omni/multichannel: another channel for shrink?
DESCRIPTION
Omni/Multichannel: Another Channel for Shrink?. Professor Joshua Bamfield Director, Centre for Retail Research. Another Channel for Shrink? Agenda. The rapid growth of online trading Crimes against IT Order fraud Payment fraud Omnichannel Issues Refund fraud Clean fraud Delivery fraud. - PowerPoint PPT PresentationTRANSCRIPT
Omni/Multichannel: Another Channel for Shrink?
Professor Joshua BamfieldDirector, Centre for Retail
Research
Centre for Retail Research, Nottingham
Another Channel for Shrink?Agenda The rapid growth of online trading Crimes against IT Order fraud Payment fraud Omnichannel Issues Refund fraud Clean fraud Delivery fraud
Multi or Omnichannel?
Currently, retail growth = Online plus some discount areas. The game is currently about linked multichannel Omnichannel is a direction of travel rather than a
destination. Online market share in 2012 - 12.7% [£35-38 bn]
Food online share 3.7% Non-food online share 19.2%
Online market share in 2018 - 21.5% [may take longer] Food online share 9.5% Non-food online share 32.1%
Around 60,000 stores expected to close
Centre for Retail Research, Nottingham
What are the issues?
New styles of retail and of IT. Mobility, cloud, virtualisation, end- point proliferation, big data, analytics.
Speed of Market development Faster than security, risk, shrink concerns
Language. Cyberattacks (never theft), hackers, terrorists, evil geniuses, hacktivists
Operational changes. New retail – driven by IT, analytics, finance; store retail – store operations & security and risk. Who owns multichannel shrink?
Centre for Retail Research, Nottingham
Centre for Retail Research, Nottingham
Cyber-Problems
Category A: Crimes against IT Website capture, data theft, customer ID takeover, DDoS, hacking. Govt believes cybercrime costs £27 bn pa
Category B: Crimes using IT Payments fraud, fake orders, consignment fraud
Centre for Retail Research, Nottingham
Crimes against IT
Category A. Crimes against IT Breaking your system:
Distributed Denial of service (DDoS) Email bombs
Website hacking: misinformation, or data theft Fake/Proxy sites: fraud or reputational
damage, website scraping or a spam site Website data feeds: get less attention than
visitor pages. SQL injection flaw – dump data to a new site
Your success breeds envy resentment and attacks
And there are plenty of retail own goals.
Centre for Retail Research, Nottingham
IT Solutions
Monitor/prevent scraping Excess traffic monitoring Blocking IP addresses Commercial anti-bot software Honeypot tests ? National Cybercrime Unit
Centre for Retail Research, Nottingham
Employee fraud
Collusion…. and ORC The man in the call centre -
multichannel Warehouse and distribution Poor treatment of stock
Similar issues to yesterday’s retailing.
Centre for Retail Research, Nottingham
Category B – Attacks using IT
False orders Employee frauds Payment fraud Return fraud Clean fraud
Centre for Retail Research, Nottingham
False orders
1.40%-1.65% of orders are fraudulent Loss around 1.26% or £429 million Loss:
Fraud loss Profit loss from refusing honest customers Administrative costs of avoiding loss
Screening for bad orders …….. 58% manually reviewed 71% of reviewed orders accepted 4.3% rejected for fraud
Centre for Retail Research, Nottingham
Rule-based Systems
Country or area – UK retailers pushing at borders.
Calculate objective risk factors: high value, high frequency, multiple items, risky postcode, expedited shipping, new customer. Behavioural risk: speed of purchase, use of website, hovering. Analytical software: monitor customer
conversion rates, metrics, average checkout time and no. of pages, 2-3 day changes in ordering/delivery postcodes or products.
Assess by channel
Centre for Retail Research, Nottingham
The Right Customer
Authentication – problem of abandoned baskets.
Do we want to know if this is the right customer?
User code and PIN usual + cookies Device information - Usually collect
IPaddress (PC) or IMEI (mobiles). Regular customer continuing usual
routine? Mobiles – authentication harder than PCs Multifactor authentication might be the
answer, but take-up even of 3D secure is weak.
May well be driven by payment technology (if at all), but problems with mobile transactions
Centre for Retail Research, Nottingham
Criminals taking over customer accounts: some options Account password storage. Password strength Taking control of cookies XSS/cross site scripting issues (mixed mode
website coding) Obviously IT has to fix these things..BUT White Hat Security Report – May 2013
- 86% of all sites – at least 1 major security flaw- Av no. of serious flaws 56 (230 in 2010)- Time taken to resolve issue - weeks- IT websites – most flaws
Centre for Retail Research, Nottingham
Payment fraud online
Raises same issues as any payment fraud, but no card required
Dependent on order acceptance Use:
Card verification/CSC 70% 3D secure/VbyVisa 61% Address verification 56% Postal address validation 24%
Supplementary IP Geolocation 17% Device fingerprinting 8% 2-factor authentication – eg PIN and token
Centre for Retail Research, Nottingham
Scope of Payment Fraud
Card fraud fallen by 70% since 2004 Online payments fraud around £90 mn or 0.26%
of t/o If near the barrier, banks more vigorous with
chargebacks and will change conditions of acceptance with limited notice.
Use of Paypal – security issues in concealing customer payment details
Centre for Retail Research, Nottingham
Delivery fraud and shrink
Click & Collect shows whether goods have been received. Really? Is Click & Collect a shrinkage hazard? Delivery address changes, hot
postcodes, & address checks help somewhat
Packaging and delivery affects waste Email and sms with customers – delivery
options and time slots. Reduces fraud, prevents revisits
Doorstep thefts
Centre for Retail Research, Nottingham
Omnichannel
Single view of customer – previous purchases, preferences/sizing, goods on order, payment methods, wish lists.
Means dipping into many databases, and auxiliary data pools.
= risk Shrinkage: analyse by
product/category and channel
Centre for Retail Research, Nottingham
Returns
Major online problem - difficult to control
Sizing and product info can be of some help
Storage issues of returned merchandise Use of returns to a physical store may
improve control. Option choice Sharing information with other retailers
will show excessive returners
Centre for Retail Research, Nottingham
Mobile phones
Mobile is Fastest Growing Area Users do not update their software Proportion of users check email thru
smartphones and can be compromised Authentication a problem Malware eg Certificate.apk security app
sending bank details to +44 number. Perkele diverts sms messages to malware owners.
Android OS used for 79% of 2012 malware. Non-pay exploits now v. popular.
Tablets – few security devices and anti-virus
Centre for Retail Research, Nottingham
Clean fraud
In the US, clean fraud is now seen as the biggest problem and is hardest to screen.
Customer behaviour and age of account Metrics: age of email account, electoral
roll, discrimination by product …. Dependent on continuous monitoring
Go deeper: social media, internet search.
Curbing online shrinkage Security risk and audit follow in the footsteps of
IT and marketing Omnichannel – multiplies risks. Vulnerabilities at
every stage Risks v reward has to underlie decisions There is excessive manual order screening Trends by value and by location mean more
screening tools required Shrink in distribution, return, and delivery very
important. Communication….. Data sharing will help with key metrics.
Centre for Retail Research, Nottingham
Centre for Retail Research, Nottingham
Thank You
Prof Joshua BamfieldCentre for Retail ResearchNottinghamNG22 9HQ01623 867559www.retailresearch.orgTwitter: cristobel75