October 28, 2021
Online scams are on the rise. The losers are not only consumers, but also businesses, both in economic terms and in terms of image damage. We interview Alberto Salomone and Vanessa Mellone, who at Increso are involved in the development of projects in the anti-fraud field, to take stock of the most effective counter and prevention strategies and the resources that companies can deploy to transform a risk factor into a lever of loyalty and retention.
Digital conversion runs fast, faster and faster. The lockdown, first, and living with the virus, then, have imparted an unprecedented acceleration to this digital migration process. Let's quote a figure to get an idea of the size of the phenomenon: as of March 2020, 75 percent of the revenue achieved by e-commerce was generated by new users.
A revolution that makes it necessary for any business to effectively preside over a digital space, which exposes it, however, to a constantly evolving danger namely that of fraud.
In such a changing and complex environment, what are the assets, strategic approaches and tools to focus on to turn "barriers" and "security" protocols into competitive advantage and positioning leverage?
We asked Alberto Salomone, Fraud & Risk Manager, and Vanessa Mellone, Fraud & Risk Specialist, both active in Increso, who talked to us not only about technology but also about human relations, team working and cooperation.
In these months marked by unparalleled digitization, how are the fraudulent phenomena evolving?
"In general, it is well known that during the lockdown there was a considerable increase in e-commerce transactions (+23 % globally according to a study by TransUnion in the week following the declaration of pandemic by WHO). This increase was accompanied by an increase in fraudulent transactions (+5 % compared to the previous period i.e. that between January 1 and March 10).
This acceleration has not always been accompanied by an adjustment and strengthening of security measures, thus increasing the level of vulnerabilities and threats.
In this context, depending on their industry, companies have exposed themselves to an increased risk of, for example, Chargeback abuse by their users who, after purchasing goods and/or services from a Merchant, disavow the transaction in order to be reimbursed. Other growing phenomena are those related to purchases made through the use of information related to payment instruments (e.g., credit cards), fraudulently uploaded, and those related to identity theft aimed at signing contracts to purchase goods and/or services without the victim's knowledge.
The increase in such phenomena could negatively affect the propensity to purchase online. The real challenge that companies are therefore called upon to overcome is first of all to minimize the risk of fraud, but then above all to transform that residual percentage of risk into a strategic moment of acquisition and loyalty, offering an effective support service that can support, compensate and solve any problems.Traditional direct contact with the operator then becomes crucial."
About the cruciality of customer care: according to a recent survey conducted by Hipay, 64 percent of Italians who intend to make an online purchase do not consider a site without customer care-related contacts safe, which is the first touchpoint to which 37 percent turn in case of fraud. What activities and resources should a company put in place to properly train operators and ensure high service standards?
"The results of the research conducted are in line with what we have found in the course of conducting operational activities in Increso.
When a user realizes that he or she has experienced fraud, for example by checking the statement of his or her payment instrument, the first action he or she takes is to contact the customer support of the merchant associated with the transaction, even before contacting the issuing entity for more information.
Having specialized resources capable of analyzing the reports received from users and the individual events that occurred without leaving out any details, even those that might seem superfluous, could minimize the impacts, including economic ones, and the image damage suffered, strengthening, consumer trust in the brand and, for existing customers, their loyalty."
In the face of increasing complexity of the frauds being perpetrated, how strategic can it be for a company to have specialized technologies and resources?
"For those operating in the e-commerce arena, it is vital to equip themselves with technological tools, organizational systems and specialized resources that can manage risks in a structured, cross-cutting manner within business processes.
Technology may prove insufficient if not properly complemented with human resources capable of interpreting and managing the technology platforms, and the results that such solutions might bring out, in order to support the customer and protect the company's assets in preventing and resolving fraud."
How, then, to build an effective preventive response that can integrate and calibrate technological tools and human component?
"An effective preventive response is built from the development of timely and constantly updated guidelines, business and operational procedures.
This requires first considering the type of business, knowing and mapping systems, technology platform functionality, business processes and relevant regulations.
Therefore, it is necessary to have the ability to identify the risks and vulnerabilities of the target environment (Fraud Risk Assessment) in order to build an appropriate governance model that takes into account the prevention, detection and deterrence components that can effectively manage risk.
It is therefore essential to have the availability of resources with specialized cross-cutting skills that can contribute to the definition of an effective framework.
In addition, it is necessary to define roles, organizational responsibilities and spread the "culture" of risk by making use of the commitment of top management."
What are the aspects to consider in setting up an e-commerce?
"In addition to implementing a strategy that takes into account the elements previously described, it is necessary to adopt solutions that comply with best practices and frameworks. Think about adopting payment systems that meet PSD2 compliance, and adopting reliable hosting and security protocols for secure transactions (SSL/TLS, SET, Https, PCI DSS compliant). In addition, systems should be Security-by-Design/Default: conceived, designed and produced with cybersecurity in mind.
It is particularly important to provide dual authentication systems: username and password are no longer sufficient to ensure secure transactions. At least one additional authentication element of a different type is now necessary. In this case we speak of strong authentication, which is based on the use of multiple factors exclusively available to the user: the knowledge of a pin or password; the possession of a personal device or token; and the inherentness of a biometric data, such as fingerprint or voice stamp.
In addition, it is essential to have systems in place to monitor transactions, access and customer behavior."
How is an anti-fraud training plan structured and what are the topics that under no circumstances can be missed?
"In Increso we also deal with this and can say that an adequate training plan must take into account not only the particularities of the business of reference, the regulatory contexts, but also and above all the scenarios and difficulties that each figure, placed in charge of the main touchpoints, may encounter.
The development of procedures and training of resources is a continually updating process that evolves as fraudulent phenomena and scenarios evolve. To incorporate the changes, it is essential that the various teams and corporate structures cooperate in order to identify potential risk areas as well as share new fraud scenarios that have emerged, the products and services most impacted, and the results achieved with the countermeasures implemented.
The processes of information sharing and development of synergies, moreover, are essential not only within the individual corporate entity, but also externally by sharing scenarios and phenomena with external entities or working groups in order to contain their occurrence."
Is training therefore an essential cornerstone in terms of anti-fraud?
"Yes, without a doubt. When we talk about anti-fraud, we talk first and foremost about awareness. It is certainly a set of tools, protocols and operations, but that comes from a complex of knowledge, strategies and skills that are not only technical, but also relational.
It is for this reason that in Increso, the training of customer care operators, involved in projects commissioned by our client companies, is a transversal process that aims not only at the acquisition of technical procedures but above all at the identification of a specific sensitivity capable of adapting to unprecedented scenarios and situations, also thanks to the support of dedicated responsible figures.
Training is the glue of all the elements we have seen above, it is the base from which to start: the only tool that can enable the effective integration of automation and the human component, which is fundamental both for the prevention and management of fraud risk, but more importantly for its transformation into a lever of loyalty and brand reputation."
Experience and innovation at your service
Contact us to define together a strategy tailored to your business. And your customers'.
​
