The holiday season, once marked by bustling malls, has transformed into an online frenzy of clicks and carts. But while shoppers hunt for deals, fraudsters are hunting for profits...
The Ecommerce Revolution Demands Better Authentication
by Alex Brown
The 2019 outbreak of COVID-19 unleashed an ecommerce boom that appears to be only slightly slowing in late 2021. As a new wave of pandemic precautions takes hold across impacted nations, analysts expect ecommerce activity to resume its meteoric growth.
According to the IBM US Retail Index, the call to stay indoors accelerated the growth of online retail by five years. Right now, 1 in 5 retail purchases worldwide is an ecommerce transaction. That number includes transactions that are only feasible in person, like purchasing fuel — which makes that ratio all the more staggering. It’s a truly massive paradigm shift that is only growing as consumers become more used to the current status quo.
With the pandemic-induced crescendo of online services and retail, customers have begun to expect more from their shopping experience. The often-overlooked variable of authentication will play a vital role in the coming year, potentially improving customer journeys — and deterring fraudsters. Unfortunately, due to the increased volume of online retail, cybercriminals have upped their game and are eager to capture the low-hanging fruit available in the multitude of online transactions. Now more than ever, it’s crucial to provide a safe and satisfactory shopping experience.
In this article, we break down some recent trends in ecommerce to demonstrate the impact better authentication can have on the security and convenience of the customer experience. Let’s start by looking at the rising cost of cybercrime.
As the market share of ecommerce rises, so does the cost of cybercrime
The chart above, which is based on McAfee’s report on the Hidden Costs of Cybercrime and data from eMarketer, considers the cost of cybercrime to include both the damages incurred by successful fraud schemes and the price of cybersecurity solutions meant to prevent them. Both ecommerce spending and the cost of cybercrime are rising precipitously: the cost of cybercrime in 2020 totals more than one-fifth (22%) of all ecommerce transactions.
According to the US Census Bureau, the average amount spent by US shoppers in 2020 increased 100% over the previous year. This increase in transaction value has emboldened cybercriminals to similarly increase the price of their ecommerce attacks. Research from Sift notes a correlated upswing in the value of fraudulent purchases in the same span: the average amount spent by a fraudster has risen nearly 69% from 2019 to 2020.
Account takeovers (ATOs) are a rising threat to ecommerce businesses
Account takeovers, or ATOs, are among the most pervasive cyber attacks an ecommerce business will face. In an ATO, a cyber criminal will infiltrate a legitimate user’s account to make fraudulent purchases, obtain credit card or personal information and coordinate scams. Often a victim of an ATO is unaware that anything is happening until the fraudster has changed their password and locked them out of their account.
The expense to both a customer and the business they’re using can be extremely damaging. Companies that have to restore fraudulent purchases lose out on sales, and they may even lose previously loyal customers. Many online retailers continue to staff expensive-to-operate call centers because digital fraud is so prevalent and difficult to disrupt through automation.
In Q2 2020, ecommerce businesses that sell physical goods saw a shocking 378% increase in ATO attempts over the previous year. Overall ATO attempts leapt three times (307%) from Q2 2019 to Q2 2021, and 39% of all attacks against ecommerce businesses were ATOs
Consumer responses to successful ATOs vary, but a staggering 28% will abandon the site or service connected to the breach. Apart from the obvious cost of fraudulent activity, losing nearly a third of hacked accounts could spell disaster for unprepared ecommerce companies. It’s clear that ecommerce businesses need to prioritize preventing ATOs.
Customer expectations are changing rapidly when it comes to authentication
The most recent research shows that a third of online transactions are abandoned at checkout because customers forget their passwords. Forcing users to create an account is the second most-cited reason for abandoning a virtual shopping cart (24% of customers). Trailing closely behind are “I didn’t trust the site with my credit card information” (17%) and “Too long/complicated checkout process” (18%).
Consumers are ready for passwordless authentication
It’s abundantly clear that the Golden Years of secure online shopping are far behind us. Consumers no longer dazzled by the ability to purchase goods online, and they expect a much more convenient and hassle-free journey. Crucially, that includes their authentication experience. Today’s ecommerce customers want to be able to trust their online retailers and be unburdened by excessive verification requirements. It’s a dual demand that many ecommerce businesses are answering with passwordless authentication. Read further on passwordless ecommerce.
According to Deloitte in 2018, nearly half of US consumers used some form of biometric authentication to verify purchases. An Experian report from January 2021 found that 74% of customers regarded biometric authentication as the most secure option available. Passwords didn’t even rank in the top three methods preferred, clearly demonstrating that even the average consumer is aware of the security risks passwords pose.
A survey designed by Mastercard and Oxford University discovered that customer sentiment toward biometrics is extremely favorable. Ninety-three percent of those surveyed said they preferred biometrics to passwords, and another 83% believe that biometrics are more secure than passwords. A sweeping majority of 92% noted that biometrics were more convenient than passwords, affirming the average consumer’s desire for an easier, more accessible way to verify their identity while shopping online.
The future of ecommerce hinges on natively passwordless authentication
The future of ecommerce should be dictated by the needs of the customer, and today’s customers yearn for a more convenient and safer experience. Only one solution neatly dovetails their two greatest priorities of simplicity and security: Transmit Security.
Transmit Security effectively eliminates passwords from every part of the login process. Unlike traditional passwordless customer authentication, Transmit Security removes knowledge factors and shared secrets from every part of the solution. That means no user IDs, no passwords and no resets — making it impossible for threat actors to intercept, steal or otherwise obtain login credentials. We call this natively passwordless authentication. Read further on improving customer authentication.
Customers using Transmit Security can quickly and easily register using the built-in biometrics on their device, making ecommerce logins a one-touch operation. Ecommerce businesses that integrate Transmit Security into their sites and services dramatically reduce the friction between browsing and final checkout, turning one-time transactions into loyal customers.
Ready to learn more about how we can improve your ecommerce business’ customer experience? Read our case study on how Regate improved their customers’ trust, retention and satisfaction by transitioning their customers to passwordless.
A self-professed technology geek, content writer Alex Brown is the kind of person who actually reads the manual that comes with his smartphone from cover to cover. His experience evangelizing for the latest and greatest tech solutions gives him an energized perspective on the latest trends in the authentication industry. Alex most recently led the content team at Boston-based tech company Form.com.