Big Sales Events Shouldn’t Mean Relaxed Fraud Defenses
By Evan Schuman /
21 Jul 2016
On July 13, Amazon declared that its second Prime Day was its “biggest day ever,” selling more than 90,000 TVs, “hundreds of thousands of Kindle e-readers,” 200,000 headphones and 215,000 pressure cookers. (As an aside, only Amazon could get away with making all of these claims without actually revealing any revenue stats at all.)
No matter how you slice it, Amazon sold a lot of stuff – and it’s easy to imagine that mixed in with the fervent shoppers were equally enthusiastic fraudsters, looking to take advantage of this “biggest day ever” for their own gain. Big crowds in retail, whether in-store or online, mean lots of fraud attempts. But how many of those will be successful is another question.
The reasons for the increase in fraud attempts is essentially the same, whether it’s in a store or online. Thieves take advantage of crowds, inexperienced temporary sales people and a perceived relaxing of fraud practices to hide their fraudulent behavior. Why do thieves expect fraud defenses to be relaxed during big sales events? Because, unfortunately, they often are.
Fraud strategies are changed out of fear
Let’s look at how it happens in a brick-and-mortar shop. Retailers often see fraud prevention tactics like checking IDs as time-consuming, so when crowds are lining up out the door they look to speed up the sales process. When the store is mostly empty, taking an extra 30 seconds to authenticate a physical customer feels less costly than when there are 20 people standing behind that customer, growing more and more irritable.
It’s similar in an online world, when a glut of shoppers is overloading your servers. E-commerce sites may freak out when they see the site slow to a crawl and many (especially smaller sites that don’t have full-time fraud teams) may fear that their anti-fraud system is standing in the way of sales. Therefore, they relax their typical fraud thresholds and change their fraud strategy to let more shoppers through, so they can maximize their own “biggest day ever.”
The reality today is that effective online fraud defenses can be quick, easy, and typically non-disruptive. Fact: Fraud tactics shouldn’t be relaxed during the holiday—or special sales events like Amazon’s Prime Day. But it’s also fact that they shouldn’t be increased, either. The overwhelmingly most effective fraud strategy is to select the best settings initially and then leave them. If something has materially changed or if your fraud profile changes, talk with your team about re-evaluating, but unless that happens, leave everything constant.
When to change your fraud strategy vs. when to leave it constant
A fraud strategy should be treated like a retirement investment. Wisely choose the mixture and the amounts and how they are distributed—and then, barring some severe change in circumstances, leave them alone. Inexperienced investors making hundreds of minor adjustments are the stuff of dreams for investment brokerage houses that make money on churn. If you’ve chosen wisely, it should pay off over the duration.
Much of the same is true for a fraud strategy. If something meaningful changes—such as a different tactic now popular with thieves or a meaningful change in your product mix—of course you need to make the adjustment. But a high-profile event, such as a major sale, isn’t a reason to toy with a properly-done fraud strategy.
Increasing fraud sensitivity during a sales event means that you’ll be decreasing that sensitivity afterwards. And the thieves will be waiting. Constant and steady vigilance is the only viable long-term approach. Reducing your fraud defenses (which is identical to “no longer increasing them”) is simply giving your attackers something to detect.
Let’s address the concern. If you think your fraud defenses slow down transactions, re-evaluate how you are deploying and whether it’s the right approach for you. Don’t cut back on your defenses: fix them. Any kind of security should never meaningfully hurt your sales. If it does, you have the quintessential tail-wagging-the-dog situation.
In other words, your fraud prevention tool should always complement and support your core businesses practices, not the other way around. And if you’re confident in your core business practices, you should remain confident in your anti-fraud approach – even during sales, special events, holidays, and other “biggest days ever.”
Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld, and eWeek.