It’s the first question retail leaders face after experiencing a data breach. The answer varies greatly, depending on the department’s retail data breach response plan.

Ecommerce and other types of online companies are not the only types of businesses at risk of encountering a data breach. In August 2019, Business Insider reported that 19 online and brick-and-mortar retailers and consumer companies had experienced data breaches since January 2018 due to flaws in payment systems. 

That’s why all businesses need a fully updated data breach incident response plan. The question of “what now?” should never be asked again. 

This is your blueprint for creating a disaster response plan for when a data breach hits. Since these attacks are growing in intensity, frequency and complexity, it’s next to impossible to prevent every assault on your business. Instead, look to a plan that you can have locked and loaded — the readiness can save you in time, money and customers lost.

The post Dealing with the “what now?” moment after a data breach appeared first on Signifyd.

Blockchain is growing in importance across many different industries. The technology has the potential to change the fraud protection game. It’s important for retail leaders to understand what blockchain is (and isn’t) and what it can (and can’t) do. This is a brief overview of how blockchain can boost fraud protection strategies and address common problems in retail like supply chain and data security.

The post Beyond cryptocurrency: Blockchain’s impacts in retail appeared first on Signifyd.

Unfortunately, criminals have found a way to compromise this winning scenario. Peter R. Maeder, co-founder of the Loyalty Fraud Prevention Association, tells PYMNTS.com about how consumers and the retailers don’t see accrued rewards points as currency. The accumulated points lack any kind of Guaranteed Fraud Protection and are at particular risk for digital fraud. Fraudsters find easy ways to steal both retailers and consumers.  

Since this type of fraud is so common and yet still hard to fight, we’re here to help with an overview of the problem plus steps retail leaders can take to reduce their losses from loyalty and rewards program losses — from reduced sales and diminished customer satisfaction.

The post Loyalty and reward programs: An open door to fraud appeared first on Signifyd.

Right now, 5G is mostly tied up in future speculation. Ecommerce leaders can work with what we know about 5G to enhance their omnichannel and mobile retail strategies. This article is an introduction to how the new technology will touch retail, and should open doors for those looking for answers about how to best apply 5G technology to their commerce operations.

The post 5G’s impact on omnichannel retail and ecommerce: Proceed with caution appeared first on Signifyd.

Holiday shopping is the main event for retailers worldwide. This is the time of year when many merchants meet their annual revenue projections and become profitable. Shoppers show up en masse to claim big sales and deep discounts at brick-and-mortar and ecommerce stores. eMarketer forecasts that the 2019 holiday season will top $1 trillion in U.S. sales, making it the first-ever trillion-dollar holiday season,.

Retailers are already deep into their sales and marketing strategies in the hopes of attracting customers to their stores, websites and apps. But there are still a few tricks out there that any retail leader can learn from. Here are four things you might not have known about the holiday shopping season, with lessons to help improve your strategy.

Singles Day is the unofficial kickoff to the holiday shopping season

It seems like the holiday shopping season starts earlier every year. Major retailers like Target and Walmart insist on staying open on Thanksgiving Day to capitalize on holiday shopping. But the big sales started weeks ago on the unofficial kickoff for holiday spending: Singles Day, also known as the world’s biggest shopping event.

Every year on November 11 in China, Singles Day shoppers embrace the idea of spending money on themselves. The one-day shopping event became a massive hit on the Chinese e-commerce platform Alibaba thanks to the nation’s economic growth and increasing individual purchasing power.

Singles Day 2019 netted $38.3 billion in sales by gross merchandise value, surpassing last year’s $30 billion record, according to CNBC. Alibaba’s genius two-pronged approach drives sales by offering deep discounts on products from featured merchants on the website and hooking customers in with presales that allow for down payments on certain products and the ability to pay the rest on Singles Day.

As we pointed out in our e-book, “The Land of 800 Billionaires: Finding Cross-Border Commerce Success in China”:  Social shopping is a huge driver of Singles Day sales for Alibaba. According to eMarketer, 34.6% of Chinese consumers spent four or more hours a day on WeChat, a platform that rolls social media, phone and text messaging functionality all into one. Shoppers can follow celebrities and influencers on WeChat and buy directly from live streaming shopping programs. This is an enormous sales channel in China — and America is finally taking notice. Kim Kardashian West recently did a WeChat livestream announcing her fragrance brand KKW will be available for sale on Tmall, another major Chinese shopping platform.

Lesson learned: Holiday shopping can take off any time of the year. With a yearly occasion, a strong integrated marketing campaign and omnichannel shopping options that provide a delightful customer experience, even American retailers can capitalize on a uniquely Chinese shopping holiday like Singles Day.

What Gen Z really wants for the holidays

Singles Day thrives because retailers understand that success comes from giving shoppers what they want. For merchants targeting Generation Z shoppers (people born in the late 1990s and early 2000s), this might be a tougher task. Gen Z’s demographic doesn’t operate by the same rules and patterns as previous generations, and some of their shopping preferences contradict tactics that work for other groups.

The post Four lessons from 2019 holiday shopping trends appeared first on Signifyd.

Fortunately many SEO best practices often align with website security best practices. A proactive approach to managing your website allows your organization to multitask for better security and SEO and build a better customer experience for the web.

Start by identifying your website security blind spots. Here are three common ways your website security can break down, and how each one impacts your website success and customer experience:

Forms

How it helps your SEO: Forms are essential for any website. Many SEO campaigns are designed to drive traffic to a download page or other form, in the hopes that the customer will enter their information in exchange for exclusive content or a more personalized experience.

How it hurts your security: A February PC Mag report explains the danger of “formjacking”—a nearly undetectable way scammers can skim an ecommerce website for data, especially with payments:

“For those who’ve never heard of it, formjacking has just been highlighted in the newest Symantec Internet Security Threat Report. The report lists this latest cybercrime as one of the most serious and lucrative attacks in the history of cyber-badness. And unlike ransomware, it’s relatively simple to carry out, and it’s nearly impossible for the victims to detect. Symantec says that it’s so successful that about 4,800 websites are infected with formjacking software every month.”

The PC Mag report cautions that common features of a website, such as chats and surveys, are key entry points for formjackers. Your ecommerce website likely has forms and chat features on several different pages. It’s impractical to nuke every potentially bad page and such a drastic change risks damaging your customer experience, anyway. But you need to do something to protect your customers’ financial data and ensure them they’re not walking into a trap by shopping with you.

Best practice: Check your website for malicious code. Since formjacking relies on web-based hacking, all a scammer needs is a malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites. The devil is literally in the details here. Work with your web development team or hire an ace web contractor to scrub your scripts clean and retain them for maintenance.

User generated content

How it helps your SEO: According to Search Engine Land, user generated content can effectively differentiate your product pages from other duplicates on the web. A few good examples are the comments on a blog or a forum section. User generated content is a great way to get your customers talking about your brand.

How it hurts your security: Cybercriminals can find a haven in the unmoderated comments section of a blog, your reviews section or a traffic-heavy forum. It’s the easiest route to place malicious or irrelevant links on your ecommerce website. These links can hit your website hard in two ways: degrading your SEO and possibly flagging your website as malware or spam, which can lock users out. What’s the use in investing time and money in SEO just to have outside chaos wreck it all?

Best practice: Sitelock has a few suggestions to help manage the dangers of user generated content while retaining the benefits, such as utilizing comment system plugins in WordPress, enabling CAPTCHAs wherever possible and allowing only registered users to post comments. Adding an extra step is often enough to deter scammers looking for a quick score.

Your website URL

How it helps your SEO: Your website URL is where it all begins. You need more than just a clever website name and the right domain for your country and industry (think the difference between .com and .org). You also need HTTPS: a secure URL. In addition to keeping all pages secure on your ecommerce website, HTTPS allows you to keep up with current browser and SEO requirements. You’ll also likely see some SEO lift from using the more secure version of your website.

How it hurts your security: Google breaks it down in the simplest terms: HTTPS protects the integrity of your website and safeguards the privacy and security of your users. An unsecured website is an unlocked door welcoming scammers in to steal any data they can get their hands on. It can quickly become a no-go even for browsing. Many current browser updates won’t allow users to view an unsecured website. This one might be the most crucial to your overall customer experience.

Best practice: Upgrade your website to HTTPS as soon as you can. A secure domain is a clear stop sign for scammers. Google has a step-by-step guide in their HTTPS section but you’ll probably need your web development team to take the lead—it gets pretty complex. If you don’t have a web development team or feel brave enough to go it alone, here’s a practical guide from Entrepreneur Magazine.

If you don’t have time or money to invest in the above website projects right now, here are a few quick fixes to help boost your ecommerce website SEO and beef up security at the same time:

• Display trust symbols everywhere on your website—Let scammers know up front that they’re in for a fight on your website. Visible trust symbols also make your website look trustworthy, which will attract repeat traffic and feed your positive SEO scores.
• Utilize simple page indexing and remove duplicate pages—Make tracking your website as easy as possible to catch security breaches before they happen. Simpler page indexing spells better customer experience, with more internal searches on your website and reduced bounce rates.
• Install website updates and keep all versions of your website software current—Older software releases are less secure. Newer software versions will often force you to update your SEO plugins and extensions as well.

SEO, security, and customer experience are intertwined and directly impact the success of your ecommerce website. With this short guide, you no longer have to choose which one will demand your focus. You can make these key components work for you.

Photo by iStock

The post How SEO, security and customer experience are linked in ecommerce success appeared first on Signifyd.

There are those that arise when professional fraud rings use stolen identities or account takeover to make unauthorized online purchases. A small number of companies, including Signifyd, have come up with an effective solution to this problem — a model known as guaranteed fraud protection.

But there is a whole basket of online payment chargeback claims that are far more difficult to navigate — those chargebacks that result from consumer abuse or an honest mistake by a consumer.

The second brand of chargebacks puts a retailer in the uncomfortable position of doing battle with a customer, essentially trying to prove that the customer is a cheater or a criminal.

In an era of heightened consumer expectations and an unrelenting focus on providing a top customer experience, retailers can’t afford to be doing battle with their customers — especially in cases where customers have a legitimate complaint. The trick, of course, is knowing when a complaint is legitimate and when it’s the result of a customer attempting to take advantage of a retailer.

American Express, in its recent video, offered some wise advice for retailers concerned about pitting themselves against their customers when it comes to handling chargebacks: Prevent chargebacks in the first place.

3 common disputes that can harm your customer experience the most

With the Amex video as inspiration, let’s take a look at the three specific types of chargeback fraud and the characteristics that make them difficult to manage.

No knowledge

Consumers are naturally confused when they see a charge on their credit card statement from a business name they do not recognize. As the video mentioned, retailers should be sure that the name they do business by is the name that appears on the customer’s credit card statement. Not doing so is asking for confusion and a poor customer experience.

Item not received (INR)

As the video mentioned, INR is hard to prove for the retailer. It’s difficult to truly know if the item made its way to the shipping address without incident. Package thieves, faulty tracking systems, confused mail carriers—you’re facing many variables beyond your control even in legitimate dispute cases.

Significantly not as described (SNAD)

A SNAD claim arises when a buyer claims the item they received is significantly different from what they expected to receive, based on the website or item description. Again, a retailer is left with something of a mystery. Was the customer truly disappointed in the oder that arrived? Or did the customer have second thoughts about the purchase overall?

Searching for an answer is time-consuming and in the end, not all that satisfying. A spate of SNAD claims is reason enough for any retailer to assess the product descriptions and photographs on its sites and to consider whether there are additional steps it should take to make sure customers’ expectations align with reality.

Your loss is also your customers’ loss

Merchant Chargeback-related disputes hurt your customers, too. Few interactions with customers are more fraught than ones in which you’re questioning their honesty. And challenging a chargeback is a formalized process to do just that.

Blindly challenging every chargeback automation, or even most chargebacks, means you will inevitably be challenging honest, and valuable, customers. And when you think about it, if the chargeback resulted from a customer never receiving his or her order, or receiving an order that didn’t live up to its description and promise, you are further alienating a customer who is already frustrated.

Any guesses on whether such an experience would lead to angry reviews on your product pages and the loss of a customer for life?

Innovative retailers realize that the best way to avoid doing battle with their customers is to take some of the proactive steps recommended by AMEX, while also gathering sufficient data and deploying algorithms that help them know, understand and serve their customers. Signifyd recently announced its Chargeback Recovery product, which removes the burden of managing ecommerce chargeback protection from retailers, leaving them to focus on their core businesses.

Signifyd Chargeback Recovery supports the idea of being proactive to avoid chargebacks in the first place. But it also means that when chargebacks happen, retailers now have a comprehensive enterprise fraud management process to handle every kind of chargeback, from payment fraud at checkout to chargeback for item not received claims during the fulfillment process..

Photo by iStock

The post How comprehensive chargeback management saves your customer experience appeared first on Signifyd.

The sad fact is that breaches happen all the time. Cybercriminals are increasingly sophisticated and increasingly motivated by the lucrative trade in personal information — names, birth dates, social security numbers, credit card accounts.

Those bits of information are gold to fraudsters and sophisticated fraud rings that use the data to steal financial credentials, take over consumer accounts with merchants and to create false identities out of whole cloth that then go on criminal shopping sprees.

Consumers are demanding that the companies they trust with their data do better. If you’re a retailer — or a financial institution, or any business, frankly, that deals with personally identifiable information, you are no doubt working hard to protect that data.

Among the tools available to you are penetration tests, something of a stress test for your own security systems.

Companies that process payments need to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to provide an acceptable level of security for cardholder data.  In fact, the standard globally applies to all the entities around the world that are involved in processing, storing and transmitting cardholder data.

The reason you need to use PCI DSS testing

Properly implementing and maintaining PCI DSS is a good idea for two reasons: It allows you to boost your company’s entire security status while preventing expensive data breaches and fines. Being on top of  your PCI DSS game will ensure that your organization is adequately prepared to detect and prevent a wide range of malicious attacks from those attempting to access your information assets at the physical and network level.

How you know if you’ve done it right

Testing. Specifically, penetration testing. While PCI DSS has been around for more than a decade, penetration testing has only been used recently. Not all penetration testing is created equally. Your organization needs to identify penetration testing techniques that verify that its controls can protect its cardholder data environment. Doing the identification step properly allows you to integrate PCI DSS compliance properly.

Types of penetration testing

So, where to start? PCI DSS is evaluated with three types of penetration tests. Black-box assessments don’t offer you any information before the beginning of the tests. For white-box assessments, companies normally provide penetration testers coupled with network and application details. Lastly, grey-box assessments encompass the provision of partial information relating to target systems.

Throughout PCI DSS testing, both white-box and grey-box assessments give organizations a comprehensive insight regarding their activities. What’s more, the information a company or organization provides during testing helps considerably in streamlining the entire process, which not only makes it less costly but also saves time.

Distinguishing between penetration tests and vulnerability scans

Here it might be helpful to explore the difference between penetration tests and vulnerability scans. Vulnerability scans are designed to assist you in identifying, categorizing and reporting any weaknesses that can interfere with your system.

Although it is generally advisable to carry out such scans quarterly, you have to conduct them each time you make any significant changes to the data environment. Additionally, vulnerability scans mostly use automated tools and come with manual verification, which is intended to eradicate existing issues.

On the other hand, penetration testing is intended to deliberately take advantage of vulnerabilities through identifying the gaps within your security system. In essence, it involves the active process of trying to penetrate a system with the intention of exploiting the existing weaknesses. This case makes penetration testing different from vulnerability scans, which passively go through your system to identify potential issues.

Penetration testing comprises proactive manual processes that are time-consuming, which explains why you can only conduct it once per year. Nevertheless, it offers a more comprehensive insight into your security apparatus.

Establish the scope of your cardholder data environment

According to PCI security standard’s definition of cardholder data environment (CDE), it entails the people, process and technologies that process, store and transmit sensitive cardholder data. Hence, the initial step for you ought to be determining the scope of the whole process, particularly for PCI compliance tests. You need to consider several guidelines when determining the scope of your test.

Payment processors must evaluate aspects pertaining the access to open networks, which include the controlled access to external IP addresses. Furthermore, you have to channel your focus to your critical internal systems, mainly those revolving around access to information. For cases in which your company has split its information, we recommended that you monitor all the systems, more so those that are outside the cardholder data environment, in a bid to keep cross–contamination cases at bay.

Apart from making sure that your information stays separated, testing systems that are not in your CDE environment helps to ensure that your company’s separation controls work appropriately. Terming your system or network as out of scope translates to making sure that its weaknesses do not have any impact on cardholder data.  Hence, carrying out penetration testing in such environments not only proves that segmentation controls work in policy but also in practice.

The meaning of critical systems

According to PCI DSS testing, systems that take part in the processing and safeguarding of cardholder information are critical. These systems may include security systems, public-facing devices, as well as all devices that process, store and relay cardholder data. What’s more, ecommerce redirection servers, intrusion detection servers, authentication servers and penetration testing are all considered to be critical as far as your operations are concerned. By and large, bear in mind that critical systems comprise all of the technology assets that those who are privileged within your company use to oversee and support CDE.

The distinction between network-layer and application-layer testing

Recently, malicious attackers appear to be increasingly targeting the weaknesses inside the application layer. As such, most companies nowadays are utilizing various tools as fundamental elements of their payment processing plans. They include internally-developed software, web applications, legacy applications, third-party software and open source components. Therefore, application-layer testing means trying to penetrate software to identify the exact vulnerabilities.

Alternatively, network-layer testing mainly concentrates on devices inside your organization’s surroundings. For example, this process can allow you to pinpoint potential weaknesses in your systems including routers, switches, servers and firewalls. Some of the weaknesses that you can spot within your network layer consist of unpatched systems, misconfigured devices and default passwords.

The types of application-layer and network-layer tests that PCI DSS need

Normally, the provisions of PCI DSS penetration call for your company to test PA-DSS compliance applications, different testing environments, authentication and web applications.  With regards to authentication, you must ensure that you assess functions and access to your employee environment. However, you also need to ensure that only your clients can gain access to their data.

A penetration tester has to assess both workforce user controls and cardholder customer controls. Also, keep in mind that if your organization utilizes a PA-DSS approved application, then PCI DSS penetration testing has to be done during the execution of the application even though it does not need testing.  For this reason, testing should concentrate on the operating system and exposed devices as opposed to the functionality of your payment application.

Automating compliance alleviates the burden of penetration testing considerably. Thanks to this automated method, it becomes easier for your company to roll out a governance system that delivers comprehensive insights. In addition, you can include a reporting dashboard in a bid to conveniently assess health control quickly while noting the critical problems that your company faces. By doing so, you can easily achieve enhanced cross-enterprise results.

Photo by iStock

Ken Lynch is CEO of Reciprocity. He wrote this piece for the Signifyd blog.

The post What you should know about PCI DSS penetration testing appeared first on Signifyd.

In fact, the growth in ecommerce business frauds attempts in the first quarter of 2018 compared to 2016 outstripped the growth in ecommerce transactions by 83 percent, according to ThreatMetrix’s latest Cyber Security report. The San Jose digital identity company, which regularly reports on the volume of cyber attacks, said it foiled 210 million cyber attacks from January through March. It was the most the company had ever disrupted in any one quarter and it represented a 62 percent increase in activity over the year ago period.

Aside from the sheer volume of attacks, ThreatMetrix Q1 2018 Cybercrime Report, is sure to grab the attention of ecommerce companies for a number of reasons. First comes the finding that ecommerce is now the hot thing among digital fraudsters. ThreatMetrix found in the first quarter that ecommerce businesses were 10 times more likely to be attacked than financial services companies.

“Ecommerce attacks are becoming an increasingly popular target for global fraudsters: Many global ecommerce merchants are being hammered by mass scale bot attacks from the U.S., China and Brazil, attempting to test the validity of stolen identity credentials harvested from mass data breaches,” the report says.

Fraudsters embrace automation as a better way to steal

Just as ecommerce retailers have turned to automation to better protect themselves and their customers from fraudsters, the fraudsters themselves are finding technologically advanced ways to scale up their operations. ThreatMetrix reported that its network saw an astonishing 1 billion bot attacks in the quarter, a record number.

“These bots are predominantly targeting ecommerce merchants,” the report added.

Fraudsters find the best time to use the filched identities is the time between when the breach occurs and when it becomes public knowledge, ThreatMetrix says.

Fraudsters’ intense focus on ecommerce (820 million of the 1 billion bot attacks were directed at ecommerce sites) makes perfect business sense for online criminals.

Online retailers understand the need to provide a friction-free customer experience in order to inspire purchases during any one shopping session and to encourage return visits by consumers that the merchant has invested in acquiring in the first place.

“Ecommerce merchants walk a tightrope between optimizing customer experience with low friction authentication and few step-ups, while also maintaining effective fraud control,” the ThreatMetrix report says. “With so much competition for orders and market domination by a few key players, driving order acceptance rates is imperative, potentially making them a softer target for market-savvy fraudsters.”

The balance can be a difficult one to get right.

ThreatMetrix’s study reflects Signifyd’s findings in its Ecommerce Fraud Index released early this year. The index noted that fraudsters have been shifting to account takeover fraud as a preferred way to take advantage of stolen identities. In fact, account takeover fraud losses increased by 80 percent between 2016 and 2017.

“Validated credentials can be used to hack in to good user accounts and access sensitive personal information, as well as saved payment credentials,” the ThreatMetrix report noted. “In addition, once the fraudster has successfully hacked an account, they can capitalize on the trust that user has built up with the retailer, making fraudulent purchases that can potentially go unnoticed and are often subjected to less scrutiny than ‘new customer’ transactions.”

The holiday fraud threat is hardly slowing down

The ThreatMetrix report also offered some disturbing news about the ongoing volume of fraud attacks. Looking back to the fourth quarter of 2017, the report noted a “particularly intense attack period coinciding with the holiday shopping season, when attacks accounted for over 10 percent of all network traffic.”

The more ominous note was that the attack volume remained high in Q1, even after the lucrative holiday season had passed. From the report: “The overall attack levels for ecommerce remained high even after the record holiday season, with almost 150 million rejected transactions, representing an 88 percent increase over the previous year.”

The finding from the holiday season itself, mirrored a section of Signifyd’s fraud index in which the data showed that fraud losses during the 2017 holiday season increased 24 percent year-over-year. For the purposes of the index, fraud losses were defined as the sum of the number of chargebacks due to fraudulent orders and the number of orders withheld because of a suspicion of fraud.

The ThreatMetrix report also underlined the international nature of organized fraud rings. While the United States, the UK and other large European countries have traditionally been the lead originators of fraud attacks, countries such as Vietnam and Russia appeared among the top 10 for the first time, ThreatMetrix said. The change is an indication, the report says, that there are plenty of up-and-coming fraud threats out there.

Photo by iStock

Contact Mike Cassidy at mike.cassidy@signifyd.com; follow him on Twitter at @mikecassidy.

The post Ecommerce fraud is a major growth industry says ThreatMetrix appeared first on Signifyd.

Static product pages gave way to personalized assortments and product grids aimed at individuals. Ecommerce branched out from the desktop. Retailers quickly understood the potential of mobile commerce and worked doggedly to produce mobile experiences and capture mobile conversion. One-click ordering arrived to spare consumers from filling out endless fields. Delivery times sped up and continue to speed up. And Signifyd’s world, the world of payment fraud protection, has been undergoing a transformation, too.

The company is a pioneer in the field of guaranteed fraud protection, an offering that relies on big data, machine learning and human expertise to shift online fraud liability from merchants to fraud-protection providers, like Signifyd. The idea has been validated by the thousands of merchants who have become Signifyd customers.

And recently, third-party validation has been growing to the extent that it’s fair to say that guaranteed chargeback fraud protection has gained mainstream acceptance. Consider just two bits of evidence from one day last week.

First, Signifyd announced it had secured a $100 million Series D round of funding from Premji Invest, with participation from existing investors Bain Capital Ventures, Menlo Ventures, American Express Ventures, IA Ventures, Allegis Cyber and Resolute Ventures. Then, Kleiner Perkins Caufield & Byers venture capitalist Mary Meeker released her annual technology trends report. The report is something of a Silicon Valley bible of where technology is headed.

A significant portion of Meeker’s 294-slide presentation deck, addressed consumers’ buying practices —  the where, when and how shoppers buy and how the way they pay is changing. She noted that ecommerce had reached 13 percent of retail sales in 2017 and included a graphic charting the steep ascent of that figure.

Meeker laid out the tools that online merchants need to operate and thrive in such a world, including payment processors, point-of-purchase financing, delivery systems, customer support and fraud prevention. She listed various category leaders, such as Square, Stripe, FedEx, UPS, the U.S. Postal Service and Signifyd.

Signifyd’s inclusion in Meeker’s report was significant because of the kind of fraud protection it provides. Guaranteed fraud protection means that a fraud-protection provider will reimburse a merchant for chargebacks and other fraud costs on any approved order that later turns out to be fraudulent. The notion is only a few years old, but it is gaining wide adoption and significant endorsements from those who study the ecommerce industry.

By introducing the guaranteed fraud protection model, Signifyd has provided the answer for retailers struggling with the security vs. experience conundrum across geographies, among all retail verticals and through every business segment, including the world’s largest retailers.

With traditional fraud-prevention tools and methods, large retailers were left with two unenviable choices: Either operate with extreme suspicion, declining orders that they fear might be fraudulent, or provide a frictionless customer experience, erring on the side of shipping questionable orders, thereby opening themselves up to exploitation by cybercriminals who have built global operations to commit ecommerce fraud at scale.

The first choice leads to false declines, holding back legitimate orders that should be shipped, and leaves legitimate customers feeling like criminals. The second choice puts retailers in the position of facing financial ruin. Neither, obviously, is good.

As the digital transformation races forward, large omnichannel retailers are concluding that innovative fraud protection is a key to building the kind of customer experiences that consumers have come to expect in the Amazon era. The constantly learning machines behind the guaranteed form of protection, are able to sift good orders from bad and dramatically reduce the number of false declines.

It’s a model that Signifyd, obviously, has believed in since the early days of the company. Now it seems other strong voices are joining in the chorus.

Contact Mike Cassidy at mike.cassidy@signifyd.com; follow him on Twitter at @mikecassidy.

The post Online fraud protection is being transformed appeared first on Signifyd.