As summer begins to wind down the days become shorter, and fraudsters get busier. Just like growing eCommerce merchants, fraudsters are sharpening their tools and preparing for the busy holiday season. Established retailers understand that fraud is part of the business once you’ve hit the big time. What many don’t realize is that size doesn’t matter to fraudsters and small to midsized businesses are targeted just as often as enterprise retailers with more at stake. Studies show that organizations lose an average of five percent of their annual revenue to fraud each year, with the risks being even higher to businesses with less than 100 employees. Worse still, in 47% of successful fraud attacks against SMBs, the root cause was a lack of internal controls.
Alarming figures like this highlight the need for businesses of every size, but especially those growing rapidly, to take steps to protect themselves from fraud from the outset. Here are our top 5 tips for protecting your growing business and your customers from fraud.
- Cultivate a culture of security. A common tactic for fraudsters looking to commit account takeover fraud is to use social engineering. By posing as a legitimate customer and contacting support and customer service, these fraudsters will attempt to gain access to accounts by changing contact or login information. Once these changes have been made, the fraudster can steal money or goods from the account. Because it’s one of the easiest and lowest tech ways to commit fraud, social engineering has seen a rise recently. From December 2016 to May 2018, social engineering grew 136%. Stopping these scams is crucial to stopping loss of product and revenue for any retailer, and smaller organizations may be at particular risk.
So how do you stop would-be criminals from duping your support team? By cultivating a culture of security with training and awareness. Implement annual or bi-annual internal training that updates employees on the latest social engineering tactics and remind them what to look for on every phone call or support ticket. Additionally, reward employees for practicing good cyber hygiene all year round. Team members who take their personal cybersecurity and that of the company seriously, are far more likely to spot a fraudster than those who don’t.
- Use multi-factor authentication. While fraudsters aren’t commonly in the business of stealing or utilizing leaked credentials from the dark web, requiring that your customers use multi-factor authentication wherever possible adds an additional layer in preventing account takeovers. Additionally, beginning to require strong authentication methods such as MFA will prepare you for being PSD2 compliant as your business grows and becomes subject to increasing scrutiny and regulations.
- Hire the right team. While it may not seem necessary right away, investing in your fraud management and loss prevention teams will become crucial to catching fraud, reducing customer dissatisfaction during the review process, and protecting your bottom line. Whether your fraud management strategy places manual reviews in a customer facing role or in a more analytical role, hiring the right people to quickly and efficiently make the right decisions will ensure that your investment is protected.
Fraud management teams that sit with customer service or support should be detail oriented and empathetic. These agents are your first line of defense in preventing friction for your customers. They can save accounts or transactions that might have otherwise been abandoned due to a manual review by making your customers feel protected and valued. These agents will contact customers directly that are flagged for manual review, therefore they must display exceptional communication and customer service skills.
Fraud management teams that sit with business intelligence or loss prevention should be equally detail oriented to their customer-facing counterparts but their focus should be more on data analysis and efficiency. Agents in more analytical roles are often working with automated tools and should have a strong grasp on data analysis and decision-making skills that might not be required from a customer-centric fraud analyst.
- Invest and plan now. Just because you’re a young and hungry retailer, doesn’t mean that you’re not a target. While it’s understandable that growing businesses operate on sharper margins and with smaller budgets, the cost of recuperating from a fraud attack is exponentially higher than the cost of prevention. A successful fraud attack has a true cost of $3.20 for every one dollar of fraud. As the old saying goes, an ounce of prevention is better than a pound of cure. Begin planning for fraudsters to attack during your busiest seasons and test your fraud controls all year round to stop them from finding vulnerabilities in your systems.
- The right partners with the right tools. Whether you’re doing 10 sales per day or 10,000 sales per day right now, implement an automated fraud detection solution. Partnering with a fraud prevention provider has benefits beyond just risk assessment and data. The right fraud prevention solution will customize for your business with fraud models that are created and updated frequently to match your store’s individual needs. These models can be used to automatically approve more transactions and send only those that are most suspicious to your manual review teams. By approving more transactions faster, you’ll see an immediate increase in revenue and customer satisfaction as fewer transactions are abandoned due to friction.
The most effective fraud prevention solutions participate in data sharing with a global network, keeping their databases dynamic and ahead of the fraud trends. By sharing fraud data across industries and across the globe, they’re more likely to detect and automatically stop known fraudsters from taking advantage of small and mid-sized businesses whose static blacklists would not contain these known criminals yet. Dynamic data and custom models should be updated as often as possible because fraud tactics are evolving every day. For example, custom models built by Emailage for our EmailRisk Score are updated weekly to ensure that businesses have comprehensive and cutting edge data to make decisions about transactions at lightning speed.
It can be stressful and difficult to implement internal controls like fraud prevention when you’re focused on growing your business as quickly as possible, but fraud management and fraud prevention will play a pivotal role as your company grows each year. Start now to ensure that you don’t suffer the same losses as your peers by implementing these best practices into your everyday operations.
Click here to discover how you can leverage email intelligence to stop fraud, approve more transactions and drive revenue.