Tech retailers' fraud checks shouldn't stop customers using click and collect

Dr Stephen Moody, EMEA solutions director at fraud protection firm ThreatMetrix, shares his view
Author:
Publish date:
1-click-collect-fraud.jpg

Dr Stephen Moody, EMEA solutions director at fraud protection firm ThreatMetrix, on the potential problems around tech retailers' click and collect services.

On paper, click and collect services should offer both electronics retailers and their customers the best of both worlds. Customers like to have the option of reserving and/or paying online and then collecting in store as it can be the easiest option – especially if internet deliveries arrive at home when they’re at work.

For the retailers it means potentially reducing delivery overheads and certainly happier customers. And happier customers tend to buy more.

But what happens when over-zealous fraud checks at the store prevent legitimate shoppers from picking up their goods? As increasing numbers of consumers look to tap multi-channel shopping experiences, IT retailers need to get smarter about fraud prevention.

What’s at stake?

Most UK electronics retailers now offer customers the ability to order online and collect in store. Offering greater customer choice in this area really is a no-brainer.

Argos has built a thriving multi-channel retail business on the back of it, while the likes of Currys, Maplin and others all provide in-store collection. Yet the situation one shopper found herself in when trying to collect a laptop bought online with a major UK department store last year shows us that there’s still some way to go when it comes to retailers’ fraud prevention systems.

That particular customer said she felt like she’d “been made to feel like a criminal” after being told she couldn’t collect the item “for security reasons”, despite the money having been deducted from her account.

The way forward

If retailers have fraud prevention technologies they can be confident in, the initial risk assessment made at the time of the online purchase should be enough. To make sure, retailers could operate a simple system whereby users authenticate via a confirmation email shown on their smartphone.

Even if a fraudster managed to spoof an email, the retailer could initiate a one-time location check of the customers’ smartphone at the time of pick-up to verify their identity.

Asking the shopper for ID or similar is not fool proof as fraudsters are more than capable of creating fake credentials. If they’ve stolen enough identity information to impersonate someone online they have enough to create a fake ID in person.

In reality there’s not been much fraud in this are as of yet because it’s still easier to commit in the card-not-present space, where more transactions are carried out anyway. But if and when click and collect does hit a tipping point of popular acceptance, the fraudsters have shown in the past that they’ll always follow the money.

ThreatMetrix data from Q1 shows that account creation fraud (four per cent) is more prevalent than traditional payment fraud (3.2 per cent). In the e-commerce space that figure rises to 6.7 per cent of transactions for account creation fraud versus 2.6 per cent for payments.

But such fraud requires plenty of planning and analysis and runs the risk of both the account holder and the retailer spotting something’s up when the fraudsters changes the delivery address on a hijacked account. Choosing click and collect would surmount that particular problem and could make it more popular for online scammers in the future.

There might also be a time hence when large retailers farm out their collection points to local shops, garages and other businesses. In that scenario, staff may not be as discerning about fraud checks at the point of pick-up.

But in both cases, the answer is a solid fraud screening process at point of purchase; ideally one which combines device identity with a range of contextual attributes unique to the user including log-in habits, typical locations, user IDs, email addresses, phone numbers and shipping information. And if they absolutely must, retailers can double check identity at collection via a smartphone + email.

It would be a shame if retailers’ perceived risk ultimately holds back the adoption of click and collect. That would be a lose-lose for merchant and customer alike.

About the author

Dr Stephen Moody is EMEA solutions director at fraud protection firm ThreatMetrix.

Image souce: Shutterstock

Related