Deep Dive: Why COVID-19 Is Leading To eCommerce Onboarding Security Shifts

The coronavirus pandemic’s impact on retail is proving irresistible for fraudsters, many of whom are taking advantage of consumers’ shifts to online purchasing amid social distancing protocols.

Complaints sent to the Federal Trade Commission (FTC) indicate that Americans have so far lost approximately $13.4 million to outbreak-related scams, but this figure does not highlight funds lost but unreported — meaning the real amount snatched by cybercriminals is likely even larger.

Fraudsters’ schemes range from emails to “sell” face masks that never arrive to illegitimate sellers posting COVID-19 “cures” on eCommerce platforms. One March phishing email claimed to be from the World Health Organization (WHO) concerning vital information about the pandemic but contained an attachment that downloaded malware onto unsuspecting consumers’ computers. Another report claimed that 26.5 percent of online transactions in the first quarter of 2020 were fraudulent, representing a 20 percent rise from the fourth quarter of 2019.

eCommerce platforms have been left putting out one fraud fire after another, all while fulfilling orders from growing numbers of consumers shopping online. Integrating top-tier security into onboarding is therefore more necessary than ever, but companies must ensure their identity verification and fraud prevention technologies do not dissuade legitimate customers who want to quickly sign up and shop.

Simply upgrading to the latest technology and hoping to stay one step ahead is unlikely to pan out as an immediate anti-fraud strategy amid the outbreak, however. The following Deep Dive explores eCommerce companies’ shifting fraud prevention needs, the COVID-19 pandemic’s security impacts and how data sources like biometrics could be critical to creating secure onboarding experiences.

eCommerce Security Shifts

Consumers’ spending has seesawed during the pandemic, with increases in February followed by a 7.5 percent decline in overall spend in March. Fraudsters have not suffered from the same financial swings, however. More consumers are shopping on retail marketplaces while adhering to stay-at-home orders, and bad actors are attacking these sites with scams designed to slip past their overwhelmed defenses. Consumers and merchants alike are expressing serious concerns. Recent PYMNTS data shows six in 10 of the former live paycheck to paycheck, while small- to medium-sized businesses (SMBs) are experiencing supply chain struggles that result in fulfillment issues.

eCommerce platforms are doing their best to stave off fraudsters during this stressful period, but they must analyze their current responses and determine what their security needs will be once the pandemic has passed. Consumers will likely value more security as fraud levels rise, but they still expect ease when creating new accounts. One study claims 40 percent of customers abandon onboarding experiences within 20 minutes, for example, and that 70 percent leave if they feel they are asked to supply too much personal information. The current fraud rush did not create this prevention-versus-seamlessness conundrum, but it has upped the stakes.

The fraud prevention push is also changing the strategies and tools many eCommerce companies use to secure customer onboarding. Biometrics solutions are increasingly attractive because they do not rely on static knowledge. Fingerprints can be used to speedily onboard legitimate customers because they are much harder to falsify than consumer records — and they thus better protect against fraud. Examining such identifiers’ use after the pandemic will be essential, as they could enable companies to securely and seamlessly onboard customers.

The Data Question

Biometrics has been intriguing consumers and businesses for years, with the former shifting their views as their trust in outdated security measures like passwords wanes. Fifty-two percent of firms say they would provide fingerprints, facial scans or selfies when opening new accounts, according to one survey. Investors’ interest in these technologies is also on the rise, with biometric solutions provider BioCatch raising $145 million in mid-April to build out its behavioral biometrics capabilities. The company can verify customers’ identities during eCommerce onboarding by analyzing and legitimizing voiceprints or fingerprints.

Successfully implementing biometrics depends on correctly using data, which requires considering multiple methods to verify customers’ identities. eCommerce companies must be prepared to use eye or facial scans to identity their consumers, but they should also assess how behavioral biometrics could strengthen security during onboarding. BioCatch is employing artificial intelligence (AI) to verify new customers’ geolocations or keystrokes to ensure they are legitimate, for example. Bots can mimic keystrokes, but doing so while spoofing geolocations and fingerprints is much harder for them to accomplish.

Data is critical to maintaining strong partnerships between merchants and their customers and suppliers. This is especially true during the COVID-19 pandemic, as all parties may be wary of new relationships with unfamiliar services. eCommerce companies must reassure their customers that their onboarding processes and platforms are secure from the start, and they must also be prepared to combat fraudsters who use biometrics or alternative data such as geolocation or keystrokes.

Cybercriminals have long been adept at creating false identities using static information like names, addresses and passwords. A 2019 report noted that 85 percent to 95 percent of synthetic identify fraud — in which fraudsters leverage details from multiple legitimate consumers to piece together fake identities — bypasses fraud detection systems. Rather than be discouraged by biometric protection measures in the wake of the pandemic, bad actors are instead likely to attempt to falsify such data. eCommerce entities must therefore stay one step ahead even as they build out their use of innovative technologies, thinking carefully about how they use data to do so.