How to commit fraud in eCommerce transactions

In real life, I am me. There are no boundaries in the digital world. In the real world I am struck by the inability to climb walls, swing around the city, or fly faster than light around the world. In the real world I can catch bad guys if I have the guts but I can uproot my biometric identifiers while doing so (facial recognition, broken nose and / or jaw, closing eyes, etc.).

Problem with eCommerce transaction

The anonymity of the digital world is giving headaches to all online commerce vendors. One of the first steps to take any type of eCommerce transaction online is the need to register a visitor. This is one of the biggest obstacles in online commerce, be it B2C or B2B.

A consumer user often avoids complicated and complicated registration forms and chooses to trade elsewhere without these constraints. A business user is expected to have easy access to external services without any additional hassle.  still …

Too many online sites fall for specialty traps. They want to know everything about their customer, so they need a lot more information. Wouldn’t it work with less information? Or perhaps using external information sources to speed up the registration process? Using a third-party source that has already stopped detection at some point would be a great way to speed up customer conversions.

How to spot eCommerce fraudster

To view a fraud, you have to use a source where the user’s true identity has been verified at some point. Clark Kent is trying to register on your online site, until an independent source can actually confirm his home address of the now extinct Krypton, which can prove to be a difficult task. He’s gone.

Taking advantage of existing identities, such as EIDs, is an option. Unfortunately, EIDs are not enjoying the successes they should have outside of certain countries. However, there are other sources where a verified digital identity can be verified.

Banks in most parts of the world implement a stringent registration process to become customers. Mobile network operators (MNOs) in most cases confirm the identity of their subscriber, leaving the identity of the so-called burner without a link to a so-called credit card or other personal identifier, or a pre-paid subscription. It varies from operator to operator and country to country, but in general, financial institutions and MNOs are a good source of fraud detection.

How financial institutions and mobile network operators commit fraud

Financial institutions and MNOs have a wealth of disguised identities. They know our names, our addresses, emails, phone numbers and various other features and they have done their job in displaying these characteristics. Otherwise, Mr. Kent will run out of gas, have no access to his money and is unable to send text messages.

Companies holding these identities can act as identity providers or specialty providers. This information may be used to our advantage, with the user’s consent, to improve our experience with other digital or third party services. Emphasis on user consent.

API-economy is about machines talking to other machines.

If you have an online site, you can use an API exposed by a third party to get user attributes. You can use the many standards available from a third party to confirm the identity of an online user and make sure that person is actually Superman and not Bizarro.

Federation protocols such as SAML and WS-Federation have been around for some time and have established themselves as de-facto protocols in transferring identity information from one domain to another. OAuth, OpenID Connect are more recent, reliant on the Internet’s trusted infrastructure and are very friendly towards developers. The most recent one is Mobile Connect.

Mobile Connect is a specific implementation of the OpenID protocol, but it has the most ability to interrupt everything we know about authentication.

Promise of a global identity with Mobile Connect

If you think about your own situation, you will think about your customer experience. We all have a lot of passwords. I can barely keep up with all the different passwords I’ve used to register as “Superman Not Bingaro”. As users, we do not need a second password.

Mobile Connect can provide a global identity.

If you are eBay or Amazon, or a local bike shop, Mobile Connect can provide you with an identity. What’s more important, Mobile Connect can tell your online customers, with the consent of users. Therefore, I urge you to watch GSMA Mobile Connect program.

Leave a Comment