We live in fascinating times. As a technologist at heart, I’m thrilled by the advances in big data, real-time streaming, correlation, virtual cubes and the like, and by the incredible promise of supercomputers and quantum computing. These technologies are creating value for individuals and communities around the world. For example, when quantum computing becomes commercially available, in the next five to 10 years, it will bring tremendous opportunities for science and medicine.
But, every rose has its thorn. Quantum computing will also make it easy for criminals to break public key cryptography, which is at the base of today’s online and mobile commerce.
The problem is that the same advances available to companies and authorities are also available to organisations with unsavoury goals. Risk in digital payments is no longer only the work of isolated, malicious hackers in their basement, seeking to impress their friends, but of criminal organisations with access to a wealth of technical resources, such as organised crime, cause-motivated hacktivists and rogue nations.
These criminals can often correlate data from different breaches to either use (or sell on the dark web) stolen sensitive personal information that can lead to all sorts of fraud, identity theft, account takeovers, and more.
Compounding the problem is the ubiquity of digital payments. E-commerce is approaching $2tn globally, and the explosion of mobile, with currently five billion connected devices, which are predicted to reach anywhere between 25 and 50 billion by 2020, powered by the growth of the Internet of Things that will allow our fridges to order milk and our dishwashers to order soap when they’re about to run out, obeying “intelligent contracts”, which are a sort of standing orders establishing the triggers and boundaries of these automated transactions.
At Paysafe, being a pioneer of e-commerce since the late 90s, we have seen virtually all flavours of risk and fraud. We have developed a unique expertise that combines: knowledge, processes and proprietary technology. We are also highly regarded when it comes to the integration of leading third-party security tools and industry best practices, as recommended by the card schemes.
The conundrum of risk management boils down to the seemingly conflicting goals of consumer convenience and protection against fraud. Consumers and merchants desire a frictionless experience – single tap, single click, remember-me features, and the like. On the other hand, security protocols continue to grow with two-factor authentication, biometrics and other safeguards.
Now, a few interesting statistics, which provide a sense of the backdrop against which businesses and consumers are operating:
Fraud has as many facets as there are flavours in a good Italian gelato shop. These are some that come to mind, in this in no way exhaustive list:
The key to mitigating ecommerce risk is relentless vigilance. Putting in place the tools that generate data, not a flood of useless reports which go mostly unread, but laser focused data (threat intelligence), which leads to analysis, and prompt action.
There is no single answer or silver bullet to combat fraud, especially since fraud continually morphs and keeps taking new forms. Instead, a constantly evolving, multi-pronged approach has been proven to deliver excellent results, composed of the following elements:
Fraudsters are always looking for the path of least resistance. If your webshop is easier to defraud, you’ll be certain to attract an inordinate amount of fraud. Conversely, if you are better than your competition, you’ll effectively be “sending the fraud away”.
So, in my opinion, the best approach is to take control and create a path that, without compromising convenience and ease of use, protects your business and your consumers. As my very first boss taught me years ago; there are three secrets to success: preparation, preparation and preparation ... Risk management is no exception.