Getting the seasonal shopping balance right: blocking fraud without locking out customers

Jason Lane-Sellers, Director: Fraud and Identity, EMEA, LexisNexis Risk Solutions. (Image: LexisNexis Risk Solutions)
Jason Lane-Sellers, Director: Fraud and Identity, EMEA, LexisNexis Risk Solutions. (Image: LexisNexis Risk Solutions)

As Black Friday and South Africa’s peak holiday shopping season approaches, ecommerce businesses must carefully balance anti-fraud measures and customer experience. By introducing too many onerous measures to reduce fraud risk, e-tailers may slow down processes, drive customers away and lose sales during this critical shopping season.

Jason Lane-Sellers, director of fraud and identity, EMEA, at LexisNexis Risk Solutions, notes that fraud attempts spike dramatically during seasonal shopping events like Black Friday, Cyber Monday and summer holidays. 

“What we see online is an average of 1 in 11 new accounts being opened is an attempted fraud,” he says. “During busy periods like the year-end holiday shopping season, fraud attempts double or triple. Fraudsters know that businesses aim to accept as many customers as possible, so they try to hide among the high transaction volumes.”

The 2023 LexisNexis Risk Solutions Cybercrime Report for the EMEA region highlighted an 84% increase in human-initiated attack rates on e-commerce businesses and a 25% increase in e-commerce bot volumes. Bot attacks on gaming and gambling skyrocketed in EMEA in 2023, with bonus abuse identified as the top fraud type.

“Organisations that are new to digital and still finding their feet in ecommerce are especially at risk,” Lane-Sellers says. “Criminals understand that these companies might lack necessary controls and are eager to attract customers, making them prime targets.”

Lane-Sellers points out that traditional methods for reducing fraud risk can be counterproductive, potentially driving away customers and negatively affecting sales.

“Traditional methods, such as analysing transaction types and values, can lead to errors,” he says, noting that legitimate customers may change their shopping patterns in December – buying more goods, more expensive items and possibly sending purchases to new delivery addresses as gifts.

Basic rules vs Customer Experience

“Basic rules and analyses based on transaction values or limits can trigger false alarms. In addition, when using these basic measures, fraudsters quickly adapt, staying under the radar. For example, if a limit is set at R5,000, fraudsters might make purchases up to R4,999 to avoid detection,” he says.

Lane-Sellers added, “Particularly risk-averse companies might reject high-value, risky transactions outright because they lack the resources to manually review them.”

Other traditional approaches, like sending one-time PINs and using multi-factor authentication, can also be counterproductive. They tend to slow down the customer journey and negatively impact the overall customer experience, according to Lane-Sellers.

“Customer experience is a key differentiator in today's business landscape. Instead of blocking all potentially fraudulent transactions, it's crucial to balance fraud controls with customer experience. This means mitigating risk invisibly and in real time, allowing customers to enjoy a fast and simple shopping experience.”

Real time, intelligent risk mitigation

Lane-Sellers highlights that employing multiple layers of security and leveraging behavioural intelligence are essential to striking the right balance between effective fraud prevention and maintaining a seamless customer experience.

“As businesses and customers become more digital and mobile and embrace self-service, organisations need fraud detection and risk mitigation to be faster, more accurate, and more effective. This makes customer recognition even more crucial. Knowing a username and password doesn't necessarily confirm the user's legitimacy,” he says.

“However, one-time PINs and multi-factor authentication shouldn't be required for every customer. Organisations should leverage a digital identity profile to determine if a customer is legitimate, using factors like IP address, device and transaction types. By accurately recognising the majority of good customers, identifying the minority who are not becomes much easier.”

Importantly, organisations should enhance authentication and validation processes with behavioural intelligence or biometrics. This approach analyses how a customer typically types, swipes and navigates a site, he says. Deviations from these usual behaviours might suggest that the user isn't the genuine customer or that they are being coerced into making a transaction.

Behavioural can detect subtle signs like unusual hesitance, all while remaining invisible to customers. LexisNexis BehavioSec recognises legitimate users and flags non-human behaviour to detect bots, remote access trojans and aggregators. It analyses each session for environmental risk factors and behavioural anomalies, enhancing security without disrupting the user experience.

Businesses must integrate a 360-degree view of consumers, encompassing digital, physical and behavioural dimensions, by leveraging intelligence from a global repository of shared information. Combining an organisation's local intelligence with the global insights from LexisNexis Digital Identity Network enables more accurate risk assessments and strengthens fraud protection. 

Share