Fraud Prevention, Essential to Online Retailers
Fraud is costing businesses a lot of money. On average, four out of ten attacks on online transactions in Mexico are successful, revealed a LexisNexis Risk Solutions study. With the rise of e-commerce, one of the biggest challenges businesses face is fraud prevention, agreed panelists at Mexico Cybersecurity Summit 2021 on Thursday, June 17. “Our data and information are increasingly being recorded on more and more websites. Both individuals and companies are increasingly vulnerable,” said Guillermo Llantada, IT and Quality Director of TIP Mexico and moderator of the panel.
Before the pandemic, many businesses did not have plans to launch e-commerce platforms. Today, most companies are on that path, explained Hiram Alejandro Camarillo, Co-Founder and Director of Information Security and Privacy of Seekurity. The quickly growing number of online sales is putting businesses and individuals at risk. "Over the last year, we have seen an increase in the number of underground forums where credit cards are sold for US$5. These cards are used to make fraudulent purchases and end up damaging a person's business.” Given this context, there is an urgent need for companies to take fraud prevention seriously.
Fraud prevention is important on two main fronts: financial and user experience, according to José Andrés Chávez, CEO of Bayonet, a Mexican fraud prevention platform. “Due to the pandemic, online sales tripled but fraudulent digital payment attempts quadrupled. If you have fraud it will eventually hit your financial statements and it is not the bank that loses when there is a fraud claim, it is the merchant who loses,” he said.
Understanding consumption patterns is key to fraud prevention models, said José Antonio Flores Gutiérrez, Payment and Fraud Prevention Coordinator of Grupo Modelo - Beerhouse. He explains that understanding consumers was key to mitigating the rise in fraud attempts during the past year, otherwise “it can snowball because once cybercriminals detect a security breach, they won't stop until they run out of fake cards they can find on the underground market.”
Understanding Consumption Patterns
AI and machine learning are at the heart of understanding consumer patterns as these technologies do the work that “not even an army of people” could do, said Seekurity's Camarillo. “With the number of transactions an online retailer receives today, it is impossible to hire a person to analyze every single transaction.” On the other hand, an AI tool can analyze more than 20 different parameters to determine whether each single transaction is fraudulent or not in a matter of seconds, he added.
Biometric data also adds value to AI and machine learning tools, as it provides valuable insights into the creation and detection of consumption patterns, explained Grupo Modelo's José Antonio Carrillo. However, companies should also take into account the flaws that technologies have and complement them with tools that detect patterns of behavior on the computer. “These tools observe how you use the device, whether you are left or right-handed and how fast you normally type to detect and eliminate bots that are very common in payment methods,” said Carrillo.
The more data collected to analyze a shopper's patterns, the better the results of fraud prevention strategies, agreed Bayonet's Chávez. He added that biometrics add a lot of value to the algorithm, however, he also expressed concern about the collection of this data. "While you can have a lot of certainty if you get a biometric, the user experience can be greatly hindered," he said. "If a user is shopping online and they see that they are asked for more data than other shops, they are going to stop seeing the benefit of shopping online.”
A Flexible, Dynamic Approach
One of the main concerns of online shops when it comes to fraud prevention is to avoid affecting the user's experience. In this case, data analytics and machine learning tools are of great help as they can authenticate users or block attacks if there is something suspicious, said Chávez. “If it is a user who has a good pattern, who has always bought and is making the purchase from the same area as usual, then there is no need to ask for a biometric.” According to Chávez, only 5 percent of users in an average month are malicious, while 95 percent are legitimate. “Why put in place such high friction security systems when only a small percentage are trying to defraud you?”.
Distinguishing between a shady user and a good one is all about knowing how to recognize patterns that differ from the ordinary, explained Chávez. “If the behavior falls within the normal parameters of your business, there is no need to ask the user for more data.” On the other hand, if a user who has behaved normally to this point starts to show strange patterns, such as a transaction three times the average, it is ideal to ask for authentication data, he added.