Chargeback & Fraud Protection Team
Fraudsters are getting sneakier. So, how can merchants stay one step ahead?
By being just as innovative at preventing fraud as fraudsters are at initiating it.
While merchants have many options for using technology and artificial intelligence to improve the online authentication process and make it both faster and safer for legitimate customers to place online orders, some approaches are better than others.
Here are our three favorite emerging fraud detection techniques that we encourage merchants to keep their eyes on.
Voice Recognition
By 2023, it’s predicted that mobile biometrics will authenticate nearly $2 trillion in payment transactions — up from $124 billion in 2018. And one of the fastest-growing biometric techniques is voice recognition. It’s understandable why voice authentication is appealing as a way to confirm a customer’s identity. As far as biometrics go, an individual’s voiceprint has proven (so far) to be difficult to hack.
Because of this, over the past several years, companies like Citi have implemented voice recognition authentication methods to link a customer’s voiceprint to their account. The system analyzes and authenticates a customer’s voice, enabling the customer to bypass authentication questions and speak directly with agents or access their accounts.
Many solutions require active authentication, which means customers must state their name, a specific phrase or a password to authorize their access. But recently, new technologies are supporting passive authentication — confirming the customer’s identity regardless of what words they speak and the quality of the phone connection.
As part of the screening process, merchants can also develop databases of known fraudster voiceprints, creating biometric "blacklists". If a caller’s voice matches one on the "blacklist", the system will automatically send a notification to company officials, alerting them to potential fraud.
Is It the Perfect Fraud Detection Solution?
It sounds promising, being able to unlock an account and place an order simply with your voice. But right now, the technology isn’t 100% foolproof. In 2017, researchers demonstrated how voice assistants respond as well to ultrasonic transmitters as they do to your unique voice commands. Through these so-called DolphinAttacks, hackers could tell Siri or Alexa to call phone numbers, open websites and even place online orders.
Software like Lyrebird also may be able to bypass such verification methods by letting fraudsters create digital (and editable) voices of legitimate customers based on just one minute of audio.
Behavioral Biometrics
The way a customer scrolls through a page, types on a keyboard or even presses a smartphone screen can be just as unique as the customer’s voice. Using sensors in handheld devices and code embedded in websites, online merchants may be able to capture individual customer behaviors and use them to screen customers. Companies like BioCatch selects up to 20 unique features — out of a possible 2,000 behavioral profiling metrics — to seamlessly authenticate a user, build a robust user profile and detect any anomalies.
Is It the Perfect Fraud Detection Solution?
Because many solutions employing behavioral biometrics use multiple customer actions to form a profile, fraudsters may find it very hard to circumnavigate these protections. Hackers would need to know the exact keystroke pressure to use, the right typing cadence, the right accuracy level and the security algorithm the company is using in order to hack the system. It’s not impossible that a hacker might be able to guess all the right combinations, but it certainly shrinks their chances.
Multifactor Authorization
As simple user names and passwords become a less secure way of validating users, more companies are turning to multifactor authorization as a way to protect confidential data. By adding, at a minimum, a second layer of identity verification, a merchant improves its protection against hacking and fraud attempts.
There are three pieces of evidence merchants can layer and use to validate their customers’ legitimacy:
- Something customers have (like a chip card or a mobile device)
- Something customers are (like a fingerprint or the results from a retinal scan)
- Something customers know (like the answer to a challenge question or a password)
Supplementing traditional user names and password with time-based, one-time passwords — like QuickBooks and PayPal use to confirm identities — ecommerce merchants can dramatically reduce their risk of a security breach or a fraudster impersonating a legitimate customer. They add little friction to the checkout process but can dramatically increase customer verification confidence levels.
Is It the Perfect Fraud Detection Solution?
Even multifactor authorization won’t protect your business if you’re using verification methods that can be easily compromised. For example, fraudsters are increasingly finding ways to install malware on smartphones that let them intercept authentication SMS messages and codes.
Not only that, but if a cybercriminal can hack into a user’s computer, they can also compromise the linked smartphone and bypass the security mechanism — letting cybercriminals capture secure personal data and defraud businesses and consumers.
Prepare for the Future of Fraud
To provide a great shopping experience, ecommerce merchants need to make the purchasing process as easy as possible for customers. But as it gets increasingly difficult for merchants to distinguish between legitimate and fraudulent transactions, fraud teams need as much information as they can get. From simple fraud filters to comprehensive managed services solutions, fraud prevention comes in myriad forms.
So how can you tell what’s right for your business? First, you need to know all your options. Our free “Merchant Guide to Ecommerce Fraud Protection” helps you navigate the constantly changing world of fraud detection and prevention and helps you find the right solution for growing your business safely in 2019 and beyond.
