How to Build an Omnichannel Fraud Prevention Strategy

It was 1861 when Welsh entrepreneur Pryce Pryce-Jones created the first large-scale mail-order catalog to sell flannel shirts, and omnichannel started emerging on the distant horizon of ecommerce.

Today, if Pryce Pryce-Jones LTD had persisted into a flannel empire, one could assume it would be on the cutting edge of distribution models, being such an early pioneer in the field. Such a company would certainly be aware of the increased profit yields associated with models like Buy Online, Pickup In-Store (BOPIS) – and also the pitfalls of such a strategy.

Let’s get up to speed with everything that’s unique about omnichannel distribution and, importantly, omnichannel fraud and how to stop it.

What Does Omnichannel Mean?

An omnichannel business model is the seamless coordination of all distribution channels within a retail company – physical or digital – to deliver a consistent customer experience. BOPIS models and similar click-and-collect distribution are examples of omnichannel models. 

In an optimized BOPIS or BOPAC omnichannel experience, a user can approach any channel to start their journey: website, phone, app, etc… Then:

1. realize that the retailer’s prices are the same no matter the channel
2. select their products
3. opt to collect in-store or at the curbside (or delivery, of course) when they check out
4. choose the most convenient brick-and-mortar location to pick their purchases up at, knowing that their selections will be stocked there when they arrive
5. pay for their items
6. later, collect their items in a scheduled window of their choosing, or have them delivered

Omnichannel vs Multichannel: Differences and Similarities

Both the omnichannel and multichannel distribution models feature multiple channels. However, multichannel tends to focus on the product(s) while omnichannel is typically centered around the customer experience.

According to Gladly, 71% of customers value consistency across channels but only 29% say they receive it.

Throughout the shopping journey, the idea of seamlessness is critically important for a good omnichannel model. For example, for BOPIS, even though the customer has entered the market through a web portal, it is understood that the details of their order should smoothly carry across to the merchant’s fulfillment channels with no mistakes. The customer should be able to reach their curbside pickup and have their order understood and ready to go, with no friction. 

This kind of model is notably distinct from a multichannel model, where different distribution channels might exist, but they are siloed away from each other rather than coordinated. Multichannel models might all be offering the same product, but could be setting different price points and using different logistics to distribute.

Why Are Businesses Adopting Omnichannel Strategies?

The factors that drive any enterprise-sized retailer to make any decision can be a complex and cumbersome process, but in the case of omnichannel and BOPIS adoption, the reason is clear: big, big money.

How Much Money Is in Omnichannel?

Indeed, according to a study published by Research and Markets, global BOPIS spending is set to reach over $700 billion over the next five years. 

Most customers trying out BOPIS-style shopping report an improved overall customer experience in terms of convenience and savings on shipping, with some even citing their preference to use BOPIS to shop locally, rather than with Amazon.

The ease of being able to see the product at pickup as well as the ability to return the item immediately if it’s not what they wanted, are key to the model’s popularity as well. 

These same customers also were more likely to purchase more items when they visit the physical store to pick up their goods, and even more likely to be purchasing larger quantities. It’s these premiums in shopping patterns that generate such huge omnichannel sales numbers, which any retailer is understandably looking to capitalize on.

Of course, the idea of getting an edge against Amazon Prime is probably a bit of a siren’s call to some retailers as well. 

With the allure of increased sales, customer satisfaction, big money, and having a leg up on Jeff Bezos, it’s quite easy to see why so many retailers are throwing their hats in the omnichannel ring.

But how exposed might these companies be if the money blinds them to the fraud vulnerabilities that are inherent to an omnichannel delivery system?

What Is Omnichannel Fraud?

Omnichannel fraud isn’t a specific fraud technique. Rather, it refers to all fraudulent practices in the ecosystem. In fact, despite its newness and unique architecture, fraudsters attacking an omnichannel system will more than likely be using old fraud techniques, not new and unique ones.

Due to the wider attack surface, there will simply be more places in the model to try the old techniques.

As such, omnichannel experiences are just as likely to fall victim to common pain points of ecommerce, including:

• account takeovers
• synthetic identity theft
• triangulation fraud
• promo abuse
• other bot-assisted scaled attacks

These are issues that all ecommerce companies face, regardless of their distribution channels.

What Factors Affect Fraud in Omnichannel Retail?

Fighting fraud inside a BOPIS, BOPAC (curbside collection) or other omnichannel model presents complex challenges for the ecommerce industry because of the interconnectivity and focus on CX (customer experience).

As discussed, omnichannel models want to create seamless integration between different arms of a company but even with the most clever seamstress, there will always be seams that can be pulled apart. 

Traditional vs Omnichannel Attack Surface

Sometimes specialists talk about the attack surface of a company when mulling fraud vulnerabilities. This refers to the overall area in a company’s structure, from manufacture to distribution to staffing, which a fraudster could potentially exploit. And, when considering BOPIS fraud and other omnichannel schemes, the attack surface is far wider than any traditional setup.

In a traditional, non-digital, card-present retail sale at a brick-and-mortar location, the attack surface is only as wide as:

1. the store and physical security
2. the checkout process

In other words, a fraudster could either physically pilfer their goods, for which there are surely physical security measures in place, or provide illegitimate payment credentials at the register, which staff members should be trained to recognize.

Really, the traditional retail transaction only has two seams. Will security recognize the theft? Will the staff member at the register react accordingly if the fraudster’s card is declined or their credentials don’t make sense? 

In an omnichannel model, the attack surface is literally as wide as all your channels, and that creates more opportunities for malicious fraud. For a hypothetical omnichannel retailer, an attack surface is at least as wide as:

1. all components of the website
2. the cybersecurity team and the software stack it relies on
3. the supply chain, including the actual stocking of product and tracking it accurately
4. the physical store security, including additional necessary infrastructure for BOPIS/BOPAC
5. staffing of the store and keeping them aware of red flags

Ecommerce Fraud vs Omnichannel Fraud

Fraudsters preying on an omnichannel system are aware of this extended attack surface, and that the connections between the various channels are prime real estate for their assaults.

Another natural vulnerability in an omnichannel experience is the fact that, compared to a traditional ecommerce click-and-wait-for-delivery purchase, the user needs to enter less identifying information, in form of (at least) a physical address.

This data point is extremely valuable when it comes to identity verification, as the names associated with an address are easily uncovered on the public web, and can be cross-referenced with other payment data. Unfortunately, there are fraudsters who readily take advantage of having to submit less identifying data. 

Omnichannel Fraud Examples

In addition to those fraudulent schemes that target ecommerce in general, some bad actors do take advantage of the omnichannel model specifically.

Retailers report instances of customers exploiting the omnichannel infrastructure – for example, paying for an item online, then canceling the payment directly before picking up their item. In many cases, the cancellation will not be communicated in time to prevent the theft.

Other low-tech first-party fraud opportunities appear in the staffing crunch that many omnichannel companies are facing. Indeed, some 22% of companies with omnichannel strategies report staffing their infrastructure with well trained employees to be their biggest challenge. 

Do you have a friend who is willing to cause a scene at Best Buy to get a sale price applied to an item not actually on sale? Who proudly walks away with two TVs after paying an ad-hoc discounted price set by an exhausted single mom? With only a moderate dignity upcharge? How likely is that person to look at a click-and-collect model and think, “Well, how well do they really know what I paid for? Might as well give it a shot?” 

Those would all be instances of first-party, or “friendly” fraud“, and omnichannel opens up the possibilities for more of them.

How Can Omnichannel Merchants Prevent Fraud?

As with a traditional ecommerce distribution channel, fraud detection software is designed to plug the holes in any leaky architecture, regardless of size or the number of channels integrated.

Like a comforting blanket, your fraud stack should be able to be laid across your attack surface, performing real-time fraud checks at whatever touchpoints need defending. This should secure your bottom line by:

• Velocity checks for incoming traffic, to look for bot-like behavior and fraudsters working at scale with stolen IDs.
• Collecting available data from sources other than the user’s address, such as:
  • reverse phone lookups, potentially revealing the use of a disposable phone, VoIP, or other number that has no obvious accountability, or using credentials known to be of untrustworthy origin.
  • email lookups, which can reveal how well-used and lifelike an address might be, as opposed to a new one set up en masse by a seasoned fraudster.
  • IP analysis, which might connect a user to a proxy center with a poor reputation, or indicate the use of a VPN or other anonymizing service – a common indication that more attention should be paid to this transaction.
• Analyzing consumer behavior and creating insights based on patterns to identify suspicious actions, so a group of customers with suspiciously similar data points reveals a fraud ring – instead of being (understandably) overlooked by human oversight alone.
• Automatically applying additional security failsafes to suspicious transactions, based on the risk appetite of the merchant, through rules that can be easily activated and customized.

Of course, there is no one-size-fits-all fraud prevention solution that will perfectly satisfy the needs of every omnichannel retailer out there. However, there are plenty of sophisticated ecommerce fraud detection tools to choose from out there – and some, such as SEON, even come with free trials, no strings attached.

Successful Omnichannel Staffing

Staff selection and awareness training is also key to preventing omnichannel fraud and scams. Preparing staff for such a system is a huge ask for any HR department.

In a system where convenience is paramount to the customer experience, and 36% of omnichannel shoppers report waiting in line as their biggest complaint about click-and-collect, how do you train a staffer to deal with unruly customers who want to leverage an impatient queue of shoppers to defraud you? 

What if the customer is in the right, and the provided manifest is inaccurate? What then?

New staffers in an omnichannel environment need to be trained with specific security goals in mind, and their due diligence should probably include:

• requesting ID from the customer and cross-referencing it with a digital manifest
• working knowledge of devices and any headless (centrally distributed) software
• manually checking the shipment against the manifests
• being prepared to handle customer-induced high-stress situations

Of course, not all of these will be required in every customer interaction. Rather, a well-trained employee who is aware of the risks can choose to request identification only when there are red flags, if clear policies have been defined by management.

Especially in the rapid hiring (and shopping) boom that always comes along with the holiday season, situations like this as well as other kinds of fraud specific to omnichannel should be kept in mind and planned to avoid both customer churn and employee turnover.

Working with SEON to Stop Omnichannel Fraud

To combat fraud specific to the omnichannel model, data also plays a crucial role in minimizing losses to friendly fraud and first-party fraud. 

While most instances of friendly fraud are hard to catch, there is still some accountability within the omnichannel structure.

Customers who manage to bully their way into more products – or take advantage of the system by quick-canceling – will certainly have their accounts banned when the fraud is confirmed.

If they want to continue using the service, they’ll have to create a fraudulent new account. SEON flags suspicious connections between users for review, who can then be put onto a blacklist. Similar data points are automatically cross-checked with incoming new ones to see if it’s likely to be the same banned shopper. 

Fraud fighting in the omnichannel space is very much a proactive responsibility.

You’ll want to identify your attack surface, learn where you are vulnerable, then use SEON to create custom rules that have been structured to detect instances of fraud specific to your company, or even leverage SEON’s machine learning, which will suggest easy-to-explain new rules that work for you. These come complete with a confidence score, for additional peace of mind.

Such fraud detection rules might be tuned to identify organized, large-scale fraud, to escalate potentially volatile purchases to the purview of a human fraud specialist, or both. SEON provides vertical-specific rulesets right out of the box, as well as the ability to retool the sensitivities of those rules over time, whenever the fraudsters in your system change their tactics. 

Even with a comprehensive, automated risk mitigation tool, securing your business model requires mindfulness and attention. This kind of dynamism can help your bottom line by offering a range of convenient, compliant, and safe customer experiences with minimal friction and high conversion, while also freeing up resources that can be reallocated into your growth plans. 

Sir Pryce Pryce-Jones’ domination of all the available channels of his time (two) allowed him to put resources into scaling, offering his catalog goods from Australia to the USA, with same-day delivery in England.

The first omnichannel strategy took him to the dizzying heights of international fame, knighthood, and the invention of the sleeping bag. He never would have been able to revolutionize both commerce and sleepover parties if the scaling of Pryce Pryce-Jones LTD had been disturbed by fraud.

Sources

• Guruscoach: 65 Omnichannel Statistics 2022 – Marketing & Customer Experience (guruscoach.com)
• InvescPro: Buy Online Pick Up In Store – Statistics and Trends
• GlobeNewsWire: The Worldwide Buy Online Pick Up in Store Industry is Expected to Reach $703 Billion by 2027