At a time when COVID-19 has seen global eCommerce and digital traffic grow by nearly 70 percent, security experts have braced for a commensurate surge in online fraud as the holiday shopping season continues. Mzukisi Rusi, vice president of customer success at device identity and authentication provider Entersekt, told PYMNTS in a recent interview that this age-old problem is intensifying due to the many lifestyle changes the pandemic has brought about.
âFraudsters now have more avenues for attack available to them,â Rusi said. He said that more consumer interactions with digital channels and platforms simply means more crime.
âFraudsters and bad actors are in possession of stolen credentials, and theyâre ready to use them to perpetrate fraud during [the holiday-shopping season],â Rusi said. He added that the fact that there are also a wave of web-shopping rookies online this year â forced by the pandemic to shift to digital â will only exacerbate the problem.
âAs you can imagine, if youâre a fraudster, you really are celebrating right now when you see all these different factors,â Rusi said.
Attacks Are Evolving
Rusi said one of the first things financial institutions need to do is to take stock of the present landscape, which has âchanged drasticallyâ from a year ago. As much as it has been necessary to upgrade back-end systems to accommodate more traffic, financial institutions need to make commensurate adjustments to prepare for more prevalent fraud.
To that point, Rusi said education is a key component, noting that âconstant remindersâ to be vigilant and suspicious of the dangers of doing business in the digital space are critical.
âIn particular, attacks that emulate human behavior â and so-called âsocial-engineering attacksâ â accounted for about 96 percent of login attacks on financial institutions during [2020âs] first six months,â he said. âThat’s huge. Itâs really unprecedented.â
Rusi said fake accounts or attempts to use stolen or synthetic IDs to set up new credit accounts and buy high-value items via buy now, pay later (BNPL) are also way up, as are occurrences of âCEO fraudâ due to the rise of remote working.
But he added that the bad guys are using older scams as well. âAs much as these fraudsters are evolving, they also have realized that itâs better not to fix something that isnât broken.â He said they prefer to use old hack methods in new places.
A Little Friction Wonât Kill A Relationship
While eCommerce is an industry that prides itself on doing business at the speed of light, Rusi said consumers are OK with a little verification screening when they buy stuff online. He said âfrictionâ is no longer the âF-wordâ of the eCommerce world.
âThe industry likes to assume that consumers are averse to friction, but we are seeing nowadays that that statement as a generalization is not holding up any more,â Rusi said.
He cited a report that showed consumers want to be in control of approving transactions, especially when deals involve any type of payment or money transfer. Rusi said âdeputizing customersâ and giving control not only reduces fraud, but builds trust and strengthens relationships â especially when thereâs consistent security protocols in place regardless of the device being used.
âThe key to this is user experience,â he said. âThatâs what itâs all about.â
In Entersektâs case, that has taken the shape of a dynamic process that can âdial up friction and securityâ as transactions become riskier, while at the same time âremoving frictionâ as transactions become more known.
Rusi said the experience is âjust like air travel. For most people, speed is important. But the right amount of healthy friction is a wanted experience to ensure safety and retain control.â
Compliance Amid COVID-19
The pandemic-induced digital shift has reshaped the way we live, work and shop, but Rusi said itâs also increased the focus on companies to ensure theyâre adhering to new and evolving data privacy regulations.
âAt the center of all these regulations is the consumer,â he said. âAnd letâs face it, as consumers, whether knowingly or unknowingly, we have been part of the problem in terms of the erosion of our personal privacy as well as security.â
Rusi said a key challenge now and in the coming years will be finding the right balance between maintaining compliance, ensuring consumer trust and protecting personal information.
That said, an âeven more worryingâ trend financial institutions (FIs) will face as a result of new data-protection laws will be challenges to the existing ways consumers are identified, he said.
âVarious browser companies are gearing up for a war against what is termed as âbrowser fingerprinting,ââ he said. Rusi said that system risks causing a lack of transparency and consumer control involved in capturing such data.
Moving Beyond Just Serving Banks
Although based in South Africa, Entersekt is a global company that does a lot of business with U.S. and European banks. But since the bad actors are tirelessly in search of new victims, Entersekt wants to find and service vulnerable businesses in other industries as well.
âHereâs the challenge â fraudsters are constantly evolving, but they use the same methods that have worked and [try] to use those in other industries that are not prepared,â Rusi said. âSo, our focus has largely been on banking, but the reality is that any industry that now has to rely on digital engagements with consumers is one that we’re looking at quite strongly.â
He said that includes healthcare and insurance, which utilize super-sensitive medical information and is seeing a surge of claims.
âWe are continuously looking for ways in which our solutions can assist any institution that has the need to establish a strong trust relationship with consumers via digital channels,â Rusi said.