As more and more consumers are placing online orders, merchants are having to step up their e-commerce game, making sure the browsing and checkout process is seamless for consumers and secure from the risk of fraudsters
Enter time-sensitive two-factor authentication (2FA), a protective layer to the login process.
One way merchants have tried to stay ahead of savvy fraudsters is by increasing the complexity of account passwords. Many now require customers to use a complex combination of upper- and lowercase letters, numbers, and special characters to protect vulnerable accounts against fraud. But even that isn’t enough: Customers tend to reuse passwords, and just one breach can lead to multiple accounts being compromised.
Two-factor authentication makes the whole process a lot simpler and more secure.
Typically, 2FA require a customer to enter something the customer knows (such as passwords and challenge questions) plus something they have (such as security tokens or mobile devices) or something they are (such as fingerprints, facial scan, etc.). This not only increases the security of transactions, but it can also eliminate up to 80% of data breaches.
But while 2FA offers increased protection against fraud, it does come with different kinds of risks: customer friction and frustration. So before e-commerce retailers add 2FA to their checkout processes, here’s what they’ll want to consider.
As technology becomes more commonplace in nearly every aspect of daily life, fraud has become just as pervasive, with cybercriminals seemingly reveling in finding new ways to exploit vulnerabilities in e-commerce stores. Here’s why more and more merchants are turning to 2FA to stop fraudsters before they can do their damage.
With the planned implementation of the European Union’s Payment Services Directive 2 (PSD2) in December 2020, all online transactions of more than €30 will require stronger customer authentication. Every merchant doing business in the European Union — including those not EU-based but with EU customers — will need to implement 2FA across purchases.
Merchants who sell big-ticket items or items that are easily sellable on the secondary market are often targets for fraudsters. But 2FA adds extra hoops to jump through for fraudsters looking to compromise customer accounts, making it more difficult for them to use credit card information purchased on the dark net. Even if fraudsters manage to obtain passwords and other card-specific details, they aren’t likely to have the second element for authentication.
E-commerce retailers who boast extra layers of security are often perceived by merchants as safer. And when shoppers feel more secure, they’re likely to be loyal to the online merchant and make bigger and more frequent purchases in the future.
But just because 2FA is designed to make online shopping safer for customers doesn’t mean it’s infallible. And it certainly doesn’t always make it easier. Here’s why 2FA might not be the right solution for every merchant.
Many retailers use the “knowledge” factor as the preferred additional layer of security in two-factor authentication, but unfortunately, it’s the most easily compromised. The reason? It’s easy to gain knowledge about relative strangers on the internet today — especially on social media, where users are eager to complete online questionnaires and upload photos that divulge personally identifiable information. All it takes is a little bit of patience and research, and cybercriminals can relatively easily crack passwords, PINs and even challenge questions.
As merchants require more and more of customers — Where did you go to high school? What six-digit PIN did we just send to your mobile device? Do you want to remember this device? — retailers increase the likelihood that customers are simply going to abandon their purchases and seek a retailer who makes it easier to check out.
Or what happens if customers aren’t near their phones to receive the six-digit authorization code that was just texted to them? Or what if they’re using their spouse’s account and the account’s two-factor authentication is tied to the spouse’s phone number? Adding too many barriers may result in customers second-guessing their purchases and opting to shop elsewhere.
For customers to set up two-factor authentication, they must give up a little bit of their personal information. And with the increased frequency of data breaches, customers don’t want merchants to know everything about them — even if the information is being requested under the guise of increased security.
Merchants may act as if everyone is out to defraud them when, most customers are legitimate shoppers who just want to make a purchase. When a shopper visits a website, they’re already providing merchants significant amounts of data, like IP address information, browsing history, and time spent per page. So much information, in fact, that most of these customers don’t need to be subjected to extra authentication. Instead, merchants may want to consider requiring 2FA only for transactions that seem exceptionally risky and not for the customers who have proven themselves to be low-risk.
While 2FA isn’t bulletproof, it can be an effective way for merchants to protect their business and their customers against fraud. But that doesn’t mean it’s right for everyone: Adopting 2FA is an individualized decision that merchants will need to make based on their vertical, customer base and overall security strategy.
Another approach to protecting an e-commerce business from fraudsters is by implementing a robust fraud prevention solution. But those solutions come in myriad forms — from simple fraud filters to comprehensive managed services solutions — and it’s not always easy to know what’s right for your business. ClearSale’s “Merchant Guide to e-Commerce Fraud Protection” helps you navigate the constantly changing world of fraud detection and prevention and helps you find the right solution for growing your business safely in 2019 and beyond. Download your free copy today.