...

Omni-channel attacked by Fraud! What to do?

April 10, 2023
Omni-channel attacked by Fraud! What to do?

In the day and age of the internet, customers often opt for more convenient approaches to shopping. This has led to constant growth in E-Commerce business models as well as the need to optimize selling channels for customer experience.

Much of this market demand drove merchants to build their very own omnichannel approach that service to customers at different points in both time and place.

Being an omnichannel merchant definitely brings benefits, however, going in parallel with them are the threats coming from security, bad customer behavior, and growing fraud threats. For traditional business models where the sell-and-buy process is non-digital, things are a lot simpler. Whereas an omnichannel approach requires more things to look after, and more potential loopholes for criminal penetration.

In this article we are presenting to you some basic information on an omnichannel approach in selling, how it differentiates from the multichannel, omnichannel fraud and what merchants could do to alleviate them.

What is Omnichannel?

Omnichannel is often referred to as a business model that seamlessly coordinates all distribution channels within a retail company. This model incorporates activities and touchpoints both offline and online to deliver a consistent customer service.

What's the difference between Omnichannel and Multichannel?

Omnichannel and Multichannel are often mistakenly used to replace one another. Their biggest similarity is the availability across different channels.

Where the two differ is that for an omnichannel, all channels must be well connected, and buyers should be able to pick up their previous action on another channel. For an omnichannel, consistency and seamlessness is key. This is because the model aims at creating and delivering a retail experience and purchasing process that carries the least possible friction.

Meanwhile, a multichannel approach simply means there are various channels that the customer can choose from, but they are not necessarily connected, and the purchasing process functions separately. Another thing that sets the multichannel model apart from the former is that products could be offered different prices at the different channels within the network.

What is Omnichannel Fraud and Why does it exist?

Fraud happening in omnichannel models is not confined to a specific type but is rather a variety of tactics used by cybercriminals to attack vulnerable participants of the online environment.

The most common fraud techniques found in omni channels are:

Account takeovers: When an account is stolen by a hacker via username and password compromise or data breaches.

Synthetic identity fraud: When a real person’s personal information is stolen, then combined with falsified information to create a new identity, used for fraudulent activities.

Promo abuse: When a fraudster registers at a store with different accounts to benefit from promotional codes, first-timer discounts, festive offers, and so on.

Triangular fraud: When a fraudster sets up a fake store to try to sell something to a legitimate customer, then purchases the item from a real store using a stolen account and benefits from the legitimate buyer’s transfer.

Bot-backed attacks: Any sort of fraud that is carried out or supported by robots

What are the Factors that Affect Fraud in Omnichannel Retail?

Fighting fraud attacks from inside omnichannel models is rather complex, especially for new players in the market. This is due to the degree of connectivity and sharp focus on leveraging customer experience, which could be an obstacle to fraud prevention because of the potential added friction.

As previously stated, omnichannel approaches aim to achieve seamlessness in e-commerce, which is the integration of the different arms within a company. However, even with the most connected and strong structure, there will always be spots vulnerable to fraud.

Comparison Between a Traditional and Omnichannel Attack Surface

When referring to fraud attacks, many experts use the term “attack surface” to discuss and elaborate on them. This term means the overall area within a company’s structure, all the way from the make to the sales and personnel, where fraudsters could intercept and exploit. When comparing the attack surface of a traditional selling model to an omnichannel, the surface itself is observed to be a lot wider. Let’s look at the examples.

Within model that is completely traditional and includes no digital channels, where transactions are made card-present, its attack surface spreads across:

1

The physical store and security

2

The in-store checkout process

To further elaborate, the two ways in which fraudsters could pull their attack within this environment is either to pilfer the goods or provide illegitimate payments at the counter. These two approaches to in-store fraud, overtime, have been effectively eliminated by close supervision by store security (tech or non-tech) and well-trained staff.

On the other hand, things get a lot more complicated in an omnichannel model. The attack surface within this environment is recognized to be across all of the channels, from manufacture to delivery. Below are some of the parts where the attack surface spans across:

1

All website components

2

The cybersecurity team and reliant software stack

3

The supply chain: stock and track

4

The physical store security

5

The store’s staffing

and more…

Comparison of an Omnichannel and Traditional Selling Model’s attack surface

E-Commerce Fraud vs. Omnichannel Fraud

E-Commerce and Omnichannel Frauds are often mistakenly addressed as one while they are not exactly the same.

While Omnichannel Fraud refers to various types across the entire channel, skilled fraudsters recognize E-Commerce platforms as an extended surface to the omni model. The connections between the E-Commerce channel and the entire model are most vulnerable to online criminals.

When comparing an omnichannel approach to online shopping and a traditional delivery purchase model, the shopper does not have to enter as much identifying information. In most cases, only a physical address is required

During account verification, this datapoint is extremely important because names and addresses can be uncovered from a public website and cross-referenced with other types of payment data from different sources to prevent fraud attacks. This point of vulnerability leaves a hole for fraudsters to take advantage of penetrating.

Examples for Omnichannel Fraud

Fraud is often seen in E-Commerce activities and platforms, nevertheless, there are also other cases that happen along the different phases of an omnichannel structure. Below are some.

Cancel at pickup

Many shoppers order their products online, pay for them, and only cancel the item right before picking up. In many cases, this cancellation message cannot be communicated in time to prevent the buyer from stealing the product while still receiving a refund for it, stating that they have failed to receive the item.

Staffing and Training

Owing to the specific and strict requirements of an omnichannel to be on time and accurate, staffing and training constitute a big challenge for players in the market no matter big or small. This remains a problem to solve not only because staffing requires selection of people with specifically needed skills, but also to have them trained and ready at different positions across the channel.

Ad-hoc Discounts Abuse

As you might not have known, some customers go as far as to abuse expired ad-hoc or accidental discounts for products. These discounts are often targeted at certain customer groups (loyal members), or are set for a specific holiday, or are accidentally left visible even after the stated expiration date.

What Can Omnichannel Merchants Do to Prevent Fraud?

As with any other approach to buying and selling, fraud prevention is important to help merchants secure themselves in the market. These tools are designed to plug into the leaky holes that are causing merchants tons of money a month on fraud damage.

For an omnichannel merchant, since the attack surface is much wider than in a traditional model, prevention plans and strategy must be laid out across the channels, ensuring consistency and the most optimal safety standards. Below are the ways in which merchants can apply into their fraud prevention program to up the game.

Collect Data from Various Sources

There are ways in which customer or user information could be looked up and cross-referenced other than using only a shipping address. This additional information can derive from:

  • Phone number lookup: this can help reveal use of a disposable phone (if any), suspicious numbers, numbers without any clear accountability, or numbers belonging to untrustworthy origins.
  • Email lookup: this can help reveal whether the email address provided by the customer is real and how well-used it is. Other than that, this information can also be interpreted to find out whether the user is creating a new email address to abuse first-timer rewards and privileges.
  • IP analysis: this can help reveal whether the customer is using a notorious proxy connection, VPN or any other anonymizing services which are highly common among fraudsters. IP information that is considered abnormal can be investigated more deeply, indicating that more attention should be paid to the transaction.

Perform Velocity Checks

These checks are performed based on the observation of incoming traffic, often website/platform visits or activities to look for bot-like behavior. Other than that, fraudsters who are at work with a large number of stolen IDs can also be unveiled through this type of check.

Analyze Customer Behavior

By analyzing customer behavior, merchants can learn more about their relationship with the business. Accounts related to fraud rings are often revealed to share similar data points or characteristics. Having this analysis at hand can help prevent fraud from happening by stopping them at the time of data collection and interpretation.

Conclusion

As stated in this article, prevention is always important when it comes to protecting merchants from fraud risks. Despite having many common approaches that are proven to be effective, fraud prevention isn’t truly a one-size-fit-all.

We hope this article has helped give some basic information to omnichannel merchants looking into building their fraud prevention plan and strategy. Don’t forget to keep in mind that since fraud strategies and attempts are rapidly becoming more sophisticated, updates are required if you are currently adopting a fraud prevention tool or software.

As previously announced by global card schemes such as Visa and Mastercard, by 2024, merchants are required to upgrade their EMVCo-certified anti-fraud solution to at least version 2.2, otherwise fraud checks and review requests will be deemed invalid and returned with an error code.

For more information and a personalized consultation, please kindly contact HiTRUST via our social media accounts or email shown below.

Website: www.hitrust.com

Facebook: www.facebook.com/hitrustglobal

LinkedIn: www.linkedin.com/company/hitrust

Email: [email protected]