By Amir Nooriala, CCO, Callsign
Over the last 300 years, the Bank of England has continued to build and improve the way customers and physical transactions are verified.
In the first 270 years of the Bank of England’s reign, the focus was only on physical banking. But following the launch of online banking, we’ve seen the landscape not only change but reshape at a great speed each year.
Paypal launched its UK service 18 years ago, then five years ago, Apple and Google Pay were introduced and online shopping completely transformed the industry to where we are today, resulting in a rate of change never seen before.
Alongside the acceleration of the digitisation of banking and payments, the COVID-19 pandemic came along which sped up this change even further, leading to a monumental rise of ecommerce. In the UK alone, ecommerce accounted for 31.3% of all retail sales in the first and second quarter of 2020, jumping from between 17.3% and 20.3% at the start of 2018.
While the online marketplace may feel robust with the array of online payment options now available to customers, it’s still young, and there a lot of maturing for it do.
In addition, since the beginning of the COVID-19 pandemic consumer expectations are at an all-time high. Consumers now expect faster delivery times, better returns, loyalty rewards and much more.
The shift to digital not only increases the pressure for organisations to deliver a good user experience but also puts merchants on the front line in the fight against the fast changing fraud landscape.
There is a correlation between the growth of connectivity, the growth in digital payments and ecommerce, with increases of security risk; more than half (51%) of UK consumers have received a scam message pretending to be a retailer, according to research from Callsign.
Scammers are posing as legitimate and trusted organisations in ever changing and increasingly sophisticated attacks. Earlier this year, Amazon warned about the huge number of scam messages and phones calls using the online retailer’s branding. The company also stated publicly that they will no longer be contacting customers via SMS in an aid to combat the rise of attacks. But what else can be done to combat this?
Assessing the potential costs
First and foremost, merchants and other online services are at risk of reputational damage and of losing customers if they suffer a cyber-attack.
High profile scams and hacks in the media have thrust the issue into the spotlight, as has the General Data Protection Regulation (GDPR). In the UK this requires companies by law to report any data breaches to the ICO within 72 hours upon discovery, with fines up to a maximum of £17.5 million or 4% of annual global turnover, whichever is greater.
In order to combat the growing threats, many merchants have introduced additional steps within the customer journey to make transactions more robust. For example, by implementing One Time Passcodes (OTPs) or physical biometrics to confirm individuals’ identities. However, these methods aren’t fail-safe. OTPs for example are also used by fraudsters who monopolize channels such as SMS and email to scam individuals. In addition, OTPs and other types of biometrics and authentication methods add friction to the customer journey, driving up cart abandonment rates or putting consumers off using services altogether.
As such a new approach to digital identification and fraud is required to find a perfect balance between experience and security for every organisation, or ideally, for each individual transaction.
How to fight back against online fraud
No matter the scale, sector, or size of turnover, any business has the potential to be a target for malicious actors.
But evolving customer expectations, and the need to improve service, means security measures can’t come at the cost of user experience.
We suggest introducing passive authentication journeys, starting at the point of login. Customers can then checkout seamlessly, which in turn reduces drop-offs, while still securing the sale. For many businesses currently, most drop-offs happen at checkout, and so any authentication at this point puts up barriers for the customer.
To do this effectively, layering behavioral biometrics with device, location and threat intelligence creates an experience for consumers that is quick, easy, secure and compliant.
Behavioral biometrics technology assesses millions of contextual data points, about a user’s behaviour, including the angle a user holds a device, keystroke patterns or how a user’s mouse moves with a desktop computer.
Layering this intelligence achieves multi-factor authentication and removes any single point of failure for the fraudster to compromise.
Data from behavioural biometrics can be obfuscated preserving privacy unlike many other forms of authentication. And because behavioural biometrics are passive, user is authenticated without adding extra friction to user journeys.
The gulf between those hand-written receipts more than 300 years ago to behavioral biometrics today is almost unimaginable.
But as consumers continue to shift to digital, data must be protected from the growing cyber threat. By introducing a friction-free path to safe transactions, merchants will encourage repeat purchases and long-term loyalty, giving them a competitive edge.