informed when a good customer has a change event, merchants can reduce the potential for a false decline.
- Use non-traditional data to validate identity. Many merchants solely rely on traditional data – like name, DOB and address – to validate identity. With so much leaked and stolen personal data, it’s easy for fraudsters to steal whole identities. Merchants should examine the full digital DNA of their customers, including, for example, when an email address or phone number was created, relevant social media profiles, etc. By managing the full digital DNA and understanding associated data elements with a date and time stamp, merchants can make it nearly impossible for a fraud operator to be successful.
8. How do you think fraud prevention teams can scale quickly to increase the amount of orders they can effectively review?
By using fact-based data, along with technology that streamlines the process, merchants can more quickly sift through and target specific pieces of information that doesn’t correlate and investigate those identities accordingly. If a merchant uses the appropriate solutions (which can provide and triangulate factual, up-to-date and relevant data), they will get less false declines, allowing their team to address truly at-risk purchases.
Merchants can also apply additional layers of control – such as an out-of-band authentication process to verify the email address or phone number– which will help reduce fraud volume.
9. If you could give one piece of fraud prevention advice to merchants right now, what would it be?
Manage the entire customer lifecycle. Leave no part of the process unverified or unauthenticated. And do so with the best, most up-to-date data available.