E-commerce Guest Checkout Fraud
Online retailers will always have to walk a fine line between fraud security and a frictionless experience. Internet users today are starting to suffer from something known as account fatigue. In addition to having to jump through a growing number of hoops just to create a secure password, they are also becoming overwhelmed with promotional emails that filters just can't keep up with. Today's consumers are also all too painfully aware of just how quickly digital information can be stolen. Hackers need to only find a few seconds of vulnerability in an otherwise secure system to download millions of bits of personal data.
As a result, consumers are becoming more wary of giving out personal information such as addresses and phone numbers to even the most trusted businesses, let alone online businesses they are making their first purchases from. As a result, many online businesses offer the opportunity for customers to take advantage of guest checkouts. Here is an overview of guest checkout; what it is, how it can be used fraudulently and why it might not be the right option for most online businesses.
What is Guest Checkout Fraud?
Guest checkout allows customers to purchase items without giving any personal information at all in some cases and in others the information is simply not stored beyond the end of the transaction. Obviously, if the customer is purchasing an item that needs to be shipped, they will need to enter shipping information and their credit card issuer will require billing information, but guest checkouts assure the customer this information will not be stored. Many e-commerce sites allow guests who have already checked out to convert to a regular account that will save all of their information, but many choose not to. Unfortunately, the more anonymous nature of the transaction has given rise to an increase in e-commerce guest checkout fraud.
Many consumers resent being asked for personally identifiable information because they are painfully aware of just how much data is being gathered about them and that essentially their entire online life is tracked and monitored in some way. While this tracking is often necessary for security, it is also invasive and many consumers resent it.
Aside from the higher potential for fraud, guest checkouts can make it harder for businesses to review, modify or track orders and sometimes even track inventory. Returns, exchanges, and refunds can be more difficult when there is no permanent record of the transaction. This can be particularly problematic when customers are buying gifts for someone else. While it is perfectly understandable that consumers have become gun-shy about giving out personal information or allowing businesses to store financial data, the truth is, guest checkouts can create a huge hassle for businesses. In some cases, it can even hinder their ability to be reimbursed for fraudulent purchases by banks and credit issuers.
Guest Checkout Fraud Security Concerns
In many cases, customers who are confronted with the requirement to create login credentials before purchasing will often simply abandon their carts. The more hoops they are required to jump through in order to make a purchase, the less likely they are to finalize the purchase. While all security measures a business takes are of ultimate benefit to the consumer, it is also understandable why consumers are also concerned about the privacy they are potentially giving up every time they make a purchase.
This is particularly true as more and more businesses are moving to multi-factor authentication. Multi-factor authentication requires customers to enter a valid email address or phone number at which they can receive a code to confirm the phone number or email address is valid. There is no doubt this creates a major pain point for consumers, but at the same time, it is becoming increasingly necessary to confirm consumer identities before engaging in online financial transactions.
Verifying a customer's identity before engaging in financial transactions with them isn't just important for the consumer, it is also important for the business. Businesses that do not have appropriate security protocols in place may be left holding the bag for fraudulent charges rather than the bank or credit card issuer. The Payment Card Industry Security Standards Council (PCI SSC) is responsible for creating security protocols that businesses must be in compliance with if they want to get paid.
To help ease the strain between ease of use and depth of authentication, many businesses allow new customers to check out using a third party site such as Facebook, Google or Twitter. While this can keep some customers happy by not requiring them to create a new login which they then have to track and manage, it can also cause even more concern to others. Savvy consumers understand that the more accounts they link together, the more havoc a cybercriminal can wreak by gaining access to a single account. Therefore, while logging in with a different site or service might be easier and more convenient, many consumers will still simply abandon their cart rather than creating a new account or logging in with a different service.
Summary of Guest Checkout Fraud
While many customers will simply leave an item behind rather than creating just one more account, offering guest checkout options are an increasingly bad idea. This doesn't mean, however, that there aren't ways for retailers to cut down on pain points. In many cases, customers will respond much better to a "funnel" process, where they are gradually asked for more necessary information, rather than being forced to provide it up front. Ultimately, what is most important is to ensure all of the necessary information and authentication is complete before the financial transaction is complete. The longer you can give them before forcing that process, the more likely you are to get them all the way to the confirmation screen.
iovation is a leading provider of e-commerce fraud detection and prevention software solutions and advanced MFA solutions.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.