For anyone who has experienced fraud — be they retailer, restaurant or consumer — it’s a nightmare situation of filled with stress, lost time and money, as well as shattered trust.
And with the acceleration of eCommerce over the past 18 months, criminals have increasingly focused online. According to PYMNTS research, the average eCommerce storefront faced 344 fraud attacks in 2020, up 24% over 2019.
Any business that operates on the internet is going to be under “continuous scrutiny from good guys and bad guys,” said Checkout.com Chief Information Security Officer and Cloud Architect Adrian Asher. Because of this, he told PYMNTS that it’s vital for merchants to work with a service provider that’s able to give them data that enables valid payment flows while rejecting invalid ones.
“I think a challenge for merchants is choosing the right partner,” Asher said.
Some other key considerations for merchants are how they both authenticate their customers and how the merchant authenticates with their partner. Some partners don’t offer modern open authorization (oAuth) protocols and favor more legacy techniques. Using the most up-to-date protocols is critical to ensure the merchant has the best authentication and authorization available.
“There are different ways a merchant can integrate with their payments service providers, and depending on which way they choose, they will have different security challenges,” Asher told PYMNTS.
Asher said he’s had friends and family approach him more often about security concerns than in years past. As cybercriminals continue to evolve their methods to incorporate artificial intelligence (AI), machine learning (ML) and “huge amounts of big data,” he noted that “it gives attackers opportunities for finding new ways to attack, but it gives us, the good guys, the ability to defend in more innovative ways.”
Using AI and ML, Asher said Checkout and other providers can detect fraud better, decrease chargebacks and provide better integration with the European Union’s Payment Services Directive 2 (PSD2).
“These protocols are actually enabling us to get more information about transactions to be able to then make more decisions as to the validity of them,” he said.
These technologies can also help merchants decrease abandonment rates and increase successful acquisition of new customers, which Asher said then leads to more successful transactions and “makes a huge impact to their bottom line.”
“We always talk in the abstract about the dangers or the benefits of AI and things, but when you turn it into ‘we can decrease fraud, we can increase successful transactions and therefore make somebody’s profit better,’ that actually brings it home to me,” Asher told PYMNTS. “And that’s what I’m very excited about.”
In addition to implementing secure technology on the back end, Asher said merchants need to make sure the front end, where they’re interacting with customers, is a secure experience. PYMNTS research has found that nearly 57% of consumers would be very or extremely likely to switch online platforms if they had a security concern, and 65% would be very or extremely likely to abandon a transaction if they had a security concern.
“We should be using more modern authentication technologies,” Asher said, noting that he’s a “longtime advocate” of getting rid of the password as an authentication method.
Getting rid of passwords completely is going to take “many, many years,” he said, but the groundwork is already laid with consumers accustomed to using their fingerprint or face to unlock their phone. Merchants can also use other contextual information about an individual to decide whether to allow authentication, such as location and previous activities.
“Newer technologies are allowing us to get rid of passwords, get rid of more legacy and cumbersome ways, which are always being targeted by cretinous or villainous, malicious people,” Asher said. “We just have to get rid of them, and we’re working with some of our more advanced merchants on ways in which they can do that.”
Some merchants have begun using tokenization, for example, to store customers’ credit card details, lowering the cost of complying with the Payment Card Industry Data Security Standard and allowing for faster checkout experiences. According to PYMNTS research, 61% of consumers already store payment credentials on merchant-operated platforms and 45% store payment information in online marketplaces.
“The less friction you can put in, the more transactions will turn into successful acquirees, and then you will result in more revenue and more of your product shipped,” Asher said.