Ask An Expert: Riskified VP Eyal Raab on Striking the Right Balance with E-Commerce Fraud Prevention

The rate of change has never been greater — or faster — for the footwear industry, with new challenges popping up every day in nearly all corners of the business, from navigating cash crunches and supply chain issues to understanding the latest technological advances. In its “Ask An Expert” series, FN asks industry leaders — all solutions-based providers — to take on some of the most timely topics. 

Over the last year, an increasing number of retailers have discovered the growth opportunities of e-commerce, but also its associated fraud risks. Online shopping has become a key target for fraudsters, as both consumers and merchants are still learning the ins and outs of digital, making them vulnerable to attack. Yet companies who respond too strongly to these risks could find themselves losing out on verified revenue, due to convoluted checkout processes or payment declines. Finding the balance in security protocols will be critical in this new digital-first landscape.

FN spoke with Eyal Raab, VP of sales and business development at e-commerce revenue protection platform Riskified, about the danger of account takeovers, leaks in the e-commerce pipeline, and how small businesses can streamline fraud prevention.

FN: As e-commerce continues to grow, so too does e-commerce fraud. But not all fraud looks the same. What are the biggest risk areas for e-commerce merchants right now?

Eyal Raab: As merchants have gotten more sophisticated at preventing fraud at checkout, fraudsters are targeting other vulnerable points in the purchase process. Online store accounts are one such risk area: Account Takeover Attacks (ATOs) – when fraudsters use stolen account credentials to take control of a legitimate customer’s account – have exploded in popularity. Once they’ve gained access, fraudsters look like the legitimate account holders and can hurt merchants in a number of ways, including placing orders, redeeming loyalty points or accessing stored payment details. When many people revived dormant store accounts to shop online during Covid-19 lockdowns, fraudsters took advantage of this trend to carry out more ATOs.

Online fraud has increased during 2020, as e-commerce purchases have increased.

New customers also present a challenge for retailers because they don’t come with a purchase history for retailers to reference. In addition to analyzing as much information as possible about the purchase, retailers should determine whether a new customer’s order makes sense within the context of current customer trends. For instance, many online retailers experienced a surge in new customers last spring. Pre-pandemic, this spike could have been interpreted as an attack from a fraud ring. But retailers who quickly grasped how lockdowns pushed many people to shop online would have been able to recognize that many of these new customers were likely legitimate. Being adaptable and flexible is how retailers can capture and safely approve new customers.

FN: What are retailers most likely getting wrong about their fraud prevention strategies?

ER: Most often it’s taking an overly cautious approach, such as with ATOs. Store accounts are a shopping method for loyal customers with established histories, so merchants are likely to approve those transactions. But customers tend to blame the merchant for allowing ATOs to happen, even though a data breach or phishing attack may have made the account vulnerable. Still, if a merchant becomes overzealous in clamping down on suspicious logins, they risk declining legitimate customers – who may be so turned off that they stop shopping at the merchant altogether.

This is the fundamental balancing act in fraud management. While fraudsters are a threat to retailers, becoming too risk-averse and falsely declining customers can be even worse. Merchants need to find a solution that is not only able to accurately distinguish between the two but is able to adapt to changing fraud tactics and shopping trends.

Woman swiping credit card for seemingly fraudulent e-commerce purchase
MAP policies only need to be enforced on valuable styles that can - and should - maintain product margins.

FN: Where might revenue be leaking from the e-commerce pipeline, aside from the checkout itself?

ER: Online customers expect a seamless experience, so adding friction at any point during purchase risks customer drop-off and revenue loss. A prime example of this is 3D Secure, which is an extra step at checkout requiring customers to verify their identity with the card issuer. While the intended purpose of this is additional fraud management, the inconvenience of having to enter another code or password can put customers off. Research has found that 3DS causes a 14% drop-off rate for web orders and a 25% drop off in mobile orders. This is not to say that merchants should never ask for further verification, but that disrupting a customer’s shopping journey should be a last resort.

Another way that merchants lose revenue is through the abuse of policies meant to incentivize shoppers. This includes creating fake accounts to get a referral or first-time-customer benefit; using different emails to rack up coupons; taking excessive advantage of free returns; and exploiting replacement policies by claiming you haven’t received your package. If merchants don’t carefully manage these policies, they risk substantial loss.

FN: Outside of deploying a third-party solution, are there any measures that merchants can take to reduce the likelihood of fraud, false declines and abandoned purchases?

ER: This is a major challenge – particularly for merchants that may not have the resources to devote to it that a larger enterprise does. The key is recognizing that false declines and abandoned purchases are likely to be bigger issues than fraud. Once a merchant has that mindset, they can focus on maximizing revenue rather than absolutely minimizing risk. One method is to take a look at what they sell and understand the risks: Review your chargebacks to see what fraudsters are targeting, what has been safe, and then adjust accordingly. Do you have product segments with very low or no fraud? Consider automatically approving those to lessen the workload. That should help smaller merchants focus on higher-risk, higher-value items so they can make more accurate decisions.

Woman using credit card and laptop computer for shopping online at home
Flexible returns policies can improve the customer experience, even if they aren’t entirely free.
CREDIT: Natee Meepian - Adobe Stock

Looking ahead, what areas should retailers be focusing on, in order to create the safest, most efficient e-commerce experience?

ER: Making the best use of the data they have available. As e-commerce becomes an increasingly essential part of how we shop, convenience will be a major consumer priority. Traditional fraud management is slow to adapt to these newer e-commerce methods; retailers often add inconvenience to the BOPIS experience by having customers verify their identities at pickup. Meanwhile, mobile commerce experiences high amounts of cart abandonment because those orders are often associated with fraud, causing merchants to add friction or even falsely decline legitimate transactions.

Merchants should remember that fraud management is inextricably tied to the customer experience, so the fraud solutions they employ have to be able to make instant and accurate decisions. No customer likes being the victim of fraud, but sacrificing an efficient shopping experience for clunky security risks pushing legitimate customers away. Ultimately, by facilitating a safe and seamless shopping experience, fraud management can act as a revenue driver for merchants. Retailers who understand and embrace that will be in a position to thrive.

Access exclusive content