At a time when COVID-19 has seen global eCommerce and digital traffic grow by nearly 70 percent, security experts have braced for a commensurate surge in online fraud as the holiday shopping season continues. Mzukisi Rusi, vice president of customer success at device identity and authentication provider Entersekt, told PYMNTS in a recent interview that this age-old problem is intensifying due to the many lifestyle changes the pandemic has brought about.
“Fraudsters now have more avenues for attack available to them,” Rusi said. He said that more consumer interactions with digital channels and platforms simply means more crime.
“Fraudsters and bad actors are in possession of stolen credentials, and they’re ready to use them to perpetrate fraud during [the holiday-shopping season],” Rusi said. He added that the fact that there are also a wave of web-shopping rookies online this year — forced by the pandemic to shift to digital — will only exacerbate the problem.
“As you can imagine, if you’re a fraudster, you really are celebrating right now when you see all these different factors,” Rusi said.
Attacks Are Evolving
Rusi said one of the first things financial institutions need to do is to take stock of the present landscape, which has “changed drastically” from a year ago. As much as it has been necessary to upgrade back-end systems to accommodate more traffic, financial institutions need to make commensurate adjustments to prepare for more prevalent fraud.
To that point, Rusi said education is a key component, noting that “constant reminders” to be vigilant and suspicious of the dangers of doing business in the digital space are critical.
“In particular, attacks that emulate human behavior — and so-called ‘social-engineering attacks’ — accounted for about 96 percent of login attacks on financial institutions during [2020’s] first six months,” he said. “That’s huge. It’s really unprecedented.”
Rusi said fake accounts or attempts to use stolen or synthetic IDs to set up new credit accounts and buy high-value items via buy now, pay later (BNPL) are also way up, as are occurrences of “CEO fraud” due to the rise of remote working.
But he added that the bad guys are using older scams as well. “As much as these fraudsters are evolving, they also have realized that it’s better not to fix something that isn’t broken.” He said they prefer to use old hack methods in new places.
A Little Friction Won’t Kill A Relationship
While eCommerce is an industry that prides itself on doing business at the speed of light, Rusi said consumers are OK with a little verification screening when they buy stuff online. He said “friction” is no longer the “F-word” of the eCommerce world.
“The industry likes to assume that consumers are averse to friction, but we are seeing nowadays that that statement as a generalization is not holding up any more,” Rusi said.
He cited a report that showed consumers want to be in control of approving transactions, especially when deals involve any type of payment or money transfer. Rusi said “deputizing customers” and giving control not only reduces fraud, but builds trust and strengthens relationships — especially when there’s consistent security protocols in place regardless of the device being used.
“The key to this is user experience,” he said. “That’s what it’s all about.”
In Entersekt’s case, that has taken the shape of a dynamic process that can “dial up friction and security” as transactions become riskier, while at the same time “removing friction” as transactions become more known.
Rusi said the experience is “just like air travel. For most people, speed is important. But the right amount of healthy friction is a wanted experience to ensure safety and retain control.”
Compliance Amid COVID-19
The pandemic-induced digital shift has reshaped the way we live, work and shop, but Rusi said it’s also increased the focus on companies to ensure they’re adhering to new and evolving data privacy regulations.
“At the center of all these regulations is the consumer,” he said. “And let’s face it, as consumers, whether knowingly or unknowingly, we have been part of the problem in terms of the erosion of our personal privacy as well as security.”
Rusi said a key challenge now and in the coming years will be finding the right balance between maintaining compliance, ensuring consumer trust and protecting personal information.
That said, an “even more worrying” trend financial institutions (FIs) will face as a result of new data-protection laws will be challenges to the existing ways consumers are identified, he said.
“Various browser companies are gearing up for a war against what is termed as ‘browser fingerprinting,'” he said. Rusi said that system risks causing a lack of transparency and consumer control involved in capturing such data.
Moving Beyond Just Serving Banks
Although based in South Africa, Entersekt is a global company that does a lot of business with U.S. and European banks. But since the bad actors are tirelessly in search of new victims, so is Entersekt.
“Here’s the challenge — fraudsters are constantly evolving, but they use the same methods that have worked and [try] to use those in other industries that are not prepared,” Rusi said. “So, our focus has largely been on banking, but the reality is that any industry that now has to rely on digital engagements with consumers is one that we’re looking at quite strongly.”
He said that includes healthcare and insurance, which utilize super-sensitive medical information and is seeing a surge of claims.
“We are continuously looking for ways in which our solutions can assist any institution that has the need to establish a strong trust relationship with consumers via digital channels,” Rusi said.