While sitting here writing this article, I was able to buy groceries, my mom’s birthday present, a dress for an event later this week, and a new vacuum cleaner. Ten years ago, accomplishing that much in the middle of a workday was unheard of (unless you were having a “sick day”). However, with retailers like Amazon always available to fulfill your needs, you can buy just about anything at any time without much effort. And why is purchasing through Amazon so effortless? They start with the experience at account creation.
The average U.S. email address is associated with 130 accounts, which means consumers are ready and willing to create accounts with sites they regularly frequent. There are many benefits to having these accounts: receiving promotions, saving payment information, even getting suggestions for future purchases based on browsing history. There is no better way for a retailer to get to know the customer and provide them an optimal buying experience than through an account. Unfortunately, fraudsters also know this to be true.
There are two ways in which a fraudster can exploit the consumerretailer’s account relationship.
1. Account Take Over (ATO): With the millions of consumers involved in recent data breaches, any email/password combination exposed often results in a compromised account with another retailer.
2. Synthetic ID: Understanding that consumers often get priority treatment when purchasing through an account, fraudsters will create what may look like a good account in order to utilize it for as much personal gain as possible, before a retailer gets wind and shuts it down.
How do companies handle the delicate balance between a great customer experience and risk mitigation at the point of account creation and log-in?
Most merchants want to create as little friction as possible at account creation, asking for only the most necessary information. At this stage, they usually collect name, email address, IP address, device ID, and perhaps behavioral data. Validating, verifying, and accessing third party networks allow a merchant to decide if an account appears low risk or if they should implement a progressive sign up flow. At this point, merchants may choose to request more information (such as phone number or physical address) or implement two-factor authentication to ensure the account opener is who they say they are.
Account takeover fraud (ATO) rates, especially via mobile device, have skyrocketed in recent years, costing businesses billions of dollars. Managing this threat, which involves a bad actor taking control of customer’s account to make fraudulent purchases, presents a great challenge to both the customer and the merchant. Following an attack, the merchant, who has consistently seen good behavior from a customer, can be caught off guard by a sudden chargeback. And the victimized customer, who shops frequently with this merchant, no longer trusts they are in safe hands. Risk assessment at account creation helps the merchant to minimize friction, while not losing sight of nefarious players.
Risk assessment shouldn’t stop at account creation, it should be part of the lifecycle of the account and with any modifications that take place, merchants should utilize relevant data across the ecosystem to reduce friction while continuously keeping the risk of fraud low. Therefore, in a world where fraudsters are increasingly sophisticated in recreating customer identities, data from multiple sources can help find unique markers that identify the actual human behind a digital identity. Whether they change the shipping address to get the physical good, the email address to avoid the real consumer from getting your confirmation, or there is suddenly a new device ID – there is a signal that this might be account take-over. Merchants can leverage identity verification within their models to monitor changes in behavior to avoid not only a loss in goods, but more importantly, a loss in the customer’s trust.
Machine Learning and Customer Trust
Sourcing identity verification data is only a part of the challenge, even after ensuring security and privacy needs are met, the more significant struggle is in putting this data to good use across the ecosystem. The use of machine learning (ML) modeling to assess risk can help. The unique needs of proactive, real-time fraud detection, including large and diverse data sets, real-time decisions, and continuous learning cycle times, make the account ecosystem a good candidate for ML modeling. We observe it in practice: our customers that use ML models realize disproportionately higher benefits versus those who only use rule-based systems.
Understanding the customer’s context is the way to drive better user experience and an excellent user experience also drives consumer trust. To build a better online experience, you need to understand the context that brings consumers to your platform. But there is never a silver bullet to achieve this, and the context keeps changing even within each customer’s journey, which is where proactive fraud prevention across the account lifecycle can help merchants establish and maintain customer trust.