This is a viewpoint from Helen Holmes, VP product management, fraud and authentication services at Worldpay.
There is tension in every sector of ecommerce between the friction-free, one-click-style purchase experience and the important requirements of fraud prevention. This is particularly exacerbated in the travel industry.
Why? Travel is perhaps unique in that it is a high risk industry – high average transaction value, low margins and little time for manual review – but also a sector where service is key. The sector is notably competitive, so a great consumer experience is a big differentiator. In the face to face environment this means good service - online this means a smooth and friction-free user journey, including the payment process.
Facing up to fraud
Travel bookings can often be urgent and emotional (‘I need to get from A to B!’ ‘I need somewhere to sleep tonight!’). The risk of reputational loss can be very high. The travel sector has a plethora of sales channels – online (desktop, mobile and apps) kiosks, face-to-face and call centre sales which means that fraud needs to be fought on multiple fronts. Fraud migrates from channel to channel – I’ve spoken with a well-known travel company recently saw fraud migrate to its call center after it tightened up its online fraud prevention measures .
Moreover, preventing fraud in the travel sector, unlike other sectors, often involves a face-to-face encounter. For a retailer or digital goods merchant, declining a transaction for fraud is easy – just don’t ship the item. But for travel, preventing fraud may involve a direct encounter at a hotel check-in or airline gate. For customer service representatives primed to deliver good customer service above all else, this can be a challenge – and, indeed, some merchants choose to swallow the fraud rather than risk customer satisfaction in this manner.
All of the above creates a perfect storm for travel sector –a sincere desire to differentiate via a great user experience, but a significant risk of losses.
Fraud prevention can often over-step and impede that all-important customer experience. A blanket use of 3D-secure, for example, will increase drop-offs. Requesting too much consumer data upfront is also off-putting particularly with more and more users purchasing via the mobile channel.
What else gets in the way? Well, getting stuck in a review queue is also an experience many consumers would rather forget. I recently needed to fly from the East to West coast of the US to escape an incoming storm. I had to book a flight at very short notice using a new Amex card issued in the UK. Unsurprisingly, my ticket status was described as ‘Pending’ for several hours. The trouble was, it was already midnight and my flight departed JFK at 6am – did I set my alarm for 3am or not? Eventually the ticket was issued, but it was not a great experience.
Easing the process
So, how do companies legitimately trying to prevent fraud losses secure a better customer experience? Collecting minimal data upfront and asking for more details later (such as car details for airport parking) is an effective strategy. Dynamic 3DS works well. Leveraging the collaboration evident in the travel industry is also a good idea, by using databases such as Perseuss from IATA
For advanced detection there are a plethora of new technologies available. Invisible real-time checks such as device fingerprinting and behavioural analysis offer a very effective and non-intrusive way to offer accurate fraud detection without intruding on friction-free payments.
Account registration rather than guest checkout also works well. Consumers register and provide details once only, meaning they can checkout quickly and simply thereafter.
However, the risk here is of account takeover, a growing trend in fraud. Fraudsters are quickly moving from stealing card details to stealing identities, fuelled by data breaches and the fact that consumers, driven by convenience, are increasingly moving to storing their card details for future use. It is the perfect new cover – why risk spending on a stolen card when you could impersonate John Smith, known and trusted by airline X? This is an issue already known to the travel sector in the form of loyalty / airline miles fraud.
That said, to tackle the apparently insurmountable issue of account takeover, the more advanced new technologies really come into their own. Is the device from John Smith’s usual location? Do his behavioural attributes fit the norm for that individual? Failing that, two factor authentication when account attributes are changed can be a simple way to mitigate risk.
Regulations to come
What about the impact of PSD2
on user experience?
This is a classic case of tension between fraud prevention and consumer experience. PSD2 is European legislation designed to achieve a number of aims including promoting innovation in the fintech space and, notably, protecting consumers against online fraud. It aims to make strong consumer authentication (SCA) a de facto step in a number of ecommerce transactions in the EU and UK.
There are a number of exemptions such as lower-value transactions (under €30) and the players in the payments industry have successfully lobbied for the inclusion of risk based analysis (RBA) in the draft regulatory technical standards. It is likely that issuers and acquirers will manage the complexity of this change for merchants, but consumer experience is still likely to change. The industry is keeping a watching brief on the regulatory standards.
Interested in fraud trends? Our new report was produced using both quantitative global research and in-depth interviews with leading organisations that face large-scale fraud on a daily basis. To learn more about the latest viewpoints on friendly fraud and account takeover download your free copy here.
This is a viewpoint by Helen Holmes, VP product management, fraud and authentication services at Worldpay. It appears as part of the tnooz sponsored content initiative.