With a never-ending parade of bad news about data breaches, cybercrimes, ransomware schemes and a purported army of digital criminals ready to unleash their next nefarious plan, merchants could easily feel as though they were under constant assault.
However, without minimizing the cost and breadth of cybercrime, that perceived army of bad actors is more like finding the proverbial needle in a haystack.
As Sift Trust and Safety Architect Kevin Lee and Purity Cosmetics CEO Ric Kostick told PYMNTS in a recent conversation, the truth is that the overwhelming majority of people visiting a website are legitimate consumers looking to make real purchases.
“I’d say 99 plus percent of the people visiting [the] website are legitimate,” Kostik noted. “They are real people that want to get products and move on with their day who just want that convenience. There is however, let’s say sub 1 percent of the population that is trying to do something nefarious or bad, and sometimes the amount of damage that they can cause is far greater than that 1 percent.”
And while there is perhaps a perception that there is no harm in being a bit over-cautious, false denials have deleterious effects on businesses as real as the harm of letting the fraudsters through. The customers whose transaction is incorrectly denied at Starbucks means the coffee giant runs the risk of losing far more than the $5 for that day’s coffee purchases. Starbucks could be losing that customer’s trust because of that false denial and the lifetime value of the daily coffee purchases.
How Much Is Too Much?
Losing a customer’s trust is an expensive proposition for a firm, especially considering all the cost and effort that was made up front to acquire them, Kostick noted, adding that it is a scenario that is best avoided.
“Everybody wants to find that balance and the right balance will depend on the company. If you’re a financial institution, you might be a little bit more stringent. If you are a digital products company, you might be willing to accept a little more risk. We know that 99-plus percent of people are good and at the end of the day I don’t want to insult my good customers, but I still want to protect our business,” he said.
Right-Sizing Security To Need
No eCommerce player wants to alienate their customers by either misusing their data themselves or allowing some other outside contractor or entity to do so. Kostick admits it is a complex line to walk but said consumers have made it clear that they want personalized and customized experiences that require active data gathering and analytics.
For Purity, securing data and transactions behind with a default position to trust the customer has meant getting rid of pointless add-on security layers and friction points that more often catch good customers doing something routine rather than foil an actual fraudster.
Taken together, Kostick said his company looks to approve more transactions and build trust with consumers, although it does mean they will likely have to “eat more fraud along the way.”
According to Lee, the market for fighting fraud has become more complex than it’s ever been. He noted that the industry has gotten much better at identifying and stopping the “easy fraud” where fraudsters create nonsense email accounts or user names to enable fraudulent transactions.
Fortunately, Lee said, security tech has developed and made it easier to leverage consumer data to secure their account, all behind the scenes and without affecting the customer experience.
For example, when a repeat customer shows up at the same time every month to make a similar order on the same device at Purity Cosmetics, there would be no reason to add friction. However, if that same customer account were to suddenly show up using a different or outdated iPhone or entered a very different order, those are triggers to merit closer scrutiny.
“That’s when we can dynamically apply that friction. And with the SMS message and email confirmation, sometimes we may ask for a customer to call into customer support but we can [make that decision and apply it] dynamically in real time.”
“Inversely, if a customer is just doing what they normally do, let’s give them a fast track lane and make that order happen,” Lee noted.
Navigating A New Landscape
Fraud and cybercriminals are not going away, meaning the new world order for retailers of all sizes is one where merchants are a little more vigilant and aware. But being aware of this content means being aware of the consumer and not adding undue friction in the name of fighting fraudsters, lest they be left alienated by your attempts to protect them.
Because, Lee noted, the more positive takeaway from the last 14 months is the global explosion of eCommerce opportunities worldwide — that abundance of opportunity is what has drawn fraudsters to the segment in mass.
The fraud, he said, is manageable with all of the technological innovation in security that also has advanced five years over the course of 14 months. The advances underway will ultimately be worth the cost of having to rethink security in the digital age.
“There’s a convenience in that technology has opened up for civilization itself,” he said. “And I think companies that are embracing that will continue to succeed. It’s a great silver lining.”