With the effects of the pandemic leading to lockdowns and prolonged movement controls, businesses look to digital eCommerce channels to engage their consumers. However, fraud becomes an impediment for business moving to these digital payment channels.
iTNews Asia speaks to Joe Cunningham, Regional Risk Officer for Asia Pacific at Visa to find out how businesses can transition to digital eCommerce securely, and what steps organisations must take to ensure payment security for their consumers.
iTNews Asia: Given the impact of the pandemic, how has the landscape changed in Asia with regard to digital eCommerce channels?
In Asia Pacific, lockdowns and prolonged movement controls have led to new consumer behaviours and preferences, accelerating the shift towards digital-first experiences, particularly commerce and payments.
Using Southeast Asia as an example, 72% of consumers say they now shop more frequently online than before the pandemic, while 44% say they shop less frequently at physical outlets. We believe this shift is likely to persist as the convenience of eCommerce is indisputable, and its growth continues to be robust even as customers begin to return to stores.
Although consumer behaviour changes may differ in each market, one commonality is the rise of digital payments, which includes the shift towards using digital wallets and phones to pay. These habits are in turn replacing cash as the main mode of consumer payment. Today, nearly half of all consumers in Southeast Asia say they prefer using digital payments to cash, compared with just 7% pre-pandemic.
iTNews Asia: What are the factors preventing eCommerce from taking off? Do you see this changing?
When mobility restrictions were in effect during the pandemic, we saw a rapid shift to eCommerce by consumers. This forced many businesses to rethink traditional ways of doing business and pivot online as well. Although eCommerce is growing, not every business is prepared with the right capabilities to keep pace.
There are three key factors holding them back from capitalising on digital commerce opportunities.
- Increasing incidence of fraud
As online shopping becomes mainstream, fraud has correspondingly migrated from traditional face-to-face channels to eCommerce. Globally, eCommerce fraud is forecast to rise to USD78 billion by 2023. Many businesses, especially small business that are joining digital commerce for the first time, are unfamiliar and ill-equipped to handle the risk of payment fraud.
- Cumbersome checkout process
In an age when consumers expect eCommerce payments to be as simple as tapping to pay in physical stores, asking customers to fill up an online form every time they pay dulls the shopping experience. A poor checkout experience is also the most likely reason that consumers abandon their online shopping carts.
- Online payment approval rates
Too many consumers are having their eCommerce transactions declined because they are mistakenly flagged as fraudulent. Without the right fraud management tools, businesses are testing their luck when deciding whether or not to approve a transaction.
If they block all payments, they are left with no sales. But if they approve all transactions, including suspicious ones, fraud is bound to impact them. Globally, the card-not-present authorisation rate is just 80%, compared to 98% in the face-to-face environment.
One in five eCommerce transactions are declined, which leaves billions of dollars left untouched. Therefore, businesses need to adopt the right solutions to help them decide when to approve genuine transactions and when to decline doubtful ones. This will ultimately not only protect businesses but also create safer buying experiences for consumers.
COVID-19 has accelerated digital transformation, pushing many traditional businesses to become digital merchants overnight. With more personal and financial data stored digitally and employees connecting remotely to work, the risk of fraud on digital channels has increased.
- Joe Cunningham, Regional Risk Officer for Asia Pacific at Visa
iTNews Asia: With a lot of businesses moving to digital payment channels, how have payment fraud attackers evolved their methods? How does Visa detect these attacks?
One of the most prevalent forms of eCommerce payment fraud today which affects issuers, merchants, and acquirers globally is enumeration attacks. Cybercriminals are using big data and AI to systematically submit transactions with enumerated values hoping to find legitimate account details or initiate one to two low dollar transactions to verify if an account is active and take it over. Once valid payment information is obtained, it is then sold on cybercrime websites.
At Visa, we take enumeration very seriously by investing in technology to inform, block and identify these attacks in flight.
An example of this is Visa’s Risk Operations Centre (ROC) – a 24/7, real-time fraud detection and mitigation system operated by our team of fraud and security experts. ROC analyses millions of transactions every day for known and emerging fraud threats.
ROC’s capabilities are integrated with advanced Visa Account Attack Intelligence (VAAI) to identify and report enumeration quickly. However, we cannot prevent fraud attacks alone. We need all players to employ anti-enumeration and account testing best practices, upgrade their infrastructure and keep investing in fraud management.
iTNews Asia: What can companies do to overcome the risks associated with using digital eCommerce channels (i.e. fraud and security)? What steps can they take to mitigate these risks?
Consumer buying behaviours have changed dramatically over the past 16 months. For eCommerce businesses, this means offering customers a remote payment solution that is fast, convenient, and secure.
To add to the complexity, businesses have to deal with the increasing risk of fraud in eCommerce channels. Every organisation manages business risk differently, so there is no one-size-fits-all approach to payment security. However, there are three universal best practices for businesses that handle payments:
- Enhance consumer and employee education
Businesses need to engage in proactive consumer education campaigns to ensure customers are aware of the different social engineering schemes like phishing scams. Equipping customers with knowledge will empower them to spot risks and prevent them from becoming victims of fraud.
Most fraud and data breaches can be avoided. Businesses need to educate employees that any personal and payment data needs to be handled confidentially and in accordance with local data privacy regulations.
- Use risk management solutions that improves the shopping experience for customers while protecting businesses from fraud
Solutions based on industry standards like the Visa Token Service (VTS) turns sensitive payment data like card numbers and account details into randomised tokens, thus devaluing data and rendering it useless for fraudsters even if stolen.
This means merchants don’t have to store payment data on-premise. VTS is also one of the largest payments security platforms offering data protection while reducing unnecessary form filling steps for consumers.
- Payment security is a shared responsibility
While it is important for businesses to adopt best practices, we understand that businesses simply want a payment system that helps them sell more goods and services. Sometimes, it is easier to work with a trusted partner to deal with payments.
Visa provides a list of approved third-party services providers that offer the full range of eCommerce solutions, from payment gateways to payment facilitation.
iTNews Asia: Do you think companies were prepared to handle payment fraud when they moved to digital eCommerce channels? Why?
COVID-19 has accelerated digital transformation, pushing many traditional businesses to become digital merchants overnight. With more personal and financial data stored digitally and employees connecting remotely to work, the risk of fraud on digital channels has increased.
What we have witnessed is that companies who have been investing in digital capabilities before the pandemic are the ones who have reaped the most benefits from the growth in digital commerce.
Visa’s focus is on helping millions of small businesses that have come online for the first time to deliver fast, secure and convenient commerce. Small businesses play a vital role in assisting communities to recover – they account for more than half of global employment and are among the most affected by the pandemic.
The decision to focus on small businesses is a strategic one. Fraud is particularly threatening to small businesses and the financial harm can put them out of business. As small businesses turn to eCommerce for the first time, many of them are focused on attracting customers and are not aware of payment security best practices. For instance, many small businesses store payment information in unencrypted servers, making them an easy target for fraudsters.
iTNews Asia: Would AI and analytics be able to help detect payment fraud from happening?
Visa has been applying AI to analyse transactions in real-time since 1993. Our solution, called Visa Advanced Authorisation (VAA), is estimated to have prevented some USD25 billion in annual fraud.
More than 8,000 financial institutions around the world use VAA.
It works by:
- Examining 100% of Visa transactions in real-time against more than 500 attributes for fraud indicators.
- Generating a risk score which is shared with the accountholder’s financial institution, where the decision is made to either approve to decline the transaction or flag the transaction for follow-up with the account holder.
- Providing real-time authorisation using predictive analytics to identify and prevent fraud.
