ECommerce merchants are tasked with protecting their customers and fighting fraud. But with the level of competition online, merchants must focus on creating an exceptional user experience for their customers.
Can you fight fraud and provide a frictionless customer experience at the same time?
This is the great conundrum. Current methods to fight fraud create friction, and consumers hate friction. Consumers continue to demand convenience, speed, and an elevated customer experience. As we continue to move to a digital lifestyle, we must find ways to accomplish both.
Behavioral biometrics may be the light at the end of the tunnel.
Here, we discuss the challenges of security and customer experience in the eCommerce world. We’ll discuss the study of behavioral biometrics and how the technology may be able to bridge the gap.
While ecommerce growth was on an uphill trend, no
one can deny how the trajectory skyrocketed exponentially as a direct result of the pandemic. For the first time, U.S retail eCommerce sales are expected to exceed $1 trillion.
How ecommerce customers make their online purchases is also changing. As smartphones continue to saturate a greater portion of the market, mobile makes up a greater portion of all online traffic. As of Feb 2021, 85% of Americans owned a smartphone. Compare that to a decade ago when only 35% of Americans owned a smartphone. And for Americans between the ages of 19-28, that number jumps to 96%.
According to a recent Zippia Research study, mobile devices account for 47% of all web traffic in the U.S. In addition, 61% of organic search engine visits originate from a mobile device. Considering that younger generations make up the majority of mobile shoppers and 96% own a smartphone, it's clear that mobile will continue to command a greater share of all online traffic.
There has been a significant increase in all types of fraud across the board. There have been upticks in new account fraud, account takeover, and P2P payment fraud. In addition, there have been significant increases in online payments fraud.
Global Fraud attempts against businesses increased 46% over the last 2 years. This is in direct conjunction with the covid-19 pandemic and the rise of eCommerce. And about 90% of all payment fraud occurs online in the card-not-present atmosphere. But Identity theft made the biggest leap during the pandemic.
According to the 19th annual Identity Fraud Study by Javelin, 42 million Americans were victims of identity fraud totalling upwards of $52 billion, from 2020 to 2021. Not only did the amount of fraud attempts increase, so did the value of the loss. The study showed that during that same timeframe, the per-incident loss spiked from $201 to $1551.
Cybercriminals are finding more innovative ways to steal consumers' personal data. This means personally identifying information like usernames and passwords, emails, and birthdates is no longer the best way to verify a customer.
For every dollar lost to fraud, it costs merchants $3.36 in merchandise, fees, and labor costs. Fraud is costing merchants more per loss as fraudsters are also increasing the value of attempted purchases. In fact, the average value of attempted purchases increased by 69% last year.
Today’s consumer has much higher expectations than the pre-pandemic, pre-online revolution consumer. Consumers want to interact with brands on their website and social media channels. And they expect it to be a seamless customer experience that is pleasurable. According to SalesForce, when it comes to customer experience, 80% feel it's as important as products and services.
Consumers also want and expect merchants to protect them and their data. But they don’t want to endure the measures it takes to do that. Consumers will abandon a shopping cart for many reasons. Some of the top reasons include distrust of the site with card information and a long and complicated checkout.
The thing is, the vast majority of transactions are legitimate customers. Still, retail fraud is a multi-billion dollar threat merchants must protect themselves and their customers from. The way we detect potential fraud today uses a series of roadblocks meant to “catch” the fraudulent transactions.
Traditionally, consumers must give out certain pieces of personally identifying information (PII). They also may be asked for a secondary set of authenticating data. This may include answering security questions, a login confirmation via email, receiving a one-time password, or multi-factor authentication.
But these create a significant amount of friction for good customers and degrade the customer experience.
What is Behavioral Biometrics? According to TechTarget, behavioral biometrics refers to the measurement of “uniquely identifying and measurable patterns in human activities. The term contrasts with physical biometrics, which involves innate human characteristics such as fingerprints or iris patterns.”
Behavioral biometrics technology identifies hundreds of data points based on inherent human behaviors. Then it uses those behavioral data points to create a highly accurate user profile. When consumers visit a site or log into their account, those behavioral elements are then compared to ones in the user profile to authenticate the user. If for some reason the known behaviors change, the software will create an alert.
For example, it can track keystroke cadence. It will learn how fast one types and where and when they pause while typing in their login or email. It will also gather mouse use and touchscreen behavior, such as how long or hard one touches the screen. It can gather information regarding the device being used as well as how it is used. For example, it might detect how someone swipes or even holds their smartphone using the gyroscope.
These are considered “passive” authenticators because they operate unnoticeable and in the background for the consumer. Verification elements are collected frictionlessly as consumers simply complete their normal actions, signing in or checking out.
Large national banks have been using and “testing” behavioral biometrics with great success. They've been able to reduce malicious attacks and account takeover. They've also succeeded in creating a safer environment that is also smooth and seamless for the account holder.
The elements used in behavioral biometrics are inherently human. This means it is very difficult for fraudsters to fake. Fraudsters, algorithms, and bots don't work the same way humans do. Humans “shop”. They move around a website, read the return policy, add and subtract things from the shopping cart. Fraud systems are looking to get in and get out. They often grab the most expensive items fast, or many of the same items. They often won’t start or finish the same way a human would. These are things that will give them away.
With stolen information, the attacker has the right credentials to get in. But when you add behavioral biometrics, it can provide critical clues that trigger unique risk signals. They have the right information, but they are not "acting" the way the user normally does. This is how banks have been able to reduce their incidence of account takeover (ATO).
Online payments happen in almost real time. At the time of transaction, retailers communicate in both directions with their bank and the cardholder’s bank within a matter of seconds. To be successful, behavioral biometrics would also need to happen in almost real time. They would also need to be transferred to the consumer's card issuing bank to be verified with the data in the user's profile.
Adding behavioral biometrics has the potential to reduce fraud and losses while also reducing false declines and enhancing UX. With traditional fraud detection, any mismatch can flag a transaction or result in a false decline. But with behavioral biometrics in play, additional human elements can be used to verify the customer.
In-app messenger payments are one area where behavioral biometrics have the potential to greatly increase security. For example, say a user wants to make a payment through a messenger app. In addition to verifying the device (something the user has), biometrics can verify the user's voice (something they are) to complete 2-factor authentication. But it can also pair that information with the behavioral markers in the user profile gathered every time the user logs in or uses the app. This ultimately eliminates the need for knowledge-based authentication.
Some also believe that this could lead to a world where there are no passwords, as they’re the weakest link in security. When behavioral biometrics are paired with traditional fraud detection, like device and geographical location, etc, we may get to a future with no passwords.
Biometrics will continue to expand its use cases in both the financial and payments industries. As we strive for tighter security coupled with better user experience, behavioral biometrics will undoubtedly play a role. And we will be sure to keep a pulse on the emerging technology.
At MonerePay, we take security seriously. We understand that protecting your customers is a top priority, and we know that processors play an important role in card payment security. To protect our clients and their payment transactions, we adhere to the highest level of PCI compliance, including offering 100% compliant PCI Level 1 gateway.