With the Black Friday/Cyber Monday weekend upon us and with it myriad warnings to consumers to be vigilant of potential fraud attempts are broadcast, less thought is given to the security of the retailers who are actually selling the discounted products. Yet last year, according to industry specialist GBG, over 18,000 fraud attempts were made against each UK retailer on average during the period between Black Friday and the January sales.
Sarah Whipp Head of Go to Market Strategy at Callsign argues that during busy periods such as Black Friday and Cyber Monday, businesses are under pressure to balance the fraud with customer experience, but they must be careful not to let the latter slip. At the same time, banks have to foot the bill when it comes to a majority of this type of fraud, so they have a vested interest to not let their retail customers to get complacent when it comes to security.
“Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual. However, they are often willing to take the hit because it will be worth it for the extra business as long as there is no long lasting reputational damage. Indeed, the financial costs of fraud are now borne by banks as well as merchants and Black Friday fraud is a growing challenge for financial institutions.
“This is set to change next year. With Secure Customer Authentication (SCA) coming in for merchants in 2021 they may be well advised to make hay now with a lower security bar. In the future they will need to make sure they have trusted merchant status and that they manage their pricing to take into account of SCA exemptions to have a premium user experience. Next year, merchants need to partner closely with issuers (banks) to manage this situation.
“3D Secure could throw another spanner in the works for banks whose customers are online retailers that use it to avoid chargebacks. It can massively complicate treatment strategy as the payments are verified by the likes of Visa, Mastercard Secure Pay and Amex Safekey, therefore the liability is mainly with the card issuers and banks.
“To deal with the issue, merchants should use agile IT systems to their advantage. For example, if a retailer’s system has the functionality to modify fraud appetite policy dynamically (including adding in extra fraud checks), then they may want to lower the bar initially to gain the maximum number of sales. Then, if they were to spot a high degree of fraud attempts they could ramp up prevention measures on the fly. Of course, the impact on the customer and the risk of possible reputational damage needs to be kept at front of mind at all times.”
Callsign has built a secure mobile multi-factor authentication and authorisation engine, through the introduction of patented machine-learning biometric (including voice), behavioural, geo-location and identity analysis, combined with traditional methods. The company has recently announced that it will be working with Lloyds Banking Group on providing digital identification and authentication solutions.