The Current, delivered daily.
There is one lingering element among the sea of sales heading into the new year that could stick around well into 2023: fraudulent bots.
As online shopping continues to grow in popularity, so does the risk of fraud and cyber-attacks. The presence of these bots on retailer websites can threaten the completion of successful, authentic purchases in the buying journey for consumers. For brands themselves, they can lead to increased security risks, poor site performance and incomplete purchase headaches. With more sensitive personal and financial information being shared online, retailers need to ensure that their customer data is protected at all times, which means security in ecommerce payments is more important than ever this year.
In today's digital landscape, constant technological advancements and the significant increase in online activity due to COVID-19 contribute to the rise in cybercrimes and bot threats. The sophistication of cybercriminals and the rise of advanced attacks against protocols like Payment Card Industry Data Security Standard (PCI DSS) compliance have made it imperative for retailers to implement robust security measures in their ecommerce operations. For example, specific bot-powered fraud threats include these disruptive schemes:
- Account takeover: This type of fraud occurs when a bot takes control of the user account, and the activity results in unauthorized transactions and theft of users’ personal information.
- Ad fraud: Bots are used to artificially inflate website traffic or click on online ads, which results in wasted ad spend.
- Carding: A form of card fraud where attackers make many attempts to authorize stolen card credentials.
The root solution to this problem is to protect customer information. So retailers must ensure that their online payment processes are secure and that payment systems are protected against bot activity and other forms of cyber-attacks. As a result, implementing security measures that can quickly detect and prevent fraud has become a top priority.
How to optimize against bot-based fraud
Protecting one’s company from bots and fraud doesn’t have to be a complicated process. In fact, it’s par for the course in today’s tug-of-war between bad actors and cybersecurity systems. It’s important to understand that any business can become a target of a bot attack, but it isn’t a foregone conclusion that bot activity will cripple that company’s ecommerce operations. It is crucial to first be aware of the risks and establish an actionable method to protect themselves.
Implement continuous monitoring for suspicious activity.
Businesses should continuously monitor transactions and suspicious activities while having an incident response plan in place to quickly detect and respond to bot fraud. Implementing fraud detection software programs can analyze customer behavior and transactions in real-time to identify and flag such suspicious activity.
Behavioral analysis is used to track and analyze customer behavior over time, which allows payment orchestration platforms to identify long-term patterns of fraud. This can include tracking customer browsing and purchase history, as well as analyzing repeated customer interactions with a retailer's website. This ultimately helps to quickly identify and prevent fraudulent purchases or account creations.
Prioritize anti-bot technology.
Implementing CAPTCHA, multi-factor authentication, or challenge-response systems to detect and block bots from accessing websites or applications are table stakes at this point. But it should be said that these basic preventative measures can help stop automated scripts from creating fake accounts or gaining access to login credentials to make fraudulent purchases. Simply put: they get the job done.
Additionally, businesses can also use IP blocking and user-agent blocking to cut off known bot IP addresses. Tokenization is another anti-fraud method, in which payment providers tokenize sensitive data such as credit card numbers and replace them with a non-sensitive equivalent called a token. The token is a randomly generated string of characters that has no intrinsic value and is used to reference the original sensitive data. The sensitive data is then stored in a secure, off-site location, separate from the token so data isn’t stolen or compromised during a data breach.
Rely on payment platforms for easier detection.
Payment platform partners usually have robust fraud detection and prevention systems in place and can help businesses use their technology and data to help identify unauthorized transactions. Payment technology itself can be used to assess the risk of a transaction by analyzing data such as a given IP address and device data to then be used to identify potential fraud, including bot activity. By analyzing large amounts of data, these algorithms can quickly identify and flag suspicious activity, such as multiple purchases from the same IP address or abnormal spending patterns.
Implementing 3DS authentication through payment providers also increases the level of security and helps to prevent account takeovers by bots. 3DS authentication works by redirecting customers to their card issuer's website during the checkout process, where they are prompted to enter a one-time code or use biometric authentication to verify their identity. This helps to ensure that the individual making the purchase is the actual cardholder and not a bot using a stolen or compromised card.
The benefits of implementing a secure payment process
We’ve gone through the how, but an equally important component of the equation is the why. Being secure sounds good, but what will a secure payment gateway — which allows retailers to accept credit card and other electronic payments securely and seamlessly — do for a retailer, site visitors, and eventual customers?
Simply put, a secure payment gateway provides encryption and security protocols to protect sensitive customer information, such as credit card numbers, during online transactions. This ensures that customer information is transmitted securely and is not vulnerable to the severe hacking or data breaches mentioned above. Most importantly, this helps to build trust with customers, so they can be confident that their personal and financial information is protected.
Furthermore, a secure payment gateway also allows retailers to accept a wide range of payment options, including credit cards, debit cards, e-checks, and more, which can increase the chances of customers completing a purchase. A streamlined checkout process is probably the most fundamental yet important component when it comes to customer retention. It seems simple to say, but making it easy to check out and increasing the chances of customers completing their purchases reinforces brand security in the customer’s mind, on top of increasing sales for the retailer.
From an internal perspective, a secure payment gateway can also provide retailers with valuable data and analytics. This can include information on customer demographics, purchase history, and more, which can be used to improve the customer experience and optimize marketing and sales strategies.
Security in ecommerce payments is crucial in 2023, as online shopping continues to grow in popularity, as does the risk of bot-related fraud and cyber-attacks. Retailers need to protect customers' sensitive information and their reputation by ensuring secure online payment processes and implementing robust security measures to detect and prevent fraud.
Ralph Dangelmaier is the CEO of BlueSnap, an online payments technology company.
Trending in Operations
"Fashion ecommerce is one of the most cumbersome customer experiences that exists," said Rent the Runway CEO Jennifer Hyman.
The rise of generative AI is bringing with it a groundswell of interest and concern about how the capability to automatically synthesize information and create something new will change how we work.
Given that AI will sit within the architecture of our digital lives, it’s also worth considering how the technology will introduce new tools for other aspects of life, as well.
For two ecommerce innovators in the apparel space, it’s a time to explore how it will transform shopping. Rent the Runway is set to roll out new AI-powered search capabilities, while Stitch Fix is drawing on a long history with data science and machine learning to personalize the inventory buying process.
Here’s a look at the initiatives underway at each company, and their visions for the future:
Rent the Runway: From search to concierge
Rent the Runway is putting a focus on the customer experience this year as it seeks to retain more subscribers and continue a yearslong push toward profitability.
This is resulting in the introduction of a variety of new initiatives, from the addition of an extra item to all orders to speeding up page load times. Yet as CEO Jennifer Hyman zooms out, she sees change being necessary on an industry-wide level in fashion. Beyond adding new features, AI can play a transformational role.
“I think that fashion ecommerce is one of the most cumbersome customer experiences that exists. You are searching through pages and pages and pages of content to find the items that you like and no one likes doing this,” Hyman told analysts on the company’s earnings call this week. “As an industry that still is selling physical products, AI is going to be -- fashion is going to be a major beneficiary as an industry.”
As a rental service, Rent the Runway has a distinct niche in fashion that lends itself to AI’s advantages, Hyman said. As opposed to a retailer that a consumer may visit a couple of times a year, RTR is used frequently by customers. So Hyman said there are opportunities to turn Rent the Runway into a “utility” by creating a more seamless experience.
This frequent use also provides a “highly unique” dataset, Hyman said. They know what a customer is planning to do based on what they rented. They know whether she liked or disliked an item, and many customers are reviewing 10 items per month. They know her size and how an item fits. This can be put to work in tools that allow customers to ask questions, and find answers.
The first application that combines AI and these advantages will appear in the coming weeks, when Rent the Runway plans to launch a beta of AI-driven search. The tool will allow customers to search for common terms or use cases for an item. So a person will be able to write “Miami vibe,” “‘clambake in Nantucket,” or “tropical motifs,” and receive results about what to wear for such an occasion.
The goal is to help customers sift through the endless aisle, and instantly finds what's right for them.
“I think that across all fashion sites, all over the world, the way that people are searching for product is fairly vanilla, it's fairly functional, right?" Hyman said. "You can go to a site and search for a T-shirt, you can go to a site and search for a black-tie gown. The fact that we're going to be able to enable our customers to search how they actually want to use this closet in the cloud, to search for items to wear to my beach bonfire this weekend, that is a completely different way to search, and I think that it really brings out the value proposition of what a closet in the cloud is all about."
Hyman sees this as a first step in the company using AI models to improve the product experience, and expects more tools to appear in the coming months. RTR is also introducing an SMS concierge experience for onboarding that allows customers to text with a member of the customer service team. The company is already exploring ways that AI can be incorporated into that tool, as well.
In the longer term, Hyman said the company has a vision that will leverage AI to allow customers to communicate with Rent the Runway asynchronously across different modalities, and have a stylist that is constantly available to recommend items, pick out new inventory and answer questions.
“If we are utilizing AI appropriately over the next few years, I see no reason why someone even has to come to our website,” Hyman said.
Stitch Fix: Inventory buying and beyond
Stitch Fix has long married AI with human curation to provide outfits on a subscription basis.
“For years, we have utilized capabilities in generative AI, injecting scores and language into our personalization engines and, more recently, automatically generated product descriptions,” CEO Katrina Lake told analysts. “We have also developed and implemented more advanced proprietary tools such as outfit generation and personalized style recommendations that create a unique and exciting experience we believe is unmatched in the market.”
A new area where the company is applying AI is inventory buying.
“We have historically utilized a number of tools to make data-informed decisions with our inventory purchases,” Lake said. “Now, directly leveraging our personalization algorithms, we have developed a new tool that creates an exciting paradigm shift, which will utilize math scores at the client level to drive company-level buying actions. We expect the clarity of demand signals at the individual client level to drive more proactive and efficient inventory decisions as a company. And because of this, we expect to see higher success rates on fixes and drive increases in keep rates and [average order value] over time.”
Early results are promising. When compared with existing buying tools, testing showed a 10% lift in keep rate and AOV. By the end of this quarter, Stitch Fix expects 20% of all purchase orders to be algorithmically informed.
With experience using AI and a team in place to build, Stitch Fix is investing in the technology. Like Rent the Runway, it also has a unique dataset that offers an immediate advantage.
Here are Lake’s thoughts about how Stitch Fix’s AI strategy:
One of the things that I love about our experience is that we have generative AI that's really in more of a visual format. And so, the outfits that we have in our app, those are actually taking into account your preferences, what we know about you, and then in combination with what we know that you own in your closet. And to be able to kind of continue to push that technology and to be able to continue to give people more value in their experience with Stitch Fix, that's a really good example of, I think, a capability that is, firstly, really aligned with our capabilities around data and personalization and really unique to us.
And then I think it's also really compelling because I really think that pushes us as we think about what that addressable market is. I think if we can push outfits to be something that can be an asset to everybody, I think that is a universal thing that people would love to be able to have, is to have access to advice on a daily basis around what to wear and how to wear it.
While these are distinct companies, their plans lead us to a common conclusion: While the talk around generative AI might be new, many technology-forward companies already have assets sitting inside them that can be leveraged to build new tools. Uncover what’s already there, learn about the AI’s capabilities and develop a solution that's right for your organization. Then, talk to customers to determine how to improve it. It might mean commerce looks different, but that’s okay. The point is to create a better experience.