Phoram Mehta, Senior Director and Chief Information Security Officer of APAC at PayPal
The holiday season is around the corner and scammers have been busy impersonating and seeking means to dampen your festive mood.
In 2021, Americans lost over $6.9 billion to fraudsters, including $337 million in online shopping and non-delivery scams, according to the FBI[1]. In Singapore, the police have warned the public about phishing scams, which involve emails, texts and phone calls from scammers impersonating staff from e-commerce marketplaces[2]. Singaporeans lost $764,000 in one month alone, in September 2021 to non-banking-related phishing scams[3].
This year, small businesses feeling the post-pandemic squeeze are likely to see less of a holiday shopping frenzy. Retailers counting on key sales moments towards the end of the year must manage their inventory, revamp websites with seasonal promotions and get ready to capitalize on the spikes in consumer demand.
Convenience remains key for online retailers. Research shows that for every 10 customers who add an item to their shopping cart, seven of them, in fact, leave without completing the purchase[4]. That’s why a secure and seamless shopping experience is crucial for any merchant to minimize cart abandonment and win more customers during the shopping mayhem.
Holiday shopping, especially via frequent online transactions, makes customers vulnerable as cybercrimes and scams surge during the holiday season. Because there is a larger pool of targets than any other time of year, merchants should revisit their cybersecurity measures to ensure checkouts are both secure and frictionless, with neither attribute compromised for the other.
A non-negotiable: Enhanced security plan to mitigate scamming risks
According to the Ministry of Home Affairs, there were more than 2,700 e-commerce scam cases reported in 2021, with about $5.8 million in losses[5]. They have become one of the most prevalent types of scams in Singapore, posing risks to both consumers and retailers alike.
Phishing is one of the most reported scams during holiday seasons, with shoppers often duped into buying fake goods such as counterfeit watches, “miracle” cures and other holiday-branded goods. e-commerce more broadly can suffer as a result, as one loss from a scam can lead to a total erosion of the trust consumers have towards all things digital, undermining the efforts of e-commerce businesses and governments that have invested heavily in creating digital infrastructure to increase access and ease to their services. Therefore, setting up a holistic security plan to manage these risks is non-negotiable.
A dilemma: Choosing between security and seamlessness
A dilemma presents itself when adding security measures that introduce friction in consumers’ shopping experience.
Points of friction come in three common forms: first with identification, where shoppers must constantly verify their identity across different sites and platforms offered by the same merchant, such as their website and mobile app; Second, with authentication measures like passwords and logins, which may require multiple steps, such as 2FA, filling out CAPTCHA boxes, or waiting to receive OTP pins. Third, during the checkout process when the customers make the payment, which has a last authorization step asking shoppers to confirm their card or bank. By this point, ample opportunities have been introduced for cart abandonment.
So, the question is, how to find the right balance between security and a great shopping experience?
A joint effort: Finding the right balance
The online business environment is intrinsically not built with security in mind. Thankfully, the fight against cybercrimes in e-commerce is a joint effort involving government bodies, businesses, and the public.
The Cyber Security Agency (CSA) of Singapore has introduced multiple measures targeted directly towards small business and end consumers. For example, the Cybersecurity Labelling Scheme has been introduced for consumers to know before they buy the security levels of the smart devices they bring in their homes and use on a daily basis for variety of purposes, including but not limited to performing e-commerce transactions[6].
At the same time, e-commerce merchants are striving to improve security solutions among their many operational priorities, such as logistics and inventory. Since most of them do not have the subject matter expertise and technologies available in house, a retailer may choose to partner with PayPal. PayPal’s behavior analytics tracks behavior patterns against established baselines and introduces extra checks when a user or device behavior seems anomalous. Additionally, PayPal introduced Passkeys to replace passwords and allow seamless logins for consumers across devices and platforms. This allows for easier online checkout for buyers and removes checkout friction for merchants.[7]
Practical tips to stay competitive this holiday season
What can businesses do from a practical standpoint to best capitalize on this holiday season? Here are three tips to consider:
First, personalize your products and services. Does the shop offer any customization service such as name engraving to give a little personal touch? Customer expectations are constantly evolving, and the trick is to listen to what each shopper is looking for and what they would enjoy the most. According to PayPal’s Borderless Commerce Report 2022, 46% of online shoppers said they’re more likely to buy from retailers that offer virtual or digital experiences[8]. Therefore, introducing interactive elements to the shopping experience, such as providing a virtual makeup service or offering 3D tours, might appeal to shoppers. Optimizing on-site content with holiday-specific keywords also helps personalize the holiday shopping experience.
Second, optimize the checkout process. This is one of the most effective ways to maximize holiday sales. The month of December experiences the highest cart abandonment rates of the year[9] as people spend more time deliberating on gift options for their loved ones. Creating a frictionless and flexible shopping experience by offering guest checkout and diversified payment options could directly translate to higher rates of conversion.
Third, create peace of mind. Communication touchpoints between merchant and consumer are vulnerable to malicious attacks, especially at the payment transaction level. Ensuring sufficient security measures, using a trusted payments provider, and providing buyers with options to contact you will greatly help merchants gain the trust of consumers, maximize authorization, and minimize losses.
[8] Borderless Commerce Report 2022. P6. PayPal commissioned Ipsos PayPal Cross-border Insights 2022. n=14,000, 14 markets. Online survey of adults (aged 18+ who have purchased online in the past 3 months) between December 2021–January 2022.