Social Commerce and Account Takover

Social shopping is more popular than ever. Within the past year, we see that most of the world has spent more time on social media and making online purchases. The expected projections predict to see growth to $604 billion by 2027 in the US. If your business wants to grow in the e-commerce market, this is a great opportunity. In-store traffic is still slow in many places, which allows for new sales channels to emerge. Social media shopping is booming, and these platforms are creating new ways for users to buy directly from the post, rather than leaving the platform to buy in a website. Almost 40% of consumers report they’re more comfortable with digital technology than before the lockdown. The majority of e-commerce shoppers are between the ages of 25 to 34.

With the rise of social commerce and new sales channels, fraud also increases. Where good customers go, fraudsters follow. Humans, by nature, are more likely to create easy-to-remember passwords. Nordpass, a password security software, researched passwords, and the number one password of 2020 was 123456, and it took less than a second to crack it. Now consider that many people use the same or similar passwords for social login credentials. Weak passwords are easy for fraudsters to hack. Plus, 53% of people admit they reuse the same password for multiple accounts. Perfect storm! Social media account takeovers put customers’ personal information, payment data, identity information, and more at risk. Fake accounts and takeovers create fraud risk for merchants.

When a fraudster gains access, they can use the saved payment methods to make purchases or use the personal information to obtain more credit and rack up other debts for the victim. From a merchant’s perspective, the consumer will want to chargeback these purchases, and the merchant can be liable for the chargeback fees and the loss of the cost of the purchased items. Account takeover rates for e-commerce businesses jumped 378% since the start of the COVID-19 pandemic.

But the good news is that good technology can beat the bad guys. While there will not be just one solution to prevent every attack, a broad swath of identity data analyzed by artificial intelligence (AI) could help merchants build strong identity controls. Understanding that your company could be vulnerable to fraud will help you implement changes. This situation is a game of balancing consumer protection against fraud and seamless shopping for consumers. One way to help is to understand the channel (mobile, tablet, computer) and segment accordingly. Controls must be placed at all touchpoints with the customer following their path from login through to the monetary transaction. Each transaction has a phase, and understand and knowing key risk indicators helps prevent fraud. The phases are:

  1. Authentication: Assess the initial login
  2. Device analysis: Devices tend to be recognizable for the user
  3. Session navigation: Monitor the path of the session to compare to the customer’s usual transactions
  4. Behavior profile: Verify the profile of the customer is aligned with the transactions
  5. Review of cross-channel or multi-channel activity: Review the account to compare to recent activity
  6. Real-time and/or transaction alerting rules: Implement a service to allow for a transaction to be held before release

Using a multi-faceted approach will provide more data points for your fraud detection strategy. It is essential to have these preventative measures and allow the end-user to engage in a friction-free user experience. Combining these strategies will ensure that the customer has a balanced experience and maintains confidence in the e-commerce merchant.