eCommerce fraud prevention best practices

It’s no secret that cyber security is a major global concern, whether it be from basic browsing security to payments and transactions in finance and eCommerce. The topic of security breaches features so frequently in the news that you’d believe individuals, businesses and organisations would have online security sussed by now. Well, not quite. eCommerce fraud prevention best practices are somewhat of a speciality of ours, but we know that despite the best-laid plans, there are still many eCommerce merchants that struggle to effectively implement fraud solutions. Luckily, education is a large part of our ethos at Nethone and preventing common mistakes in eCommerce fraud management. So how can merchants go about their business in a safe and reliable manner?

The first step for any eCommerce merchants taking the threat of fraud seriously is to find the best fraud detection and prevention solution available. A common mistake among merchants we have encountered time and again is the belief that advanced fraud solutions are expensive. What’s worse, they fear the fraud prevention will be so effective that they can negatively impact the customer user experience (UX) through invasive payment authentication measures and being overzealous in flagging false positives (marking a genuine customer payment as potentially fraudulent). By finding the perfect solution to meet your fraud needs, advanced systems can actually prevent fraud, distinguish between good and bad users, and also ensure frictionless customer experiences.

Find a company that has a customer-centric approach embedded in its fraud solution. Combating fraud is not just a case of finding a SaaS (Software as a Solution), implementing it and then letting it do its thing. Far from it. Engaging with customers at every step of the journey builds a stronger relationship that can help solidify a partnership and overall success. It is important to listen to the problems of eCommerce merchants, that way a planned solution to their problems can be created - if there is no easy resolution, it will be necessary to create one. Educating customers and clients is just as important as implementing to listen to the customer’s problems, working out the best solution and even creating one if it doesn’t currently exist.

There are, of course, always reasons behind every decision a merchant makes. We have already emphasised that education and knowledge is a key part of the overall success of fraud prevention. That is the case when there is an effective company partnership making merchants aware of the problems. But there are those who make decisions based purely on costs and try to keep them as low as possible. The size of the operation can also be a factor as small-medium-sized companies may not have the finances to have big fraud prevention and IT teams in place to maintain all systems.

1. Not updating software and security systems. It sounds like a basic piece of advice, but one that is still neglected by many merchants. It is essential to perform regular security audits and ensure a full-scope response, making sure all software and systems used are kept up to date. Steps can be as simple as ensuring transactions are performed over encrypted HTTPS protocols rather than unsafe HTTP, which can leave sensitive information exposed to the prying eyes of fraud actors.

2. The use of the Magento eCommerce platform has become known in fraudster circles as a perfect place to focus attacks (it's even the origin of the name Magecart Attacks). It’s not that the platform itself is unsafe, more than security patches to seal security gaps are not always updated by merchants. Rather than running an up-to-date version, merchants running on older, unsafe versions may be leaving themselves vulnerable to fraudsters.

3. 3DS2 (3D Secure 2.0) payment authorisation protocols for online payments. This again falls into the category of merchants not being aware they must keep systems up to date, or simply not having the financial capability to do so. Fraudsters seek out merchants who use 3DS as it is easier to bypass; if 3DS2 is part of the payment process, it makes it harder for a fraudster to successfully perform a fraudulent act. The initial costs can lead to one of many effective deterrents being in place.

4. The belief is that the costs of advanced fraud solutions are crippling - they are not - the cost of lost custom and the impact of fraud is far more detrimental in the long run. Customers have a vast choice of online shops to choose from, and put simply if they have a negative experience with one merchant, they will quickly go somewhere else to buy their goods and services. Negative experiences through the use of an unsafe eCommerce payment platform can lead to a negative online reputation, which in itself can be hugely detrimental to a company’s long-term success.

5. Financial regulations are in place for many reasons, first and foremost to secure all those involved in making transactions and payments, but also to ensure fraud rates remain as low as possible. PSD2 regulations are in place across the European Union since 01 January 2021 (14 March 2022 for the UK), and while initial performance data shows it is effective, many merchants still fear the choice over frictionless checkout experiences and adhering to regulations. Nethone’s fraud solution aids the reduction of cart abandonment while keeping payments safer - all while adhering to PSD2 regulations.

There is a lot that eCommerce merchants can do to maintain basic security measures, however, these are only part of the problem. To truly stay ahead of the game and stop fraudsters in their tracks, advanced fraud detection and prevention solutions are now recognised as a necessity. But what does this mean exactly? Nethone’s solution serves as a tried and tested example.

At Nethone, the tech behind our fraud solution is backed up by artificial intelligence (AI) and machine learning (ML) models that perform tasks automatically and in real time. They work effectively on their own, but our team of data scientists are continually improving the capabilities of our models. What does this mean in real terms? Our profiling of payments and transactions focuses on the users performing them, not just the basic customer information that some rules-based fraud systems analyse. Our analysis uses digital fingerprinting, scanning 5,000+ pieces of data, to determine a user’s device setup and whether or not they are making efforts to mask their identities and locations etc. We also analyse behavioral biometrics that provides a clear picture of how the user is interacting with the eCommerce site(s) in question - are they a genuine customer, or are they a fraudster that has enacted an account takeover? We can spot the signs, and it is only possible by being able to perform all this analysis passively, quickly and most importantly, effectively. Effective eCommerce fraud prevention is definitely accessible to all merchants - they just need to discover its potential.

If you are interested in eCommerce fraud prevention best practices and wish to implement an advanced fraud solution with frictionless customer UX, we are here to help.