Connected & Ready

Preventing e-commerce fraud, with Steve Wilson

Episode Summary

Over the past few months, the percentage of online sales have doubled, creating a rush to offer digital sales. In this episode of Connected & Ready, Gemma is joined by analyst Steve Wilson for conversation about moving online quickly while still protecting against fraud and other risks. Steve shares his views on the risks of e-commerce, the benefits of adopting a modern CRM system, and the questions you need to ask before you open online. Microsoft Dynamics 365 Fraud Protection helps merchants minimize losses, safeguard revenues, and protect their reputation. Request a live demo today.

Episode Notes

Host Gemma Milne is joined by Steve Wilson, vice president and principal analyst at Constellation Research. They discuss the recent acceleration of e-commerce, the tools businesses can use to protect themselves from fraud, and the importance of having a good partner when transforming to digital.  

About Steve Wilson  

Steve Wilson has worked in innovation, research, development, and analysis for over 25 years. His particular areas of focus are digital identity and privacy, big data, and cyber security.  

Learn more about Steve Wilson:  

Learn more about Constellation Research:  

Topics of discussion  

Sponsor link  

Learn how Microsoft Dynamics 365 Fraud Protection helps e-commerce, brick-and-mortar, and omni-channel merchants minimize losses, safeguard revenues, and protect their reputation. Request a live demo today.   

Helpful links  

Follow us on social media  




Episode Transcription

Music playing [00:00:01]

Gemma [00:00:05] Hello and welcome. You're listening to "Connected and Ready," an ongoing conversation about innovation, resilience, and our capacity to succeed. Brought to you by Microsoft. I'm Gemma Milne. I'm a technology journalist and author. And I'm going to be exploring trends around how companies are adapting to a disrupted world and preparing for tomorrow. We're going to speak to the innovators who are bringing products, operations and people together in new ways. As businesses adapt to an evolving environment, digital transactions are accelerating and there are big shifts to e-commerce. 

[00:00:37] With rapid technological change, though, comes an increasing vulnerability to fraud. In today's episode, I'm chatting to Steve Wilson, vice president and principal analyst at Constellation Research, about these new and evolving e-commerce fraud risks, how businesses can stay clued up and prepared in protecting consumers, and how emerging technologies are helping combat fraud in future, plus also maintaining a seamless consumer shopping experience. 

[00:01:06] Steve, thank you so much for joining us on the show. I wonder if you could start by giving us a little bit of an introduction to yourself, who you are and what you work on. 

Steve [00:01:14] Thanks, Gemma. Greetings from the other side of the planet. I'm based in Sydney. I lead a body of work at Constellation Research, which we call Digital Safety and Privacy. Constellation's an independent analyst firm based in San Francisco. We've got people around the world. We're a small firm dedicated to enterprise tech and disruption. But of course, we're all living and breathing disruption now. We help our clients understand what's coming down the pipe, what new technologies are really going to make a difference to them. So we specialize in AI, cloud, big enterprise stuff like customer relationship management, salesforce, automation, et cetera. My background is, is cyber security and identity. And these days, that means things like big identity frameworks around the world as well as new technologies like blockchain and distributed ledger. The other thing that we do is that we're very interested in privacy. We think that privacy is actually the sharp end of digital civilization. We see— this is a slow burn— it's been happening for 30 years pre-Internet, and it's going to go on for another 30 years. But we see steady progress towards the right measure of regulation around data protection, privacy, and cyber security. So I have the lovely job of crossing over a number of different tech disciplines data protection, privacy, cryptography, identity, cybersecurity. 

Gemma [00:02:37] So before we get into some of these areas and particularly some of the technologies that have been and shall we see, enabling these areas and the work that you're doing in them, I wonder if we could do a bit of a view from the bridge, shall we say, when it comes to rise of digital transactions and e-commerce? Because I think that's going to be sort of background to this discussion – in terms of working out what is it we're even protecting from it. So maybe we could start by giving us a little bit context. What does it mean when we say that there's been this sort of digital transformation or there's a growth in e-commerce? 

Steve [00:03:10] Oh, yeah, look, a little bit of history. I got into cyber security in 1995. We used to fly partners in around the world and we would workshop this thing called electronic commerce. And we were actually speculating about whether or not people would buy stuff on the Internet. It was wisdom at those times that people would have a hybrid shopping experience and that they would be very sensitive to being able to touch and feel things like fruit and vegetables and apparel. So we actually thought we you know, we were classic big five big, big six back then, management consultants, and we were using terms like high touch goods. And we thought that clothing and fruit and vegetables were high touch goods. People would never buy them online. But we did predict, of course, books and travel and digital things. Everybody has been shocked. You know, the best people in the world were completely wrong about this 20 years ago. So what's happening? 

[00:04:06] The good news is for the last 10, 12 years, we've had very, very steady shift to online sales around the world, 20 percent average growth per annum for over 12 years. That's the shift in the share of retail that's now purchased online. So in the UK, for example, 15 percent, at least, perhaps 20 percent, depending on who you read, of all retail sales are done online. The US has about 12 percent. Australia is lagging somewhat and about six percent. But all of those are typical marketplaces and they're all growing at the same rate. COVID’s an amazing sort of petri dish for agility and responsiveness and sheer pressure. We don't have figures from the US yet, but the UK and Australia have both doubled in six weeks. 

[00:04:59] The share of online sale in Australia is now running at about 12 percent of all sales are online. In the UK it's a third of all retails now being done online, and that's up from about 15 percent from only two months ago. So it's quite extraordinary. And I'd like to unpack that a little bit because it certainly goes to the enormous pressure that retailers up and down from high strip down to the little players for people to be able to go online because people want a low touch experience. They, quite correctly, are staying in isolation. They want to do the best they can. The Internet is just a godsend. I mean, imagine what COVID would have done to us 20 years ago or even 10 years ago. It would have been quite crippling. Now, we don't have fraud figures yet for what COVID's happened. And this is really frightening because the response has obviously been very rapid. So in six weeks across the economy, the proportion of online sales has doubled. Now, I think that most of that's happening in those big mega e-commerce properties. So, you know, I don't think that mom and pop shops are doubling overnight. They were losing sales to the big properties and to the Internet channel. And now they need to be very quick, or COVID's going to crush them completely. So you've got that pressure to go online now as a security guy, I am here to tell you that haste is the friend of the fraudster because haste creates mistakes on the sell side and it creates gaps and weaknesses in the supply chain that people are taking advantage of. But the other thing, of course, about haste is that people want very fast delivery cycles. So people want instant gratification. That's really the story of the Internet, the COVID experience is not a luxury. I mean, you want your vegetables and your toilet paper delivered the same day. And that's not a luxury. I mean, to be able to have an impulse buy for a pair of sneakers or some jewelry or some perfume. Sure. Impulse buy. Very competitive. Lots of pressure. But we're talking routine, fast moving consumer goods. We're talking about the stuff of life. We're talking about flour and bread makers. And this is quite serious. People want fast delivery. So we're looking at all of these really wacky hybrid delivery channels. Now, people want curbside pickup. They want to be able to order online, but they don't necessarily want to spend five bucks to have groceries delivered through the post office. So they're ordering at some stores. And they're actually driving themselves to pick up their own stuff to save costs and time. So that's fine. But every time you do something like that, you're opening up new fraud channels and new opportunities for criminality as well. So the story, Gemma, is we're moving extremely quickly and everybody needs to keep up. 

[00:07:34] And that rapidity is leaving people open to whole new forms of fraud that we're only just beginning to see. That's pretty scary. 

Gemma [00:07:41] I want to talk a little bit more about that balance between, as you say, he said, and, you know, business continuity by going online and balancing that with protecting business and protecting consumers. But before we do that, I wonder if we could also have a little bit of a one on one in terms of what are the types of frauds that businesses are seeing with respect to this rise of e-commerce, both over the last sort of 15 years, but also in this kind of rapid change as a result of COVID? 

Steve [00:08:08] Absolutely. Online fraud has been a lot like mail order fraud for a long time. So there are all these standard things. There's discount fraud where people will claim a discount, especially in these days of coupons and loyalty programs. So people will claim a discount, make a purchase, receive some physical goods, and then take it back to another store and claim a refund at the normal retail price. So that's an absolute classic that we've seen forever. That sort of thing is compounded online, though, because of the omnichannel experience. People can buy things in different channels. People can buy obviously online and in-store where they can buy through partner sites. They can buy retail at massive marketplace sites, they can buy in app. And all of that stuff hits the back end of the retailer. And they have no idea about what rules have been applied in the different channels. So the customer is always right. And the desire for most retailers to do the right thing by the customer leaves them vulnerable to fraud because they're going to take the customer's word for the discount. We have the whole area relatedly friendly fraud where it's usually opportunistic or chargeback fraud. You'll make a purchase, something will turn up, and then you'll actually claim back to the retailer that it was never delivered. So it's a straight up lie. It's actually, anybody who watches "Orange is the New Black," they know Morillo is in jail because of chargeback fraud in a systematic way. The character in jail was systematically ripping off merchants by saying that the stuff never arrived. And again, nine times out of ten, the merchant actually wants to please. So they do what they think is the right thing. Now, what's happening with the Internet and what's happening with the industrialization of cyber fraud is the organized criminal gangs are using what's called botnets, big market, dark web computer networks of people's homes, computers that are all infected with malware and then joined up in what's called a botnet. So these botnets— this’ll take a minute to explain. But, you know, the old cliché of the sort of dysfunctional teenager sitting, you know, in a dark room with a hoodie on and hacking away at things that that's the old vision of hacking. It was all manual. It's a little bit like the equivalent of a criminal getting into a bank with a pick and shovel and digging their way underneath and spending weeks doing that. It doesn't happen anymore. The criminal gangs aren't sitting in their bedrooms, in their hoodies. They're using these botnets. They're setting up massive supercomputers. They program them with 100,000 retail sites and 10 million stolen accounts. And this criminal supercomputer will bang away at 100,000 retail sites attempting to get in. And if you're running your own website and you're trying to sell shoes or flowers or take away food, you have no idea what's going on. And you are behind your back being hammered by these criminal gangs. If you wanted to manually hack into a website or hack into a retailer in your hoodie, in your bedroom, you're going to spend weeks and weeks doing that. It's a numbers game now, though, with the big criminal gangs are assaulting hundreds of thousands of sites. And even if their success rate per site is only one percent en masse, they're just cleaning up. So, look, it sounds terrible. The good news is that fraud as bad as it is, is still only running at about two or three percent over revenue. That's across the board. So most retailers are facing two percent. Financial services are facing about three percent and that's averaged out. There are some areas where it's much worse than that. If you can really take a concerted effort against fraud, then the relative benefits to you as a business are very, very high. So, you know, as a security person, we're trying to steer a fine line. We're certainly better off than we were before. You know, the figures for going online are stupendous. 

[00:12:00] And the efficiencies and the gratification that we're all getting the choice being able to shop around the world from your home is an extraordinary privilege that we've now got. So we don't want anybody to rush away from that. But that dynamic is actually what's perpetuating a lot of fraud because the fraudsters know that the channel’s important. So this is really bizarre. But the tolerance for fraud, especially among banks, is actually relatively high because they don't want the digital channel to be jeopardized. So, you know, we're going to put up with this for a while and see how it pans out, especially with the disruption of COVID. 

Gemma [00:12:35] You know, when we say that there's this race to go online and there are associated risks with that haste. What is the cost of the haste? What is it that you're missing by going quickly? 

Steve [00:12:47] Yeah, I think a huge piece of this is just good old cyber hygiene is the term that we use in cyber security. The mundane day to day bits of cyber security have got to do with firewalls and antivirus and malware. And it's a great big mixing pot of technical stuff. It's like changing your own oil in your car. And when you're moving quickly, opening up new websites, maybe even shifting your CRM system, you want to make sure that you've got a partner that's looking after all of that on your behalf and so that you're not actually asking all of the detailed questions. You know, you need to concentrate on being aware of things that matter to your business, and you need to be aware of the things that matter in security and operations without becoming a security and operations expert yourself. So having the trusted partner, I think is the key to that. 

Gemma [00:13:37] So speaking of this, exactly as you said earlier on, this balance between haste as well as protection, as well as understanding that the channel’s really important. So, you know, let's have a little bit of fraud so that we can be online sort of thing, as you say, that this tolerance. What does that look like then, from your perspective, in terms of the technical solutions that might be out there for businesses to help protect themselves from fraud? Is it a case of, you know, there’s is tech that's going to take ages to implement and super expensive, and whatever, and that's the kind of one you pick if you want to be super protected, but take ages to get online vs. the simpler stuff that makes you get online quicker. Is it as simple as that, or am I kind of making assumptions? Tell us a little bit about that kind of ecosystem or a marketplace of tech that allows for this balance. 

Steve [00:14:25] Look, one of the themes in everything that I've been talking about, the theme is information. The criminals have got information about weak merchants, have good information about accounts. They've got passwords. They're stealing all of this stuff. Like I said before, they're hammering away at sites. And if you're a little person sitting there with your website churning away, you've got no idea what's going on. So you need to find out what's going on. You can't afford to turn yourself into some sort of cyber security guru, and yet you're playing this game with rocket scientists. So the way through this is, in fact, cloud technology and good old outsourcing. [JS(CCL1]Now, this is something that only big companies have been able to do. Banks and retailers, for that matter, airlines, you know, they outsourced their IT decades ago because they were big and they could afford to. These days it’s the cloud. The cloud has come to the rescue. The cloud is effectively democratized outsourcing so that everybody in the world, no matter how big your store is, you can now avail yourself of things like counter fraud, intelligence, expertise, firewalls, intelligent systems that can pick what's happening at your website and can respond automatically. Now, the other thing that's super important, I think I use the word intelligence as having a bird's eye view about what's happening across a whole sector in terms of fraud. So you need to know that the patterns the criminal gangs are using, the patterns that they're exploiting. How are you supposed to know what's going on? 

[00:15:52] The good news is that there are big cloud based CRM systems where information about fraud and attempted fraud and losses. This information has been pulled. A lot of this is. It's in a big black box in the back end of these of these big systems, what's new? The new capability the providers can leverage is the ability to de-identify large amounts of data and to pool it and to use adaptive AI to filter that pool data and to look for the big mega patterns that are happening. So we were talking before about botnets and the vulnerability of organized crime using botnets to launch mass attacks. And if you're operating your own business, you just don't have any visibility of that. So the information pooling that can be happening across merchants, the advantage of the big cloud providers have is hosting websites and transaction systems for large numbers of people across different industries and being able to pull that data and then extract learning from that and to then provide that learning back to their clients. That is gold. This is a numbers game. It's got to be done at scale because one of the worst things that can happen in AI is that you wind up with inadvertent biases in your data. And if you think that you've got things under control because you know about fraud patterns in Australia, whereas in fact what's happening is that there's a botnet being put together in another part of the world that is then launching itself against multiple properties and multiple retailers. You miss all of that. If you're running your own analytics. So being able to pull that data and to remove biases from the data I think is real gold. Now, I don't want to over promise here. I think that bias in machine learning is one of the real red hot topics. And I certainly don't want to promise that you can remove bias easily. But we do know that one of the keys to this is to have large amounts of data and to be able to pull data across multiple sectors and multiple marketplaces. So the sort of way forward is definitely to be looking at the big service providers and the big cloud solutions providers, knowing that there are data scientists and algorithms that are poring over that intelligence and learning from it and what to do about it and then sharing that information. All of this starts to sound like incredible science fiction, but it's not. This is what the cloud and the big data providers are all about now. So I think Gemma, you are saying: What's the response to this? Isn't it complicated? Well, yes. It is complicated, but it's been democratized. And you've got some really cool CRM services now that you can plug into, no matter how big you are and you can outsource – in effect, you're outsourcing, policing. Your trying to say head of the criminal gangs who are trying to protect yourself. You're a retailer. You're trying to do business. You're not gonna pour over hacker reports every morning. Get somebody else to do that for you. 

Ad [00:18:43] Microsoft Dynamics 365 Fraud Protection helps e-commerce, brick-and-mortar, and omni-channel merchants minimize losses, safeguard revenues, and protect their reputation. Using adaptive AI technology, Dynamics 365 continuously learns evolving fraud patterns and provides better business intelligence through connected knowledge generated from all Dynamics 365 Fraud Protection merchants.  Request a live demo today by following the link in the episode description.

Gemma [00:19:16] Is there then something to be said about awareness, too, particularly for smaller companies that perhaps kind of, you know, hear about cyber security and think, well, that's not something we can afford. We don't have an in-house IT team to build our systems, whatever. And, of course, you know, I'm hearing about this thing called cloud. But, you know, I'm a food company. I don't know anything about cloud. And as I say, I don't have these internal experts. So, you know, is it a case that as you see this democratization as a result of cloud, which is allowing for no matter what size of business to be able to afford to do these things. Are these businesses even thinking to do these things the first place and therefore seeking out? 

Steve [00:19:54] Yeah, that's a great question. What do people know about this and how do you get your information? You know, things like airline, you know, not that we're flying anymore, but the airline magazines [unintelligible], have a three page feature about cloud and what you need to know about this stuff. And, you know, awareness does filter into business people. They should also be listening to their own chambers of commerce and their own professional associations, because there's a lot of information at the right level there. I think you used the word "awareness". That's spot on. People need to know that there's some sort of big megatrend happening, like criminality or botnets or account takeover. So what do these things mean in a nutshell? And then what do you do with that awareness? How do you ask the right questions? That's actually what good analysts firms are all about. We try to make our customers ask better questions. We’re rarely going to recommend actual systems or broker solutions for people, but we're going to try and make our customers and our clients better buyers. So become aware of the issues and then go back to shop around, go back to some of the big vendors. There are big cloud vendors and CRM vendors that are now not only giving, you know, CRM started out as outsourced databases. So instead of running your own Excel spreadsheets of your leads and you and your inventory and your sales activities, outsource all of that. But now it's much, much more important because what you're getting along with it, part of that bargain, is that they're not just running your customer databases for you, but they are taking on more and more of your transaction systems and they're taking on more and more of your actual delivery and fulfillment. And the big cloud providers are pooling intelligence and above all, they're providing fraud solutions layered on top of your CRM. 

Gemma [00:21:40 Yes, it's all part of the same package in some sense, anyway. 

Steve [00:21:43] Absolutely.

Gemma [00:21:44] I mentioned at the end there the key things takeaway for businesses in terms of making sure they're reducing their risk of voters, knowing the best questions to ask, whether that's internal teams or [unintelligible] and the providers. What are those questions? 

Steve [00:21:56] In retail at the moment, especially with COVID, those questions have got to do with: where are the criminal focus points? Are people talking about payment fraud? Are they talking about interception? Are they talking about theft of physical goods in transit? And the questions are, how do we find that out? What are the things that matter to me? How can I have a conversation with my technology provider, which is responsive to what I'm in? Am I in fast moving consumer goods? Am I in apparel? Am I in fresh food. Am I in appliances? Am I in digital goods? The trends in all of those areas are distinctly different. Discount fraud, coupon fraud, chargeback fraud is different in all of those verticals. The exposure, if you're in a purely digital business, I think you've known this forever, that your exposure to fraud is much more different because there is no delivery address. So if you're selling mobile apps or software or media, you already know that your exposure is different. So the questions you need to ask are quite different. 

Gemma [00:22:56] Let's talk a little bit about some of these future technologies you mentioned AI earlier and at the start, the conversation when you were introducing yourself. You also mentioned Blockchain. I don't think I'm wrong in saying these are the two technologies that get talked about or hyped about most when it comes to cybersecurity. Can you give us a little bit of context as to how and why these technologies are being talked about and being utilized? 

Steve [00:23:17] You bet. Let's be clear that these things are totally separate. They've got separate origins, have got separate applications, and they are certainly being super hyped into cognitive blockchain and these sorts of things, which I think are way over the top. Both of these technologies are still new. AI has got a really long pedigree. AI has been the stuff of good computer science research for 40, 50 years. And it's very important. Artificial intelligence is not necessarily supercomputers playing chess and beating people. Artificial intelligence is also not necessarily about robots driving cars. The imagination is often captured by these human like robots. But in enterprise technology AI is often much more focused on solving particular problems and being able to respond. The most important thing is that AI allows computer systems to reconfigure themselves and to learn from their mistakes and to learn what's going on outside. So you'll hear terms like adaptive AI adaptive machine learning. Machine learning is basically looking for trends, running statistics, doing it automatically and being able to feed back into your CRM system. You know, let's be specific about CRM. If you are running an omni channel retail presence and you're offering different prices and different discounts at different channels and you've got a loyalty program happening maybe and you've got customers who are using their points and getting discounts, it's a complicated situation. And adaptive AI is a layer of statistics that can sit over that and can look for the trends, can look at where the discounts are being applied, can look at where fraud is coming in, and can start to adjust things, can start to at least produce alerts back to management, back to administrators as they can see these things real time. But more importantly, they could start to do things like shut down retail channels that are under attack. So if there are websites that are offering particular services, even the services themselves can be fine tuned according to what the AI is seeing out in the wild. So that's just one example. Again, this is this double edged sword, Gemma. To do it properly is really hard. The good news is that you don't have to do it yourself. The good news is that this stuff is being automated and adaptive AI, I think is really one of the most important buzzwords going around at the moment. Blockchain has its roots with cryptocurrency. It's got some good aspects. It's not necessarily an evil technology by any means. It happens to be exploited by criminals. 

[00:25:43] The underlying technology is this thing called blockchain. Some people think it's like a super duper database. It's more subtle than that. blockchain is a way of sharing information across different parties who are at arm's length and they don't share any administration. That's the magic of it. People need to think critically about what this sort of thing is good for, and certain supply chains can get great benefit from being able to auto reconcile the records, the sources of truth across complicated supply chains. But in general, we find that this sort of technology is not good for just general purpose databases. It's certainly not good for HR systems. It's not good for small, monolithic businesses that are just running their own information systems. There's just no point in outsourcing to a great big blockchain. So critical thinking, I think, is the name of the game here. 

[00:26:36] And awareness, like, people have become aware of blockchain in all sorts of weird, wonderful ways. And they think that it's a magic thing. It is magic, but it's very, very special purpose. So I get my clients to be very judicious in what they do with blockchain. And again, go to some of those big blockchain providers that can do managed service and professional services and give you some decent guidance. Yet don't rush in to blockchain. In terms of fraud prevention. It's unlikely, in my view, that blockchain is going to produce any radical fix for fraud. If you think about the cryptocurrency applications for blockchain. Cryptocurrency is very specifically about producing anonymized, electronic cash so that people can exchange electronic cash without credit card systems watching what you're doing, without banks watching what you're doing, and frankly, without government seeing what you're doing and taxing you. So there is a black market money capability and it's some for the unbanked and for a developing nations this is supremely important and really quite a good thing. What does it mean for fraud? Frankly, there's a hell of a lot of fraud happening with crypto currencies because of that light touch. There aren't a lot of regulators involved. There's no KYC – know your customer. So to get yourself a Bitcoin or cryptocurrency account, you don't need to prove who you are, provide a passport to a bank. And so that opens up a hell of a lot of fraud as well. If there was one question that might emerge in retail and for this discussion that we're having, if retailers want to accept cryptocurrency for payment, then that in itself opens up an enormous amount of fraud and exposure to money laundering, because there is that lack of supervision over cryptocurrency accounts. And you need to be aware of that. 

Gemma [00:28:14] I think it is coming back to that awareness thing, isn’t it, and just being able to see what the current landscape around e-commerce looks like. And I want to build a little bit on your point about critical thinking. When companies are, you know, say there’s someone listening to this podcast right now thinking, OK, I want to make sure my company is making sure we are really protected. We're serving the customer as well in terms of e-commerce, we’re reducing our risk as much as possible. What sort of questions should they be asking themselves in terms of being able to prioritize security while also ensuring that they're still keeping their customer experience in a state that they're happy with? And again, coming back to this haste and being able to keep up the times of being online and being competitive at the moment. 

Steve [00:28:58] It's a really good time to just take stock, pardon the pun, of the way that you go to market and the way that you capture your customers and the way that you deal with your customers, the way that you take orders, the way that you take payment, the way that you deliver. And in these days of omni channel, increasingly retailers are trying to deal with both Internet mobile apps, in some cases, are your goods completely digital or are they hybrid goods or are they traditional goods? So it's a really good time to take stock of all of those different ways that you're going to market and make sure that you're applying the same intelligence across all of those different channels. Omni channel, it's been great for customer fulfillment. But again, it opens up all sorts of opportunities for discount fraud and coupon fraud. How are you being paid? Are you being paid? Are you offering goods for loyalty points? For example, loyalty points are a tremendous kind of new digital currency of sorts that allow people to work across different channels. What should retailers do? They need to they need to know their own business. So I don't think any vendor or any consultant is going to come in and tell you how to run your business. You need to own that. But you do need to have that orchestration across the different ways that you go to market and then get technology help, then understand what the opportunities are for fraud at a high level and understand what people can do about that. So shop around the fraud prevention solutions that are being layered on top of CRM now, I think is probably the greatest weapon that we have against fraud at the moment, is to be able to take advantage of the pooled information, the intelligence, the adaptive AI and the smarts. You know, we keep talking about technology, but underlying the technology at these big cloud providers are people with enormous professional experience in different sectors. You know, I don't know anything about the aviation business. I don't know anything about running a hotel. I can tell you about tech, but you want to go to a solution provider and a business partner that not only has the tech and the engineers, but they've got those deep roots in your particular retail industry. And you'll find those big vendors will be able to help you with that expertise. 

Gemma [00:31:07] I wonder, as well as those kind of questions and advice, which is super helpful for people listening. I wonder if you might be able to share an example or two of companies that have implemented or evolved their technology to minimize their risk to fraud. But that's in current times due to COVID or before everything kicked off at the start of this year? 

Steve [00:31:25] Yeah, for sure. Now you'll know that people are really sensitive talking about their own fraud experiences. So, you know, we always are protecting changing the names to protect the innocent. Some of the best examples are coming out of things like gaming, online gaming and online gambling. These gaming houses that we've been talking to, especially in Europe, there's a lot of regulatory change in that industry as well. There's a lot of new mandates coming in to do things like proof of age and proof of residence. And so the gaming houses are availing themselves of CRM. And one particular one that we looked at were suffering enormous amounts of fraud. And they were getting their fraud figures down by about five per cent by outsourcing to a CRM. Ditto in retail. I tell this story about how twenty years ago, we didn't think that were going to buy clothes or line. Well, how wrong were we there? And now the omni channel clothing retailers using this technology in the same way. So return fraud in the apparel industry is terrible and coupon fraud or discount fraud. So we looked at one particular retailer in the UK and they’ve seen a five percent decrease in fraud across all of their channels through being able to make use of pooled intelligence to combat coupon fraud. 

Gemma [00:32:45] So my guess is that coming from there, being able to outsource to one of these providers that essentially can learn across all of the different clients, across all the different industries and being able to implement new technologies, layered upon the CRM systems, essentially, everyone is using via then. 

Steve [00:33:02] Exactly right. It's like a magic trick. You can get an eye in the sky through pool data – de-identified pooled data. There's a lot of trust involved with this. We haven't used the trust word yet. You can, by and large, trust these big vendors to be doing a good job of de-identifying data and pooling it. Firstly, because it makes good business sense. Secondly, because they're able to do it. You know, one particular vendor that I like is Microsoft in this space because of their privacy capability. They wrote the book on privacy techniques like differential privacy. And they've got an amazing set of individuals who have recently joined the organization from some of the big regulators and from some of their competitors. The privacy smarts. They're superb in everything that they do with Microsoft Dynamics is backed up by that privacy depth. And of course, the third thing is regulatory. The global companies are operating in sometimes 200 different countries and they're operating under dozens of different regulatory regimes. So retailers do the same thing. You may be a relatively small retailer, but you may be selling around the world. So what do you do about regulatory compliance with GDPR and CCPA in California, for example? Very important to be able to get into a company like Microsoft, in this case, and leverage their regulatory footprint, their compliance footprint worldwide. So, yeah, I mean, it's good business. They've got privacy smarts. And the big companies need to keep an eye on compliance on your behalf. So no matter the size of your business, you need to be thinking globally. You're trying to access global markets. And that could shoot not only into a huge fraud exposure, but also that compliance obligation. 

Gemma [00:34:40] Amazing. I will ask one final question, which is around what's the next step for them? So for people who have tuned in and heard we are saying and are convinced by what you're saying, this is something that's super important for businesses to really be thinking about. Not putting this aside and saying this is too difficult or don't get it or don't worry, it’s being covered by the vendors, whoever. What would you say is the next step for someone listening in terms of ensuring that their business is doing the most that they possibly can, regardless of size or stage of the, shall we say, tech journey that their on to ensure that they are reducing the risk of fraud as much as possible? 

Steve [00:35:17] Wow. Look, in a nutshell. And if there was a vanilla answer: have a look at those cloud providers and have a look at what it means to outsource your CRM to one of those big players. Go to their websites. There's plenty of explanatory material to make a start. If you've got a couple of hours and if you've got that sort of ability to sort through some website material, then go and do your own research - those providers. If you've got cyber security people internally or if you've got cyber security advisors, I'd go to them and ask them a really good question. Don’t just ask them what to do. Go to them and say, look, we're hearing about cloud CRM. What are my options? And let's try and set up a pre-sales call with those people. But do it with your cyber security advisors who are going to help keep that conversation honest. You don't want to get bamboozled by a whole lot of sales talk early on, but equally, don't be frightened by that. You know, you've got to put a toe in the water. And if you can do that with some people on your side, some friends and some cyber security people, then start having that conversation. The thing about cloud, too, is that you can try before you buy or you can try before you buy a lot. This is not like going out and buying a whole lot of software and installing it and spending months and months getting it right. You can run trials. You can, for example, if you've got multiple websites or multiple retail outlets, some bricks and mortar outlets. 

[00:36:39] You can pick off a number of points of sale and you can start to apply some of these cloud based CRM services selectively. So certainly your exposure, your commitment can be staged. You're not committed fully upfront. You can start to get some feedback. And if you're a medium sized business and you're a potentially important customer, you'll get a lot of essentially free presale service from these organizations that are going to be wanting to help you ask the right questions. And start asking questions. You know, this is relatively urgent. There's no need to panic. But equally, if you’re just still sitting around in another three months wanting what to do about fraud, then you're going to lose money in the meantime anyway. But more importantly, the opportunity costs of delaying these decisions is going to come back and get you something terrible. 

Gemma [00:37:25] I think that’s going to be a good note to end on both in terms of it being an call to action, but hopefully as well a bit more of a positive kind of – there's things you can do as opposed to just being bamboozled by what's in front of you. So, Steve, thank you so much for joining us on the show. 

Steve [00:37:40] Hey, Gemma. Any time. It’s been great. 

Gemma [00:37:45] That's it for this week. Thank you so much for tuning in. You can find out more about Steve's work and indeed some of the broader themes we discussed today in the show notes. Don't forget to subscribe to the podcast. And tune in next time to continue our conversation about innovation, resilience, and our capacity to succeed.

Ad [00:38:06] Learn how Microsoft Dynamics 365 Fraud Protection helps e-commerce, brick-and-mortar, and omni-channel merchants minimize losses, safeguard revenues, and protect their reputation. Request a live demo today by following the link in the episode description.