Digital fraud has threatened merchants since the advent of eCommerce, but it has been especially pernicious over the past year as the pandemic and economic downturn leave businesses and individuals vulnerable. Fraud rates have increased by 55 percent since the health crisis began and retailers are devoting as much as 10 percent of their annual budgets to fraud prevention — understandable given that some reports estimate that up to 70 percent of all traffic on eCommerce checkout pages is generated by fraudsters’ bots. Retailers are also favored targets for growing numbers of cybercriminals wielding artificial intelligence (AI), however, and AI-based fraud schemes threaten to derail even merchants’ most recent efforts.
Jewelry and home goods retailer Kendra Scott is well-aware of the dangers of AI-powered eCommerce fraud. The company, which started as a one-woman operation in 2002 and has since grown to include 75 stores, has been forced to rely on online sales during the pandemic despite the fraud risks.
“One of our top priorities was to create a way for customers who shop our stores to connect with our associates digitally,” said Jim Dunlap, Kendra Scott’s chief information officer. “We have seen cybersecurity threats continue on a daily basis, [and] cybersecurity principles and best practices apply everywhere, regardless of industry.”
Kendra Scott has faced various AI-bolstered online attacks aimed at exploiting customers’ economic insecurities over the past year, but it has fought fire with fire by deploying AI-based countermeasures of its own.
Evolving Fraud Threats During The Pandemic
Fraudsters who harness AI typically leverage two types of attacks: They develop new scams that capitalize on AI’s capabilities or use the technology to launch schemes at an unprecedented scale. The fraud techniques that Kendra Scott experienced over the past year have largely consisted of the latter, with the retailer facing an unprecedented quantity of familiar attacks.
“Common threats now on the rise are phishing, spoofed emails and ransomware,” Dunlap said. “We have seen a doubling in the volume of threats between the beginning of [the pandemic] and today, with no relief in sight. … The sophistication of fraudsters is increasing and, consequently, their tools of choice are also far more complex than in the past.”
These fraudsters can also cause reputational damage in addition to stealing funds and data, regardless of whether the attacks succeed. Customers are often reluctant to do business with companies that they believe have subpar security, so even failed fraud attempts can do harm.
“You don’t need to outright attack someone’s infrastructure to damage them,” Dunlap explained. “Once the public’s opinion of you has been turned against you, it’s too late to be corrected by any technical controls.”
This means that anti-fraud measures must be proficient enough to not only block attempted schemes but also discourage fraudsters from even launching attacks. Kendra Scott found that AI-based countermeasures provided the best way to accomplish this.
Deploying AI In Fraud Fighting
Kendra Scott’s AI suite revolves around detecting unwanted malware, which fraudsters often leverage in their schemes. The company uses security information and event management — a system that collects security logs, normalizes data and analyzes it — as well as endpoint detection and response, which records and analyzes consumer behavior at certain points, such as during onboarding, and flags suspicious activity.
“AI can be used by organizations such as ours to learn how to remove noise or unwanted data, allowing our cybersecurity team to better detect abnormal activity and identify new types of malware,” Dunlap said.
These systems cannot stand on their own, however, especially as new generations of malware threaten to outsmart or overwhelm existing automated defenses. Dunlap noted that human analysis will likely always be necessary to augment AI-based cybersecurity.
“Where [AI] can be leveraged in the future is by further automating analysis, automating responses and reducing staff’s eye-on-screen time,” he said. “However, with any automation, you must balance that with having trained professionals to guide the tools. While AI and ML [machine learning] are great for replacing pools of personnel performing rote tasks, they will never replace instinct and experience. You still need someone to tailor the tools to your environment and company, and course-correct when needed.”
Flexibility will be the name of the game for fraud prevention well into the future, and AI can help retailers stay abreast of the latest schemes designed to thwart their defense systems and bilk customers of their funds. Fraudsters never stop innovating and neither should merchants.
Selected by EFXA