Season’s Thievings: How to Protect Your Customers and Your Retail Business Against Fraud

October 27, 2020
Written by
Meg Buchanan
Opinions expressed by Twilio contributors are their own

How to Protect Your Customers and Your Retail Business Against Fraud

70 percent.

That’s the amount of people who plan to shop online for the holidays this year according to a recent survey from secure payment solution, PCI Pal.

That’s also the amount of respondents in the same survey that reported they would stop shopping with a brand for a few months or even permanently if it suffered a data breach ahead of the holidays.

And as brands, large and small, navigate the influx of online shoppers this holiday season, not considering the online security associated with that influx would be remiss.

Below are the three different types of online fraud that plague businesses—and solutions to help ensure your customers have a secure, seamless, and safe online shopping experience this holiday season.

The rise of online fraud

Historically, retailers see the most income for their businesses over the Black Friday/Cyber Monday weekend. But this trend, even outside of COVID-19, has been fading for years. What’s been on the rise in its place? As more and more consumers switch to online shopping as opposed to a single weekend of in-person door-buster deals, the shopping sprint from October through December is now when businesses see the most online fraud.

Typically, this fraud falls in one of three different categories, which usually take place alongside the user experience journey:

  1. Sign up/new account fraud: Businesses that offer new user/sign up incentives (oftentimes with a freemium structure) are susceptible to phishing bots that create thousands of these accounts to take advantage of new member discounts/perks.
  2. Account takeover fraud: Fraudsters gain access to a user’s credentials to login to a user account, and then change the password to lock out the original user.
  3. Payment fraud: Occurring at the time of payment, hackers who’ve obtained credit card information illegally from gas station terminals to grocery store checkouts to routine data breaches, use customers' information to try and make purchases. While customers are often covered for this, businesses are not guaranteed the same security.
See how Stripe protects its millions of customers with Verify

As the online holiday shopping season begins, ensuring your business is prepared to take on each of the above kinds of online fraud is integral to keeping your business and customer data safe. Here’s how.

Verifying new users

Bringing new potential leads into your marketing funnel using an enticing holiday deal or a seasonal freemium membership is a great way to get new business, but only if you can prove that those new leads are actually real people.

Prevent fraudulent signups year-round using two-factor authentications (2FA). If you’re just starting with verification, consider adding an extra layer of security by requiring a phone number along with an email address and vice versa. One-time passcodes sent via SMS, voice, or email, are popular for this very reason because phone numbers and email addresses are so ubiquitous worldwide.

Another popular way to verify users includes implementing an authenticator app (such as Authy) which uses accepted security standards to generate a one-time passcode or a push notification on the device itself.

In deciding which type of verification to use, consider your user, their location, and how much time/effort will be required for them to make a purchase and/or sign into your platform. While you want your platform to be secure to avoid abuse around fake sign-ups, you need to make the process seamless enough to keep your real customers coming back.

Balance low-friction logins

Despite the security and safety benefits, only 57 percent of businesses globally use 2FA. Though several factors come into play as to why this number is surprisingly low (price, digital adoption, language barriers), for retailers specifically, the fear of impacting user experience with the friction of adding 2FA also leaves open the possibility of account takeover fraud.

In order to create a frictionless experience for their customers (I.e. steps a user must take in order to make a transaction), many retailers offer the ability to remember a customer’s login information.

However, in order to protect your business as well as your customer, it’s still a good precaution to avoid fraudulent transactions by requiring authorization (one-time passcode to a registered phone number, in-app authorization, etc.) for any transaction they make on your site to balance these low-friction logins.

In today’s digital world (and in this year’s shopping season especially), it’s about balancing a seamless customer experience while still safeguarding your business against security risks. Using authentication to protect against unauthorized transactions on your customer’s accounts is a small additional measure to ensure long-term brand loyalty.

Authenticate your transactions

Payment fraud is one of the most common types of fraud during the holiday season. (Which makes sense, considering the increase in spending during this time of year!) And while consumers are generally covered when their financial information is used for a purchase they didn’t make, merchants aren’t usually afforded these same benefits.

Implementing two-factor authentication when making a purchase is imperative to your retail security. Add this authentication using the same consideration and types of options as above, with one stipulation. When it comes to SMS verification, consider taking a note from Europe’s recent security regulations aimed at protecting online transactions.

An SMS code alone isn’t enough to authenticate a transaction in Europe because of the concern that it can be intercepted and/or leaked. In response to this greater concern for online security, the EU has developed specific verification requirements for any payment over 30 euros. A merchant must share specifics of a transaction over text to confirm that the security code being sent is, in fact, related to the purchase being made by the authenticated user.

This method protects both the customer and the company but specifically the company because it uses the specifics of the push notifications to insure the payment is legitimate. While this isn’t a requirement in the United States, it’s a good security measure to protect yourself against payment fraud.

You can also use a trusted payment provider, such as Stripe, which processes payments for online businesses, to help authenticate transactions for your business. In picking a provider such as Stripe, just make sure whatever platform you choose is compliant with strong customer authentication.

Even if a small percentage of the tens of thousands of credit cards hackers can enter get through, it still results in hundreds of billions of dollars annually that companies are experiencing in payments loss. Safeguarding your business against payment fraud isn’t just a sound holiday shopping decision, but provides you with year-round security against financial theft.

Have yourself a hackerless holiday

Online fraud may be on the rise, but retailers are getting increasingly smarter about ensuring that their business and their customer’s data is safe and compliant. Taking the necessary steps to ensure your online security this holiday season is the gift that will keep giving year round.