Digital Footprinting: The Future of Fraud Prevention?
In eCommerce as well as any sector hit by online fraud, new digital footprint techniques help us to figure out which users are legitimate and which are likely fraudsters, meaning we can adapt user friction to their level of risk.
Setting the scene
Since the COVID-19 pandemic, eCommerce sites have seen an explosion of new customers looking for home delivery options. With it, according to a Forbes study, retail fraud has grown by 50% between 2020 and 2021.
This is bad news for online merchants of all sizes, as fraudulent transactions can lead to chargebacks, costing your business money when a customer files a claim to their bank – which is in fact even more costly than just losing the item. In fact, a merchant loses estimated up to 2.60x the price of the merchandise, because of processing fees, admin as well as chargeback ratio scores affecting their standard bank charges.
Although cybercriminals are upping their game and creating more and more believable fake and stolen personas, it is impossible for them to cover every base if you know where to look. All online users leave a digital footprint behind – and no matter how hard they might try to look like legitimate customers, fraudsters are not likely to be able to reproduce convincing digital footprints, and certainly not at scale.
Traditionally, fraud prevention has tried to identify bad users by flagging types of configurations they use. For example, someone who uses a proxy or Tor client is more suspicious than someone connected directly. Tor in particular is very commonly used by cybercriminals but, as Myra notes, its use is certainly not enough to label someone as one.
Such methods of examining configurations is good practice and a cornerstone of catching bad actors online. However, it is especially useful to do the opposite as well: We can consider digital footprint analysis as identifying good users; we know what a legitimate user looks like and we consider suspicious those who deviate from that, rather than the other way round.
So, if we need to be even more accurate and more certain about whether a customer is legitimate or a fraudster, we probably want to start by looking at their digital footprint.
What is a digital footprint?
A user’s digital footprint is the public trail that they leave behind on the internet. Digital footprints include a user’s IP address, social media accounts, email address, phone number, user avatars, location history, as well as more public information on platforms they use, as explained by SEON in a guide. With the right tools, you can enrich this freely available data into a well-rounded picture of a user’s online activity, pointing you in the direction of any fraudsters targeting a merchant’s site.
Most of your customers arrive on your website with the clear intention of purchasing your goods and services. To do so they provide their email address (and sometimes their phone number). But a fraudster also has to provide these to try to run their schemes. Of course, they aren’t going to use their real ones. What they do is sign up for a free email account that sometimes uses part of the name of the person they are trying to impersonate.
However, this fake account was almost always created recently and lacks the digital footprint a real person has. The fraudster uses it to defraud companies, not hang out on Facebook or speak his or her mind on Twitter. So, using either the phone number or email address that they willingly provide as part of the shopping experience, you can see whether a user has zero digital footprints by conducting a reverse email or phone number lookup.
If a user’s email address or phone number that they’ve provided isn’t connected with any social media accounts, or for example, there are no accounts elsewhere, such as Github or Airbnb, or Skype, then this is a huge red flag. Criminals often sign up with an account that matches the person that they’re impersonating, or a synthetic ID that they’ve invented. However, it’s far too time-consuming to fake a user’s digital footprint as well, and it also doesn’t scale. An email or phone number that’s not linked to any digital footprint whatsoever is therefore likely to be suspicious and a criminal’s creation.
How can I integrate fraud detection with my eCommerce site?
Popular eCommerce sites like Shopify and Wix offer fraud prevention and detection software integration with their platform. Both of these platforms offer their own inbuilt fraud detection and prevention tools, but these are often not sufficient because they are too conservative, erring on the side of caution and thus leading to false positives and lost customers. This is especially the case for overseas orders, while more sophisticated fraudsters still get through platform-provided solutions.
Data enrichment can provide you with a bigger picture of a customer’s overall digital footprint, either done manually by having you look up someone who appears suspicious, or automatically, using batch data or as needed.
With eCommerce platforms becoming increasingly popular and with fraudsters becoming increasingly sophisticated in their techniques, it’s worth looking into some key digital footprint techniques below.
Reverse email and phone lookup is a great place to start if you’re looking to catch out a fraudster. That’s because you can use these to detect when an email address or phone number isn’t associated with any legitimate online accounts. Conversely, you can easily give a free pass to customers who might come from a risky country but their online presence checks out. This means more, and more safe, sales.
Reverse email and phone lookup techniques give us a huge advantage in spotting cybercriminals during a transaction or even a sign-up, as they are very unlikely to look like your average, good user if you examine their digital footprint. While most of your legitimate customers will have their email address or phone number associated with other online activity, a fraudster using stolen card information will likely not be using an organic digital footprint as it’s too complex or time-consuming to do so.
Digital footprint techniques such as the one by SEON can be API-based or platform-based. The functionality is also available as a Shopify app that provides a detailed customer profile via its data enrichment tool, giving you a fully transparent risk score for each one, explaining exactly why they are higher risk when they are, and how this decision was scored. This means that only high-risk customers need to give extra information during the transaction process, so that you don’t slow down your low-risk customers.
You might already be using data enrichment to tailor product content to your customer base, improving site searches, driving conversions, and making descriptions more customer friendly. Adding it to your fraud prevention strategy can be easy and make a big difference in keeping your revenue safe from fraud.
Using digital footprinting to deal with chargebacks
Though it is a huge pain point in eCommerce, a chargeback is often legitimate, as it’s the way customers can claim money back if a merchant has not provided goods promised to them, or if someone has stolen their card.
However, friendly fraud happens when a customer asks for a chargeback even though they’ve received their goods or service as promised. This is the customer trying to have their cake and eat it too, intending to both keep the goods and get their money back by not being truthful about what happened.
In this case, merchants can dispute a chargeback request through the chargeback recovery process. But to successfully recover a chargeback, you need to prove that your bank did everything by the book, through documents like invoices for courier companies.
Providing such proof is always a challenge for merchants, as the odds are stacked against them. The more information and evidence you can provide, the more likely you are to succeed. So, including the digital footprint you collected at receipt of purchase or even at account creation can go a long way.
In fact, it’s not unheard of to be able to catch these fraudsters bragging about the scam they did on social media. For instance, they can be posing on Instagram wearing a pair of sneakers they claimed they never received.
Is digital footprint analysis enough?
Certainly, digital footprint analysis is a fraud detection and prevention technique that provides accuracy and benefits companies immensely. But fraud prevention technologies can stack. Digital footprinting is a great way to catch fraud, but it’s even better when it is combined with more traditional methods such as device fingerprinting and behavioral analysis.
The former will examine the hardware and software setup of a shopper’s device, including whether they are using a proxy, their operating system, type of device, etc. Behavioral analysis will consider what the shopper is doing and when, comparing it to the user’s normal behavior to spot any red flags.
Combined with other user data, a customer’s digital footprint shows us whether they are low or high risk. A low-risk user is most likely to be an honest customer, and as a result, we make their online experience frictionless – which is key to their enjoyment, as noted by Loqate. On the other hand, a high-risk user with a suspicious digital footprint might be a fraudster. In this case, we ask for additional proof such as documentation or a phone call to verify their identity.
By using this strategy, shoppers experience friction is only created when they’re flagged as high risk. Dynamic friction like this is useful because it changes based on what we know about a user. Because it’s based on email or phone number lookup, the digital footprinting process itself is frictionless as it runs under the hood, without the shopper being aware of it.
Digital footprint techniques are becoming an essential part of your digital security strategy, whether you’re using Shopify or any other eCommerce platform. With mobile commerce also growing, you need to make sure that your e-store is fraud-proof during every step. Even as fraudsters become increasingly clever in how they mask their identity online, you can still catch them out by using tools like phone and email reverse lookup. It’s a good idea to make sure that your fraud detection process is frictionless so that your average loyal customer isn’t deterred by unnecessarily complex verification processes during a transaction.