Unifying digital experience in the fight against online fraud

Customer experience and fraud prevention should not be mutually exclusive goals. Organisations must align their application security, digital fraud, CX and marketing teams to positively impact both top and bottom-line business performance
Shape Security

Rapidly changing customer expectations have forced businesses to embrace digitisation initiatives in recent years. Last year, for example, the analyst firm IDC predicted that organisations will spend $2.3 trillion a year on digital transformation by 2023. If that wasn’t significant enough, earlier this year research from Twilio concluded that the COVID-19 pandemic will accelerate digital transformation efforts by over five years. Indeed, one of the core goals of digital transformation is to provide a more personalised customer experience – but are we still missing the mark?

Though companies are compelled to adapt to this rapidly evolving digital world in order to survive, the shift to online platforms has also catalysed an explosion in fraud, as opportunistic criminals seek to exploit vulnerabilities or weaknesses for their own gain. PwC’s Global Economic Crime and Fraud Survey 2020 found that nearly half of organisations have suffered at least one fraud, with an average of six per company. Meanwhile, one in five British consumers have fallen victim to nefarious fraudulent activity in the past 12 months, according to a study by Marqeta.

“Customers expect a personalised experience akin to those they receive from the likes of Amazon and Google,” says Partha Sarathy, Global Fraud Architect at Shape Security (now part of F5), which protects the web and mobile apps of some of the world’s largest organisations against fraud and abuse. “Then they come to login to their online bank, or a retailer, and they’re not afforded the same level of experience they’ve become accustomed to. That’s why organisations are investing heavily in digital transformation, the adoption of which has been exponentially accelerated by the pandemic”.

Are organisations ready?

The simple answer is no, not really; they’re still grappling with this acceleration. Rather dishearteningly, there has been an uptick in attacks on government schemes, with fraudsters unscrupulously opening fake bank accounts to siphon funds from benevolent initiatives drawn up to help combat the effects of the COVID humanitarian crisis. They are using stolen credentials, which in turn come from data breaches feeding into the age-old cycle of e-Crime. Fraudsters are tenacious and mercurial, consistently refining their evasive techniques to simulate real user behaviour, allowing them to fly under the radar in high volumes of digital traffic. It is becoming increasingly difficult for organisations to deterministically identify them and mitigate the affiliated risk.

One of the biggest challenges companies face in achieving their digital transformation ambitions is managing the balance between tackling fraud and driving revenue growth, the latter being deeply rooted in the provision of a superior customer experience. The issue has been amplified by conflicting objectives between different departments, often operating in siloes. CISOs are primarily tasked with preventing data breaches. Fraud departments, meanwhile, are responsible for reducing fraud dollar losses. The strategies of both teams can add friction to the customer journey, and marketers are deeply cognizant of the impact this can have on conversion rates, customer satisfaction and revenue.

These teams need to work more closely together to address both digital fraud and business imperatives to drive revenue and growth. CISOs have an opportunity to spearhead this collaboration as they seek to be seen less as a cost centre and more as business enablers, positively impacting both the top and bottom line. To do so, they need to better understand the user interactions flowing across all digital channels and achieve a holistic view of the entire consumer journey.

Customers don’t see CISOs or fraud departments or marketing teams – they interact with the organisation as a whole, as a brand. Digital is a unifying experience for both the customer and organisation. That unification can only truly be realised if the conflicted execution of priorities between security, fraud and marketing departments is eliminated.

“When customers log into a portal, they’re immediately faced with friction,” says Mr Sarathy. “On average, 10 to 15 per cent of customers hard fail at login, which negatively impacts conversion rates. Another 10 to 15 per cent experience some levels of friction but are able to eventually complete their login attempt. This calls legitimacy into question. Many organisations do not have the capability to conclusively differentiate between a legitimate login request and one that stems from a fraudulent source, adeptly masquerading as a trusted end-user. Despite an imbalanced ratio of fraudsters to end-users typically interacting with their online platforms, many companies remain compelled to impose increased levels of friction such as CAPTCHA and MFA that ultimately have a harmful impact on their bottom line.”

This means that around three in ten customers will face friction at different levels throughout their session. Companies must be encouraged to understand the intent of their users as they interact. A cross-functional convergent platform is crucial to enabling companies to remove these kinds of friction – increasing conversion rates and improving the customer experience, while simultaneously reducing fraud.

“Companies are buying piecemeal solutions – one for digital ID, one for authentication and one for multi factor – and then trying to solve these security facets in siloes at the back-end, instead of having a solution that speaks to the problem as a whole. When everything is unified in one solution, you’re able to orchestrate everything at the enterprise level. This holistic orchestration provides flexibility, visibility and agility to react to evolving threats while managing fraud losses and impacting revenue.”

As a cross-functional convergent platform, Shape Security meets the needs of CISOs, drives huge fraud loss savings and helps improve business performance and customer experience. It’s a single platform addressing both the top and bottom line, enabling organisations to fully realise their investment across digital transformation, data and analytics, and eMarketing tools, whilst reducing risk and growing revenue.

Shape is one of the largest processors of login traffic, blocking over 1 billion fraudulent log-in attempts and other transactions every day, while ensuring that more than 200 million legitimate human transactions are kept safe.

“That stands testament to the power of the network effect,” says Mr Sarathy. “Understanding how fraudsters are operating across a network is incredibly important. Most fraud solutions offer this capability too but are confined to their expertise of the human aspect. Shape leverages AI and machine learning to augment its anti-fraud capabilities, further strengthening its market-leading data repository in the unremitting fight against fraud. If the data quality is inadequate and/or inconclusive, the efficacy of the solution will be affected.”

By removing automation as a first step, organisations can strip out the noise to leave behind the evermore sophisticated levels of human-generated fraud. When users show good characteristics and behaviour, they should be legitimised without superfluous friction and companies should have the confidence in their systems to extend user sessions where appropriate, leading to increased conversion. The network effect enables organisations to gain collective insights into the characteristically nefarious signals synonymous with fraudulent activity, and allows them to confidently identify fraud before it takes place.

It is through the unification of these priorities, teams and budgets that companies will achieve the greatest impact on business performance, and simultaneously stem the tide of fraud before its impacts become irreversible.

For more information download Shape Security’s latest whitepaper: The New Business Imperative