Maplin had been a staple of the British high street for over forty years before undergoing a complete digital reinvention in 2018. Under the stewardship of new Managing Director Ollie Marshall, the UK consumer electronics retailer closed the last of its 207 brick-and-mortar stores and resurrected itself as a purely direct-to-consumer ecommerce brand – all in little under a year.
And the switch has been paying off handsomely. Over the last year, Maplin’s online revenues increased 400%. The pandemic certainly played a role in this, but year-on-year growth had been strong even before then. The switch to home-working and home-playing (games consoles, entertainment systems and hobbies) created a permanent consumer shift in Maplin’s favour, and their push into ecommerce now looks serendipitously timed.
A golden era for fraud (but not for soldering irons)
But every silver lining has a cloud, and so with the boom in online sales came a corresponding boom in fraud. Consumer electronics are highly resellable, easily transportable and typically expensive, which makes them attractive goods to fraudsters. Marshall says the end of 2020 and beginning of 2021 was a particularly difficult time: “consoles, electric scooters, mobile phones, Apple products such as airpods – anything at the top of the popular technology lists are all very hot in terms of fraud. Funnily enough they don’t want to steal soldering irons from us!”
During the pandemic, fraud rings were stepping up their game and seizing on the disruption of COVID-19 to usher in a golden era of fraud innovation. Scams began to more heavily target more links in the ecommerce process, from account creation and login through to product returns. As a result, scams which were less common pre-pandemic — such as those using synthetic identities, bots, return fraud or fraudulent fulfillment disputes — suddenly flourished.
It wasn’t just Maplin noting an uptick in fraud during the pandemic either. Toys R Us’s AVP of ecommerce & consumer technology Rohan Cherian, described fraud innovation during the pandemic as “five to ten years of acceleration and modernization that you’re really experiencing in a compressed five-to-ten-months time frame.”
Marshall says carding attacks – where bots enter thousands of stolen credit card details into a merchant’s website to test which ones can be used for fraud – were particularly prevalent at the end of 2020.
Following a carding attack, merchants are left on the hook for the potentially thousands of chargebacks which are left in their wake. Marshall says implementing reCAPTCHA and working with Signifyd has helped to stop these attacks, but he expects fraud rings to innovate and find new ways around these defences: “It’s a moving target. These holes are going to open up and you just have to hope they’re closed down quickly.” Signifyd tracked a 146% increase in bot attacks throughout the year.
Stock shortages – a result of the pandemic, political shifts and the global chip shortage – also led to another undesirable outcome for Maplin: an uptick in wholesale buying and unauthorized reselling. While Maplin doesn’t classify this as fraud (unless the goods are purchased fraudulently), they do consider it an abuse of their service.
A late but undramatic arrival for SCA?
In Europe, new requirements for Strong Customer Authentication (SCA) are meant to help stymie the latest wave of online fraud.
SCA payments requires merchants to implement two-factor authentication (2FA) on ecommerce transactions, and will require consumers to authenticate transactions using two of the following three: something the user knows (like a password), something the user has (like a mobile device), and something the user is (like a fingerprint).
The new payment SCA requirements were originally included in the revised Payment Services Directive (PSD2 strong customer authentication regulation), which technically went into effect in 2019 — but the complexity of implementing SCA has led to years of delays. In fact, SCA still isn’t enforced in the UK, though it’s due to come into force in March.
The key SCA challenge for online retailers like Maplin is to keep the customer checkout experience frictionless while implementing the additional requirements of SCA. Marshall says “it needs to be more seamless than bank redirections and being sent SMS codes – which is rubbish.” Nearly 47% of UK consumers in a recent Signifyd survey said they were somewhat or very likely to give up on transactions which required SCA-style authorisation.
Marshall believes the six-month extension was “the right call” as the market wasn’t ready for SCA yet, but he believes it will be by March: “From speaking to software vendors and others, what I’m seeing is a lot of technology springing up which makes sure we get all of the benefits of SCA without it being laborious. Things are starting to come together and look good now. I’m not anticipating it will be this doomsday where everyone starts getting pinged with SMS’s all over the place, and I think a lot of it will be in place for then — but maybe I’m being optimistic.”
Exemption management is a key to successful SCA
Signifyd’s Payment Optimisation, for instance, provides an advanced exemptions management engine that identifies orders that don’t require SCA to be processed. And it determines the most efficient route for those orders that do require SCA — ensuring a seamless experience for the end consumer and providing retailers with maximum conversion and optimised revenue.
Regarding vendors, Marshall looks for those who have “the best product, the right price, compatibility out of the box, and the right fit for our technology stack.” He also prefers to keep the number of companies he works with streamlined, and to consolidate wherever possible.
Overall, Marshall is positive about SCA implementation as he believes “a lot of fraud will be stopped in its tracks.” While this is true, he also knows that fighting fraud is a “constant battle” and that fraud rings will likely be back with creative new ways to defraud companies and customers — even post-SCA.
Marshall photo courtesy of Maplin; feature photo by Getty
Looking for the best way to manage new SCA requirements? We can help.