Researchers estimate U.S. eCommerce companies lost $6.7 billion due to fraud in 2016, and a significant portion of that stems from chargeback fraud. According to LexisNexis, chargeback fraud accounts for 28 percent of all fraud that occurs at an eCommerce company, tied for first place with “friendly fraud.”
The impact of chargeback fraud and other transaction-related fraud — like account takeovers or payments fraud — on the bottom line is clear. Less obvious, however, is the financial impact of data breaches, content abuse and similar cases. Customer trust is lost, reputations are damaged, but putting a price tag on these implications is difficult.
Facebook recently came close, though.
According to Bloomberg, the fallout of revelations that data firm Cambridge Analytica used information from 50 million Facebook users without their knowledge led to about $73 billion in lost market value in a matter of days for the social media company. Stocks fell 14 percent, while lawsuits and further market value volatility are also expected.
The saga, along with mounting concerns over “fake news,” are, in many ways, pushing corporate cybersecurity in a new direction, says Kevin Lee, the trust and safety architect at cybersecurity firm Sift Science. While Sift initially launched as a chargeback fraud specialist, Lee recently told PYMNTS that market conditions have led customers to broaden their demands.
“What’s happened over the years is that the internet landscape has fundamentally changed,” he said. “People are putting more of their digital identities online, and as a result, we’ve been hearing from companies that say, ‘We have our chargebacks under control. However, we’re now dealing with account takeovers, affiliate fraud and content abuse.’ Fake news and misinformation are top of mind right now, especially in the U.S.”
The multibillion-dollar losses incurred by Facebook “because of that breach in trust” are proof that content abuse and data breaches have clear financial impacts. But because those financial implications are difficult to precisely calculate, corporates today are struggling with their cybersecurity strategies. Fewer than half of companies surveyed by Marsh and Microsoft earlier this year say they estimate financial losses from cyberattacks.
“Chargebacks affect the bottom line. Your CFO is going to hear about it,” said Lee. “When it comes to content abuse and account takeovers, those affect your top line. They’re attacking your customers directly. Eventually, that will get down to the bottom line, but it’s not a one-to-one correlation, and therefore is not as easily assessed.”
Compromise Security For Customer Experience
The evolution of the internet means customers are more demanding, and less patient, Lee said.
“Customers demand instant gratification and ease — thank you, Amazon, for delivering that customer experience,” he said. “As a result of that really frictionless experience, there is more risk in terms of companies not wanting to turn away good users. It does expose them to more risk.”
“Essentially,” he continued, “the world has changed to where we have to up our game, up our customer service levels and experience. Sometimes that comes as a tradeoff with security.”
The checkout experience, for example, can come riddled with hurdles for a customer passing through multiple layers of authentication and security. It creates additional friction for the end-user, Lee said, so as larger companies like Amazon offer a more streamlined and faster experience, smaller businesses are forced to play catch-up.
“If they don’t,” said Lee, “they’re going to become dinosaurs.”
Machine Learning Steps In
Sophisticated data analytics technologies like machine learning and artificial intelligence can help SMBs and large enterprises alike in maintaining a positive customer experience without compromising security, according to Lee.
“We want to build a scenario where both customer experience and security can grow together, and not necessarily compete with each other,” he stated.
For example, instead of adding multiple data entry fields and authentication measures at the time of checkout, integrated machine learning and analytics solutions can pre-assess a customer’s risk level to the seller based on behavior. Sift Science provides a probability-of-fraud score for sellers, and if that score is low enough, companies can take away many of those added hurdles for customers.
These technologies can address issues of “fake news,” too, said Lee, offering early warning signs to customers or highlighting questionable email addresses and URLs in the back-office — tactics that can help address fraud like the Business Email Compromise.
The ongoing data scandal at Facebook, or countless other data breaches and fake news stories dominating the headlines today, has certainly raised awareness among businesses of the need to upgrade their cybersecurity strategies. But Lee said that it’s not always top-of-mind, especially for startups.
“You’re in a state where you want to pour your resources into engineering, ops, growing your business,” he said. “You go into it with the best of intentions. You want to change the world, or disrupt a particular industry. You’re not thinking about all the ways your system can be exploited. It’s not top-of-mind for a lot of businesses — they just want to grow and survive.”
It’s led to a mindset among entrepreneurs and executives to “take everyone in, and sort out the rest later” — in other words, keep security walls lowered to gain as much traction among customers as possible, and identify potential security risks after the fact. But Lee said the rise of content abuse and similar fraudulent activity is encouraging businesses to take a more proactive, instead of retroactive, approach.
“Because of data breaches and other missteps, security is more at the forefront,” he said. “In Silicon Valley, you’re seeing the departure of high-profile folks because of security issues. Perception and mindset are slowly shifting, and there is a lot of inertia.”