Social media shopping is booming in popularity, as platforms roll out new and creative ways for users to buy directly from posts and merchants use social marketing to attract new customers. From established tools like Instagram Shopping to Snapchat’s new augmented-reality tools for trying on shoes, shades and cosmetics, there’s a lot of creativity and opportunity in the social commerce space. In the U.S., social commerce was worth $26.9 billion last year, and globally it’s projected to grow to more than $604 billion by 2027. Those are appealing figures for retailers who want to grow their ecommerce revenue, as in-store traffic remains low in many places.
Unfortunately, there’s also a lot of opportunity for fraudsters to exploit social commerce through account takeover (ATO) fraud. Merchants who want to grow their social sales channels, protect their revenue and maintain a good customers experience must understand how social ATO fraud happens, how it can impact them and how they can prevent it.
Rise of social shopping
Why is social shopping so popular now? It blends two things most of us have been doing more often over the past year -- spending more time on social media and buying things online. Among consumers who use social media, 40% say they’ve bought something through Facebook, while more than 10% also report buying from Instagram and Pinterest.
CMOs report a 24% increase in social media’s contribution to company performance since February of last year as well as a “historic return on their social media investments.” With a low barrier to entry for many shopping features, vast user bases and huge amounts of data on user interests and behavior, it’s easy to see why so many retailers are enthusiastic about social selling.
Where good customers go, fraudsters follow
Of course, when a new sales channel emerges—and especially if it becomes popular with consumers-- fraudsters move in as well. And just as social commerce combines social media activity and online shopping, social commerce fraud exploits two potential areas of weakness – social login credentials and comprehensive order screening.
Part of the problem is human nature. Most people are not rigorous about choosing secure passwords. Consider that in 2020 more than 2.5 million people reported using the password “123456” for at least one account. Weak passwords are easy for malicious hackers to guess and easy for password-cracking bots to reveal in a fraction of a second. In practical terms, there’s virtually nothing keeping attackers out of these accounts.
Worse, 53% of people admit reusing the same password for multiple accounts like social media and email. That means that when someone’s login credentials for one account are exposed in a data breach, savvy fraudsters using automated tools can quickly attempt to credential-stuff that information into other platforms to see where else they can break in and take over.
The consequences are easy to see. A 2019 study found that 53% of social media logins are fraudulent, while 22% of internet users report that their online accounts have been hacked at least once and 14% reported they were hacked more than once.
There’s another social media fraud risk on the user side: Fully ¼ of all new social media accounts are fake, created with synthetic, false or stolen data. Social media account takeovers put consumers’ personal and payment data at risk, and fake accounts create synthetic fraud risks for merchants.
When customers appear to be authentic, it can make it harder for merchants to detect fraud attempts at checkout. That means that if a fraudster gets past a social accountholder’s login, they may be able to commit fraud with impunity, at least until the accountholder notices and reports the charges.
The impact of social ATO fraud on merchants
Obviously, when criminals get access to victim’s social media accounts, they can use any payment methods on file to make purchases. Fraudsters can also add stolen payment data from the dark web to fake social accounts they create on their own. In both of these cases, merchants who don’t catch these fraudsters before the orders are approved can find themselves liable for costly chargeback fees, in addition to the cost of lost goods.
Overall losses from ATO grew by 15% from 2018 to 2019, according to Javelin’s 2020 Identity Fraud Report, with other reports indicating a dramatic jump in ATO fraud since the beginning of the pandemic. As social commerce’s popularity grows and more merchants sell through social platforms, it’s likely that fraudsters will continue to target the channel.
How can merchants protect themselves against social media fraud?
It’s important for merchants to keep in mind how common social account takeovers are and to avoid relying on a successful log in to authenticate the customer’s identity. Other real-time and historical customer information should factor into order decisioning on social platforms. For example, comparing the customer’s current location, device, behavioral biometric data and purchasing history can all aid in detecting ATO fraud. If a customer who always logs in from their laptop in Iowa and purchases clothing is suddenly logged in from Florida on a phone and buying electronics, the order should be flagged for manual review. That review can determine whether the order is from the Iowa customer, who is buying gadgets while traveling for work, or from an ATO scammer trying to buy items for resale.
Social commerce promises to help merchants grow their customer base, earn more repeat business and generate more revenue. In order to succeed in this channel, merchants need to make sure they understand the risks, know how to properly validate their customers and review flagged orders to ensure that they don’t turn away good orders, while stopping ATO-related fraud.
Online retailers are continually seeking ways to streamline the checkout process and improve the shopping experience for their customers. The introduction of the Payment Request API is a significant development in this regard, as it allows retailers to easily integrate Apple Pay and other payment methods directly into their websites. This technology not only simplifies the payment process but also enhances security and convenience for users.
What is the Payment Request API?
The Payment Request API is a web standard that enables merchants to accept payments through various methods, including Apple Pay, Google Pay, and traditional credit cards, with minimal integration effort. By using this API, online retailers can offer a consistent and seamless checkout experience across different devices and browsers.
For consumers, the Payment Request API simplifies the payment process by automatically populating payment details, reducing the number of steps required to complete a purchase. This leads to faster checkouts and a lower likelihood of cart abandonment, which is a common issue in online shopping.
Integrating Apple Pay with the Payment Request API
One of the key benefits of the Payment Request API is its ability to integrate with Apple Pay. Apple Pay is a widely-used digital wallet service that allows users to make secure payments using their Apple devices. By leveraging the API, retailers can easily add Apple Pay as a payment option on their websites, providing a more convenient and secure way for customers to pay.
Integrating Apple Pay through the Payment Request API is straightforward and does not require extensive development work. This makes it an attractive option for retailers looking to enhance their payment offerings without significant investment.
Benefits for Retailers and Consumers
The integration of Apple Pay via the Payment Request API offers several advantages for both retailers and consumers:
Enhanced Security: Apple Pay uses tokenization and biometric authentication, such as Face ID or Touch ID, to secure transactions. This reduces the risk of fraud and enhances consumer trust in the payment process.
Improved User Experience: The streamlined checkout process provided by the Payment Request API reduces friction, leading to higher conversion rates and customer satisfaction. Consumers can complete their purchases quickly and easily, with their payment details securely stored and automatically filled in.
Broader Reach: By supporting multiple payment methods, including Apple Pay, the Payment Request API enables retailers to cater to a wider audience. This flexibility can help attract more customers who prefer different payment options.
Increased Conversion Rates: A smoother, faster checkout process often results in higher conversion rates. With fewer steps required to complete a purchase, consumers are less likely to abandon their carts, leading to increased sales for retailers.
The Future of Online Payments
The Payment Request API is a game-changer for online retailers, offering a simple yet powerful way to integrate various payment methods, including Apple Pay, into their websites. As consumer expectations for fast and secure checkout experiences continue to rise, adopting this technology will become increasingly important for retailers looking to stay competitive.
As the use of digital wallets and alternative payment methods grows, the Payment Request API will play a crucial role in shaping the future of online payments. Retailers that embrace this technology will be well-positioned to meet the evolving needs of their customers and provide a superior shopping experience.
The API is enabling online retailers to seamlessly add Apple Pay to their websites, offering a more secure, convenient, and efficient checkout experience. As this technology continues to evolve, it will likely become a standard feature for forward-thinking retailers looking to optimize their online payment processes.
