Ecommerce fraud can happen to anyone at virtually any time when the internet acts as a digital playground for cybercriminals. With the assistance of the dark web and their expanding nefarious toolsets, bad actors can easily hide in plain sight and virtually attack unassuming brands and shoppers – no matter where they are in the world.
However, there are geographical safe havens where brands and consumers can shop online in relative peace. Europe and APAC are leading the charge in implementing strict security methods for online buying. Yet, as 5G expands and more shoppers spend their money online, consumers and brands alike must prepare for geographic safe havens to shrink and expand.
How location influences risk of ecommerce fraud
Thanks to strict security mandates, some geographic regions are safer than others for online shoppers. For instance, the Revised Payment Services Directive (PSD2) is a law of the European Union that improves the secure storage of customer data and enhances the security of online transactions. PSD2 achieves this through strong customer authentication (SCA), meaning that customers must prove their identity using data classified under two of these three categories:
- Something the customer knows (password, PIN)
- Something the customer has (one-time authentication code)
- Something the customer is (biometric information, such as a fingerprint or a face scan)
Companies within the EU that do not abide by PSD2 are liable for any payment fraud their customers experience, so there is great incentive to implement these SCA requirements. Thus, the European Union is one of the geographic safe havens against ecommerce fraud. Accounts protected by multifactor authentication and SCA are likely to frustrate a bad actor to the point where they move on to the next, unprotected account they find.
Regions where anti-fraud measures are not mandatory may have fewer safeguards in place, placing the onus on customers to improve their online buying safety on their own. Surprisingly the US is one of these places, with anti-fraud measures less adapt than those in place for EU and APAC consumers: more than $10 billion in losses from online scams were reported last year. On the other end of this, even in places where fraud deterrents are in place, poor digital habits – by customers and organizations – can circumvent nearly all of them. Clear communication and a seamless user experience is crucial to compliance.
How to uncover digital criminals hiding in plain sight
Cybercriminals count on overwhelmed cybersecurity professionals to overlook the obvious. On average, merchants employ five fraud detection tools, according to the 2023 Global Ecommerce Payments and Fraud Report. This likely means that they have five different dashboards to monitor, dozens of threats to neutralize and reports to file. So, while security teams are focused on ransomware gangs and detecting complex DDoS attacks, small-time cybercriminals can sneak under the corporate and customer gaze with shockingly simple schemes.
One cyber trap shoppers may fall into is typosquatting, or a fake lookalike website with a URL that closely resembles a retailer’s website. Finding typosquatters capitalizing upon your respected name doesn’t require a special detection tool – only Google. Brands then can report the fraudulent activity to a domain host and request a takedown. Easy as that.
Low-effort cybercriminals also hide behind the thin veils of phishing attempts. Empower the professionals protecting your brand’s security (and customers) to spot and avoid phishing emails, texts and social media direct messages that pry for personally identifiable information or payment details. A red flag is any correspondence that threatens dire consequences and a short timeline for relatively minor situations.
User experience is the key to making secure ecommerce stick
The most solid piece of advice on which to build the foundation of ecommerce fraud prevention is to follow all local data protection guidelines. And to stick to them.
Remember a few years ago when customers griped about the slowness of point-of-sale devices requiring payment by EMV chip versus swiping? Now, does anyone still notice or care about the extra few seconds it takes to check out? No. Any minor inconvenience a new safety regulation may cause will soon become a reflex for your employees and for your customers. It is possible to have a secure and pleasant user experience.
When you first implement SCA, some people may complain about slightly slower online login or checkout experiences; however, it’s important to maintain excellent communication and assure that the extra seconds are well worth the effort. The convenience of ecommerce is a beautiful thing. Let’s put a stop to any risk occurring on the digital playground so customers can confidently and securely enjoy the thrills the online world has to offer.