Ensuring adequate fraud protection and refining the customer experience is a delicate balancing act for eCommerce merchants. Data collection at account login, two-factor authentication, and card verification at payment all add friction along the customer journey, and the hosting platform plays a huge role in where that journey ends up.
How are hosting platforms addressing this issue of friction to ensure a good outcome for merchants with minimum cart abandonments? Which hosting software should a merchant choose to ensure card data are safe, chargebacks are kept to a minimum, and their customers will keep coming back?
Read on to find out how Magento and WooCommerce are tackling fraud management.
The Discordance Between the Customer Experience and Fraud Protection
Few merchants would argue that the customer experience is the most important factor when building an eCommerce site. Successful startups like Warby Parker, the eyewear retailer, and the eCommerce juggernaut Amazon have all built their kingdoms by honing the customer experience. In the case of Warby Parker, consumers can try on a selection of eyewear designs in the luxury of their own homes, and Amazon supercharged the shopping experience with fast checkout and free delivery.
Competitive eCommerce sites are expected to provide easy product search, flexible shopping carts with wishlist capability, and fast payment gateways. These are nice-to-haves, but what is a sure must-have is fraud protection.
And therein lies a problem. As much as consumers want to know that their data is safe and their payments secure, they also want fast checkout and seamless purchasing. Fraud protection slows down the customer journey with data requests, card verification, and advanced security protocols like two factor authentication.
Unfortunately, the customer experience and fraud management are diametrically opposed.
How Fraud Management Detracts from the Customer Experience
What merchants are experiencing is that fraud management, while necessary, is a pain point for their customers at practically every touchpoint: account creation, login, shopping, payment, and shipping and returns.
According to Forbes’ 451 Research’s Voice of the Enterprise: Customer Experience & Commerce, Merchant Study 2021, while merchants are concerned about the impact fraud has on their profits, they are more concerned with the impact fraud management protocols have on the customer experience.
Here’s a look at how friction is created at each step along the customer journey.
Fraud protection requires data collection. The more data the merchant collects from a customer, the better they can verify their identity and authorize transactions. This requires time-consuming online form-filling and verification procedures for customers when they create accounts and try to checkout.
The best fraud protection requires excessive authentication at login. For example, two-factor authentication and one-time passcodes.
Fraud prevention calls for additional layers of security. Customers love one-click checkout when shopping because it saves so many steps. But that one-click doesn’t leave room for control layers that can prevent fraudulent transactions and reduce returns and chargebacks.
Unnecessary or unoptimized 3-D Secure requests, high rates of false-positive declines, and purchase restrictions (from certain geographies) all frustrate the customer at checkout.
Shipping and Returns
Lengthy shipping timeframes due to excessive manual reviews, delayed fulfillment due to fraud risk concerns, and restrictive return policies make life difficult for customers.
For more on the pros and cons of Magento, read “17 Things Merchants Need to Know Before They Commit to Magento as Their ECommerce Platform”
How to Strike a Balance Between Fraud Prevention and A Slick Customer Experience
There’s little doubt that adequate fraud prevention requires layers of security controls, and those layers slow down conversions for merchants. Ultimately, fraud protection is a direct threat to customer lifetime value and future revenue.
For example, despite demanding adequate protection from fraud, a survey conducted by 451’s VoCUL: Connected Customer, Loyalty & Retention conducted in 2020 found that one-third (30%) of consumers might stop using a brand or retailer if a transaction is mistakenly declined.
So, how do merchants straddle the line between providing adequate fraud protection on their eCommerce sites and providing a great customer experience?
According to McKinsey & Company, “organizations need to achieve a seismic shift: from reactive and siloed fraud mitigation to a proactive, customer-centric, integrated, and continuously evolving approach.”
McKinsey boils this down in simpler terms to three steps. First, apply artificial intelligence and machine learning to fraud management technologies. Second, use actionable analytics combining scores, rules, and red flags; and third, improve technology and advanced authentication for a better customer experience.
Armed with that knowledge, we looked at the eCommerce hosting platforms Magento and Woocommerce to see how each platform stacked up in terms of those three recommendations.
1. Artificial Intelligence and Machine Learning Applied to Fraud Management Solutions
Magento users can integrate sophisticated, intelligent fraud detection systems with their stores. For example, our tool can be used with Magento software. Our plugin provides revenue and abuse prevention and payments optimization and protection. Advanced artificial intelligence and machine learning identify any fraudulent transaction and stop them before the transaction is authorized.
The plugin’s artificial intelligence checks transactions against a range of potential fraud indicators during checkout, fulfillment, and post-purchase. This product also automates chargeback protection. Other leading artificial intelligence-based solutions that Magento merchants can use are Signifyd, Kount, Riskified , ClearSale, and Sift.
The WooCommerce plugin doesn’t feature built-in security, but merchants can install plugins that do.
We have a WooCommerce Anti-Fraud plugin that checks for possible fraud whenever an order is placed using rules-based fraud management. This tool provides Risk Advise and Risk Scores.
This tool combines existing rules with a smart real-time risk score for each order. This feature gives merchants an extra layer of security by assessing orders for fraudulent activities using machine-learning algorithms. The software alerts the merchant when the risk score for an order exceeds the threshold set so that the merchant can either authorize a transaction or deny it.
2. Analytics, Scores, and Red Flags
In addition to the machine learning algorithms that analyze customer and transaction data to identify suspicious patterns that may indicate fraud, Magento allows merchants to configure their own risk management rules.
These rules evaluate transactions based on factors, such as the amount, shipping destination, and payment method. The rules allow merchants to automatically flag high-risk transactions for review while allowing low-risk transactions to proceed without delay.
Our WooCommerce Anti-Fraud plugin uses a set of rules to determine fraud risk. For example, the plugin checks if the shipping address matches the billing address and uses advanced rules such as proxy detection.
The plugin calculates a score based on the number of rules the order fails, and displays Fraud Advise based on this score. The system automatically assigns a risk score out of 100 to each order. The higher the number, the more likely the order is to be fraudulent. The merchant can evaluate the potential risk level of the transaction and act accordingly.
WooCommerce also uses address verification system (AVS) and checks the billing address of the customer against the billing address on file with their credit card company. WooCommerce plugins check for Card Verification Value (CVV) by checking the three-digit security code on the back of a credit card during checkout and can require customers to enter the CVV as an additional security measure.
WooCommerce can compare the customer’s IP address with the billing address provided during checkout. If the IP address is from a different location, the transaction is flagged for review.
3. Advanced Authentication Technology
Magento implements advanced authentication measures to protect customer data with two-factor authentication through three extensions: XTENTO Two-Factor Authentication, Magneto Two-Factor Authentication, and Amasty Two-Factor Authentication.
Admin Security by Templates Master is a more comprehensive administrator security solution that tracks and manages all login attempts to the Magento backend. Legitimate site administrators get real-time notifications via email whenever someone tries to use their credentials.
The Biometric WebAuthn Module for Magento 2 (Adobe Commerce) allows biometric web authentication for the customer at the login process. Customers can then use the fingerprint scanner or face recognition on their smartphone or mobile device to log in to the website.
In addition to two-factor authentication, merchants can install Biometric Login for WooCommerce on their store so that users can create biometric identities for swift and secure login for HTTPS-enabled sites. Users can register their identities with a USD authenticator or fingerprint recognition device.
A plugin called Loginizer limits the number of login attempts a user or attacker can try. If the number of tries to access an account exceeds a certain limit, the IP address will be blocked.
Choosing Between Magento and WooCommerce
Both Magento and WooCommerce have extensive options for security and fraud management. Both platforms are also offering extensions and tools that incorporate AI, machine-learning, analytics and alert systems, and advanced authentication to limit the friction with the customer experience.
When selecting a platform for their eCommerce store, merchants should know that Magento’s platform calls for advanced coding expertise while the WooCommerce extensions are more out-of-the-box solutions. Also, Magento’s options might be better for larger stores because the platform is designed for higher volume traffic. For the smaller business owner, WooCommerce might be the better choice because the plugins are less complex to install.
Ultimately, perhaps the goal should be to reduce the friction created for developers and admins from the necessary installment of so many extensions and plugins!
Speak to a Cartis Payments representative today about payment solutions for Magento and Woocommerce, including chargeback protection and fraud prevention tools.