E-commerce merchants face a continually difficult balancing act. They must enable smooth and seamless user experiences that don’t cause undue friction to consumers, yet still are effective at keeping fraud and cybercriminals at bay.
This is difficult because the tools and tactics used by attackers enable them to disguise their true identities and appear as if they are legitimate traffic coming to a website. That’s why e-commerce businesses cannot rely on traditional identity-based methods for detecting and stopping fraud. They must instead consolidate technologies and data insights across fraud prevention, consumer identity management, and website security to create a fraud-free environment that doesn’t hinder the user experience.
This is important because e-commerce fraud is on the rise. Attackers use automation to brute force attacks on gift card websites. They launch credential stuffing attacks at scale to compromise and take over user accounts. They use bots to scrape information, hoard inventory, and create fake new accounts with which to commit further acts of fraud.
The rise in fraud is paralleled by the rise in digital customer touchpoints. In order to serve their customers better, online retailers are meeting them where they are in the digital realm, whether that be on a PC, mobile device, native app or gaming console. This proliferation in digital touchpoints has made it easier for fraudsters to blend in and gives them a large attack surface to target. This makes for a large “gray area” where traffic is hard to classify as good or malicious.
The Importance of Cross-Team Convergence
The optimal way to fight off these attacks is to detect them early and cut them off at the pass. That means stopping attacks that target login and new account registration points. If e-commerce firms can stop attacks at the moment they come to their platform, they can protect customers and save money. This requires getting an enterprise-wide view of security and breaking down silos between fraud, infosec, and identity teams.
The convergence of fraud, identity, and infosec is important at many levels as it helps bring diverse views of the threat landscape together. For example, broad macro or industry level risk assessments at the infosec level, portfolio-specific attacks at the fraud level, and the impact on individual identities. This creates a more layered defense approach against attacks targeting e-commerce platforms.
This means businesses will need clearly defined protocols for information sharing — within and outside of the company — and following the best practices for communication. When it comes to sharing data internally, organizations must identify the teams and people responsible and accountable for communication. Further, organizations can drive change where needed to ensure that intelligence can be shared appropriately and safely to promote a more secure environment.
Creating this cross-team convergence efficiently is crucial for organizations, and they can leverage technology to help them do so. Today, we have better machine learning models that enable us to verify identities and really look at the convergence of fraud, identity, and infosec.
Attacks are increasing in frequency and severity on a daily basis, but technologies such as artificial intelligence and machine learning can help cut out the noise to allow fraud teams to focus on responding to more complex threats and try to uncover what attackers are planning next.
The Future is Digital
The world of commerce is now, more than ever, conducted in the digital realm and it is imperative to keep it safe for consumers and free from malicious actors. This is a shared responsibility; the new digital economy will require a new generation of critical supporting infrastructures, chief among which are 5G networks and the cloud. These infrastructures depend on shared technical standards, strong privacy protections, and resilient cybersecurity.
By aligning fraud, infosec and identity operations, e-commerce platforms can ensure the digital economy, both now and in the future, is safe for all good users.
Watch the Rebroadcast