Understanding and mitigating online fraud
Cyber crime leaves companies struggling to strike a balance between effective online security and a seamless customer experience.
Digital transformation has accelerated in recent years due in large part to the pandemic driving an immediate need to facilitate customer transactions and capabilities online. However, organisations initially focused on capability and customer experience and less on security and protection.
Criminals were quick to respond to the new situation, looking at how these services were deployed and targeting them from a platform and an end-customer point of view. They targeted customers due to their relative lack of experience in using digital services and lower awareness regarding online security.
According to Jason Lane-Sellers, director of fraud and identity strategy at LexisNexis Risk Solutions, speed is another driver of the recent increase in fraud and cyber crime. The pace and volume of transactions is exponentially higher in the digital world than in the physical realm.
“The impact of crime can be significantly larger, more costly and occur at greater scale in the digital world. The global nature of the problem means that even organisations operating domestically in a single vertical market are at risk from criminals worldwide,” said Lane-Sellers.
“Once an organisation implements digital capabilities, such as enabling customers to open an account, manage their payments or order goods online, every service and user interaction open to your customers is equally available to criminals.”
Lane-Sellers notes that the biggest current growth area is in running ‘scams’. These include a classic ‘Tinder swindler’ approach, to impersonating your bank or offering a get rich quick scheme. What they have in common is they all target end-users, rather than a company. Ultimately, he says, it is about manipulating the customer into performing the transaction on behalf of the criminal.
“It is vital that companies offer education to end-users through digital channels,” said Lane-Sellers. “Banks regularly advise customers that there are certain methods of contact they will never use, such as e-mail communications, cautioning customers that they should never click on links e-mailed to them. Another area where education is crucial is around passwords, because far too many people use the same username and password for multiple accounts.
“Then, from an organisation’s own security perspective, it is important to confirm that the person logging on and making the transaction is a genuine customer. Behavioural biometrics can check if a bad actor is manipulating a customer by looking at how they interact with their device, enabling them to identify whether it’s a bot or someone copying and pasting in the details.”
He suggests that while some level of fraud is inevitable, organisations need deeper insights to determine its true cost. Organisations must understand how much revenue is lost from the interaction, whether customer churn increases because of it, the cost of retention and the impact on productivity required to manage the customer experience.
“We use a ‘fraud multiplier’ to determine the cost of fraud, which is applied to individual countries. The multiplier was 3.51 in South Africa last year, indicating the total cost of fraud is around three-and-a-half times more than the financial impact of the actual crime itself,” he adds.
“Preventing fraud is complex due to the multiple stages across the customer journey where businesses need effective insight. At the onboarding stage, organisations must assess the risk of a potential new customer by understanding the digital user behind the request. Looking into their background may show that they have already opened multiple other accounts recently, so there is a higher possibility they are a bad actor.”
Avoiding relying on third-party authentication processes such as SMS is another way of reducing fraud risk. Instead, Lane-Sellers suggests using push authentication and interacting with customers by asking them questions first, instead of just giving them free rein on your site.
“From a LexisNexis Risk Solutions perspective, we have digital identity tools and products and each transaction that is processed feeds into a secure and encrypted network that is able to quickly flag digital identities that look like they may pose a risk,” said Lane-Sellers.
LexisNexis Risk Solutions processes close to 100 billion transactions each year and with access to so many data points, it has a clear view of the risk insights associated with the active digital population. It helps with judgments on whether this is a digital identity your business wants to trust. An added authentication layer ensures the customer is exactly who they say they are.
“Although businesses want strong fraud protection, they also need to provide a seamless and easy user experience,” said Lane-Sellers. “Fraud controls should be almost invisible to customers. Organisations that identify customers properly can offer trust to the 99% of customers that are good and fast track them through the process by eliminating steps needed for riskier transactions.
“Companies must realise they are no longer islands. Businesses are open to the global digital market and are viewed as fair game for global criminal networks. Organisations need both strong security and fraud prevention methodologies, but also must consider new ways, including behavioural biometrics, to validate customers and deliver smooth transactions,” concluded Lane-Sellers.
Download LexisNexis Risk Solutions’ Cybercrime Report here.