An increasingly popular option in ecommerce right now is the ability to shop, order and buy a product online from a merchant and then pick it up at a nearby store, as there are quite a few advantages to this omnichannel option. For retailers, particularly those who have both many physical locations and an ecommerce site (e.g. Walmart), it offers the lucrative potential of in-store shopping.

Since the customer is already in the store, they may buy additional items. Customers on the hand don’t have to worry about missing a package delivery (or package theft from their doorstep while they’re at work), and can pick up their merchandise at the retailer’s location closest to them.

The challenge of hybrid shopping

This seemingly easy process, however, exposes online retailers to a range of fraud-related vulnerabilities. Take for example the fact that there’s no shipping address for them to utilize in their fraud prevention system. Shipping addresses are useful for cross-checking against the billing address (in turn verified via AVS), matching against 3rd party databases, and matching against the proximity of the IP address.

Furthermore, since customers pick up their purchase in a store, retailers could theoretically protect themselves and work around the shipping address issue by verifying that the person picking up the merchandise actually has the credit card that was used to place the order and that they have a valid ID which matches the name on the card. Yet in practice, there are legitimate reasons why the person picking up the product at the store isn’t the same person who ordered it online. A parent could have placed and paid for the order, but sent their son or daughter to retrieve it. A small business could have placed an order and sent an employee to pick it up. Such cases prevent retailers from successfully using ID or possession of the credit card as proof of identity.

Therefore, the burden of fraud prevention shifts to the online portion of the process.

The lack of a shipping address for these kinds of transactions makes fraud prevention harder, and therefore, fraud easier. That’s why retailers try employ more manual review for these types of orders, but that’s not a real fix since it just makes their job harder. After all, they’re just trying to connect dots and figure out the story behind the order. It’s a time and resource-intensive undertaking, which can easily create a backlog during times of high sales volume.

A defense built on data?

To protect themselves from fraud while at the same time offering convenience to their customers, online retailers can employ two basic tactics:

Collect more data during the online ordering: Website beacons (small pieces of additional code which track and gather info from visitors) are particularly useful for this. Useful data includes device fingerprinting, proxy detection and browsing history (what was their browsing session like? Does it match what you’d expect from a legitimate order?). Of course, more data collected means more data to weigh and consider. It’s no wonder that machine learning is becoming a standard tool in this space.

It’s the quintessential big data problem: plenty of data points about each order, and plenty of orders means plenty of computation. A case in point is Riskified, which employs a range of ecommerce fraud prevention tools

Use manual review only for extremely tricky cases which get declined: Remember the old advice about credit cards: “only use in an emergency”? Adopt that as your new mantra for manual review.

The combination of online ordering and in-store pickup can be the perfect situation for both retailers and their customers, but only if the right solutions are in place and manual review is carefully handled. Shopping flows can be smooth and offer a great experience for customers, fraud can be prevented, and revenue can easily grow.