Generative AI like Chat-GPT is transforming our world, even if we don’t know what the final outcome will be. The mere uncertainty caused by the advent of this technology is enough to transform entire industries. Fraud prevention is no different.
Generative AI has the potential to automate an ever-increasing number of previously manual tasks. These increases in efficiency will find their way into fraudster methodologies. To think otherwise is to ignore the revolution going on around us. We all must adapt to this new reality.
I would argue that it is too early to develop mature strategies for preventing generative AI fraud. The technology is so new–both to fraudsters and fraud fighters–that neither side fully understands the possibilities. Tactics developed today to prevent e-commerce fraud powered by generative AI will be mere band-aids because they must live inside our existing strategic frameworks.
We need to spend the vast majority of our current time and resources revamping these strategic frameworks.
Embrace the death of the chargeback approach
It’s only a slight exaggeration to say the e-commerce fraud prevention industry began with a single word: Chargeback. But over the years, the complexity of what it means to provide e-commerce fraud protection grew. The basic assess risk→ approve/decline flow expanded to include tactical customer experiences (i.e.: reduce friction), and today, the strategic customer journey.
A brief stroll down memory lane proves the point. Ten years ago, the industry, writ-large, marketed itself as a chargeback prevention solution. That messaging shifted over time to accepting more orders, which further morphed into protecting the customer experience. Right now, marketing materials are awash in language describing fraud prevention as something that touches every single touch-point and department, from marketing all the way through to logistics.
Today, at the doorstep of the use of generative AI by fraudsters, this thinking needs to reach its logical conclusion: preventing fraud is not really about preventing fraud at all. It’s about strategic organizational security.
True, we don’t know how fraudsters will use generative AI. But we can assume that future strategies and tactics will be so complex, so sophisticated, and so comprehensive in their search for vulnerabilities all across an organization that the solutions companies will look to purchase to combat them will need to do the same. It won’t be enough to just sell a chargeback solution; you will need to sell a security solution. To do otherwise will be seen as akin to bringing a knife to a gunfight.
This principle is so crucial to the future of the industry that I wouldn’t be surprised if not a single viable company marketed a ‘chargeback prevention’ solution in ten years. You will have IT companies that specialize in securing infrastructure against hackers, and you will have companies that work to prevent the exploitation of organizational processes by fraudsters. Our industry will naturally grow into the latter.
Thinking about efficiency, not just the customer
This transition requires thinking more deeply about where we can provide value by securing organizational processes. The recent transition towards messaging around the customer experience/journey should be re-conceptualized to move the central focus away from the customer. Because in reality, what we are really talking about is how to eliminate the organizational inefficiencies caused by fighting fraud–a goal for which the customer is just one very small vignette for measuring overall success.
The addition of the logistical complexities of return fraud that we are starting to see bubble up in conversations is a welcome step in the right direction. However, it’s just the tip of the iceberg. Removing the inefficiencies caused by the need to secure things efficiently across entire commercial organizations can stretch to all areas of the business, from marketing (customer education) through to engineering (building more fraud-tolerant systems). Currently, these ideas are often discussed, but there is no commercialization around providing solutions.
For example, customer education around fraud is crucial. Our consumer survey showed the market is increasingly educated, and values protection. Yet, we don’t see any movement by solution providers towards providing companies with services targeting what is an increasingly strategic selling point for their audiences. Asking questions like: How do you communicate effectively around fraud prevention? What value-add can we provide to empower companies to make customers feel more secure? will be crucial questions to our industry as generative AI widens fraudsters’ scope of attack.
New threats, new opportunities to prevent them
Generative AI will change the face of e-commerce fraud prevention with things like fake images, videos, identity theft, fake identities, impersonation techniques, and more that we can’t even imagine right now.
This will bring a lot of new and unforeseen risk. Luckily, that has always been the bread and butter of our industry. But unlike the last ten years, this new round of risk prevention will require us to go back to the drawing board. Not so much because the old problems won’t still be there, but because disruptive technologies like generative AI must disrupt the old order. For businesses that sell risk mitigation strategies against the old model, that requires a revolution in thinking equally bold as the revolution in technology.
New business models are needed to protect against the threats of the future. We have been here before, at the advent of the industry. In many ways, we need to rediscover the culture of innovation that drove solutions when internet payments were just gaining commercial acceptance.
Incumbents that adapt have a world or opportunity to secure the internet of the future.
~The editorial board