Wherever and whenever there is commercial activity, you can be reasonably confident that criminals will not be far away. Cyberspace offers no exception to that rule. According to IT security giant McAfee, online businesses lose around $400bn to fraudsters every year, and as the size of the e-commerce universe grows, so does the level of criminal activity.
But it’s not really the global figures that matter. To an online business the real concern is the threat to its own bottom line from hackers and credit card fraudsters who continue to leach away money that could be used to re-invest in the business and create jobs.
There has been some improvement in recent years. For instance, a 2013 survey by Lexis Nexis found the percentage of online revenues lost to fraud in 2013 fell to 0.5% from close to 1% a year earlier. But the picture is mixed. The same survey found that identity fraud was on the rise – increasing to 17% of total frauds from 15% a year earlier.
In other words, as certain forms of security are stepped up – for instance, checks on stolen cards – fraudsters will change their tactics, often by attempting to log on to legitimate accounts. Online businesses have a duty to be vigilant.
Who is logging on?
But being vigilant is not always easy. For instance, if a customer has shopped regularly with an online retailer, the chances are he or she has opted to have the relevant card details stored on a secure server.
The account will be protected by a user name – often simply an e-mail address or the proper name of the customer – and a password. For the fraudster, it’s simply a case of hijacking both and gaining access.
And establishing the user name and password may not be that difficult, especially if the fraudster has access to certain key details of the customer’s life. However, it’s not that easy either. Finding the right user name might take two or three attempts and coming up with the correct password will probably take even longer.
So what you’ll have are multiple login attempts, perhaps carried out by someone with a little bit of insider knowledge or by professionals with dedicated password generation software.
Of course, a multiple login doesn’t necessarily indicate fraud. Most of us have been in the situation where we’ve forgotten a password for a particular account and then tried a few of our favourites until we hit on the right one. But while such behaviour doesn’t prove fraud it can certainly flag up the possibility that criminal action is taking place. It is important that online businesses can capture and act on this behaviour.
Identifying fraud in real-time
UserReplay’s customer experience management solution can play a hugely important role in combating this kind of fraud.
UserReplay has been created to record and play back customer journeys, page-by-page and click-by-click. Once recorded, selected journeys can be played back to identify problems on the site. Primarily it’s a means to rectify usability, performance and functionality problems quickly and cost-effectively.
But UserReplay also features analytics linked to a real-time dashboard. And its analytical capabilities can be used to spot specified behaviour patterns, such as multiple logins and then alert managers. As such it provides a real-time early warning system, allowing managers to intervene, perhaps by freezing the account temporarily or contacting the customer. In other words, it can help to stop certain types of fraud attempts in their tracks.
Equally important, if a suspected fraud does take place, UserReplay allows the customer journey to be replayed as a means to gather evidence.
UserReplay is an invaluable tool for improving customer experience. It can also be a weapon against fraud and a means to protect your customers.
Photo: General Physics Laboratory/flickr cc