Managing Fraud in E-Commerce: Is Your Online Business Bulletproof?

July 12, 2016

A few years ago, most people would have scoffed at the thought of ecommerce becoming a necessity for retail success. Now, we know that it’s very much required for many retailers to survive. According to Forrester’s Ecommerce Forecast looking at the next few years in retail, ecommerce accounted for over nine percent of total U.S. retail sales in 2015, which is roughly $334 billion. Industry analysts expect to see that number continue to grow, with expectations of a compounded annual growth rate hitting 10 percent over the next four years, translating to $480 billion in online sales by 2019.

This staggering growth of online sales brings huge opportunity for traditional retailers to meet customers’ demands in the changing marketplace and drive additional revenue, but it also presents a major issue that impacts every retailer’s bottom line: fraud.

As ecommerce continues to grow, so does the amount of retail fraud. According to the 2015 True Cost of Fraud Report from LexisNexis Risk Solutions, the monthly average of fraudulent transactions has increased 32 percent in 2015. For ecommerce retailers, the study shows there has been a 49 percent year-over-year increase in chargebacks as credit cards remain the most common method of payment for fraud. Retailers also see a great deal of discount fraud for those redeeming a discount they don’t actually qualify for. According to experts, merchants that deploy remote channels experience a disproportionate amount of fraud, which the numbers back up.

Because it is so much easier for people to commit fraud online, there are a host of new challenges for those responsible for protecting businesses from theft. Loss prevention professionals are now tasked with crawling the dark holes of the internet for potential talk of a data breach, and must be able to identify potential fraudsters in mountains of customer data. It’s truly an awesome task for these people to keep up and evolve with new changes retailers face everyday and employ strategies sufficient enough to protect their respective brands. However, as daunting as it seems, there are ways to protect today’s online businesses and thwart the guaranteed threat of fraud. Here’s what I recommend:

Take Advantage of the Available Data

As emphasis is put on creating ideal customer experiences, more and more companies are collecting consumer data to create customer profiles to better market to their customer base. They track transactions in order to provide personalized service and a better customer experience, and use predictive analytics based on past behavior to recommend products that customer may be interested in. And while marketers use this to encourage purchases, loss prevention professionals can use it to identify abnormalities and inconsistencies in shopping behavior.

As profiles are built, the loss prevention investigators who pay attention and analyze the data will be most successful in identifying potential trends that are not normal and may pose a threat.

Investigators can and should identify certain trends to watch out for and KPIs to target, and evolve their strategy to combat harmful behaviors. To do this, the team of decision makers and loss prevention pros should ask a few basic questions before a new promotion launches including:

● What could happen?

● What is probable?

● Do we have mechanisms in place to identify fraud?

● What metrics will help us determine what downsides came along with an increase in sales?

● How can we track all of the elements resulting from putting a promotion in place?

LP leaders should revisit the resulting data on a monthly basis following the launch of a campaign to see how they’re stacking up against the set KPIs. Putting these systems in place ahead of time often results in a decrease of loss, so it’s always beneficial to be prepared to identify and monitor abuse through the analysis of actionable data.

Try an Audit or Pilot Program

More often than not, organizations don’t know what their acceptable rate of fraud is until they give something a try. The forward-thinking CEOs or COOs who will look ahead and say, “I think the fraud rate is going to be 20 percent, so we’d better put something in place up front,” are few and far between, which leaves many organizations shocked at their revenue numbers at the end of the year.

Running an audit is one of the best ways for loss prevention pros to understand where issues are. A variety of verification organizations do just this to give businesses an idea of how much revenue they’re losing to fraud and where those vulnerabilities are coming from. Often times, it’s a huge wake up call for retailers who may not have known they were losing a large percentage of sales due to credit card or discount fraud.

Another solution is to run a pilot program to monitor how much fraud is occurring and where vulnerabilities may be in the business. By offering a small sample size an exclusive, time-boxed discount, retailers can oversee what behavior is happening where, and easily identify issues or areas of weakness.

Pilot programs and audits limit the risk to a business in case something goes wrong. It also provides a basis for a forecast and will help set expectations for any new solution providers or programs you put in place based on the audit or pilot results. Simply, you can test your way in.

Find New Opportunities to Learn

Criminals are getting more sophisticated and their strategies more complex as each day passes, which means loss prevention professionals have to continue to pivot their strategies and understand what’s happening in the industry so they can be ready to fight those threats.

In order to be effective, it’s vital these pros constantly grow, learn, and get better at what they do. Investigators need to take the initiative to keep up with industry news, attend conferences to educate themselves, and talk to colleagues in the loss prevention field. Getting to know and work collaboratively with partners in the IT department is essential since they’re constantly working with new technologies.

It’s also important to pay attention to what other organizations are doing right, and what they’re doing wrong. As many of us have seen, there have been some damaging breaches that have hurt large retailers badly, and it’s extremely important that all those responsible for loss prevention learn from these incidents and do their due diligence to ensure their organization isn’t vulnerable to the same type of threat.

Conclusion

While online retailing offers both customers and retailers new opportunities to meet the demand than ever before, the potential for fraud is a major concern than all retailers and organizations in general should be cognizant of. With a few tweaks, data analysis, and trails, as well as constant education, today’s loss prevention professionals can ensure that retailer’s bottom lines are minimally impacted by cyber crime, and that the customers of those retailers are protected from theft.

Richard Mellor retired as senior adviser of asset protection to the National Retail Federation in July of 2014. Prior to that role Mellor held the position of vice president of loss prevention for the NRF, from November 2011 through December 2013. In his retirement, he provides retail consultant expertise to SheerID, a service provider for omni-channel eligibility verification, specializing in fraud protection. Prior to joining the NRF, Mellor served as a retail loss prevention executive with a number of companies such as Helzberg Diamonds, The Bon Ton, Macy’s, Woodward & Lothrop, John Wanamaker and Strawbridge & Clothier. In 2005, he was awarded NRF’s Silver Plaque, in recognition of his visionary leadership and influence on the retail LP community. In 2015, Mellor was inducted into the Ring of Excellence for the loss prevention profession. The honor signifies a career achievement of outstanding leadership and distinguished accomplishments that have helped to shape the loss prevention industry.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Managing Fraud in E-Commerce: Is Your Online Business Bulletproof?

Related Articles

Report Abusive Comment