Goldilocks Fraud Prevention
Like the famous fairy tale character’s quest for the perfect meal and a nice place to crash, online merchants must look for a fraud screening recipe that is “just right.”
If your fraud screening is too permissive you process stolen funds through your ecommerce site and subject your business to high refund rates, chargebacks, fees, fines, a bad reputation and ultimately an inability to process credit card transactions online. If your fraud screening is too strict you risk false positives (declining valid orders), delayed orders from manual screening, unsatisfied customers and an overworked fraud prevention team.
While joining organizations like the Merchant Risk Council helps people understand the latest strategies in fraud prevention, exceptional fraud prevention depends on building a team of fraud prevention specialists with a broad range of specialties and critical capabilities.
This is why businesses rely on third party service providers for fraud prevention. But what if your outsourced fraud prevention team is not helping your business in the most efficient manner? The following list of tools and skills helps merchants understand what makes a superior fraud prevention team.
A world class fraud prevention tool is able to identify key elements of a transaction. Fraud prevention specialists understand that none of these elements on their own indicate a fraudulent order. It’s only through training, experience and pattern recognition that allows someone to see how all these elements interact with each other and identify a pattern that indicates a fraudulent order. Still the following is a list of important indicators that help identify a fraudulent order:
- Types of email user names – Fraud prevention specialists understand the differences between a name-based (johnsmith01) email address versus an interest-based (moviefan34) email address.
- Types of email domain names – Is an order with a free-mail domain name indicating fraud more than a business domain name (gmail.com versus businessname.com)?
- Order history – Is this customer already in your database?
- Negative database – This part of the fraud prevention toolkit allows merchants to blacklist orders that come from a specific address or some other element that indicates a likelihood of fraud.
- Certain geographic regional fraud trends – A sophisticated fraud prevention tool should be able to identify orders that come from regions with heavy fraud risks. These trends aren’t limited to countries, but include the ability to drill down into smaller regions and understand more provincial or urban patterns of fraud.
Again, none of these elements on their own point to a fraudulent order necessarily. Using a proxy to protect your privacy is certainly a legitimate use of technology, especially in the wake of the PRISM scandal and other similar considerations. But a proxy session that comes from a heavy fraud region may indicate a risky transaction. Another key component of successful fraud prevention is an adaptive tool which can be adjusted on the fly. Using adaptive tools increases your chances of stopping ongoing attacks from fraudsters while also allowing valid orders to be processed which increases conversion rates.
When it comes to identifying patterns, a young child can outperform even the most complex algorithms. As critical as it is to have useful fraud prevention tools, strict reliance on software to handle your fraud screening leaves you declining some valid orders through your site or admitting fraudulent ones. In addition to the following specialties, fraud prevention specialists must be able to analyze and think critically about different sets of data. They must also be able to make independent but effective decisions when it is unclear whether an order is secure or not.
It’s important that members of your fraud prevention team understand how fraud is perpetrated differently depending on what type of payment method a fraudster is trying use. This is especially important in global ecommerce where customers in different countries use a variety of payment methods.
Several years ago, measuring how long a website visitor stays on a shopping cart page was an effective measure of fraudulent activity. If the visitor completed the checkout process in a couple seconds it increased the likelihood that this might be some sort of automated fraudulent activity. Nowadays it is very common for average consumers to use browsers that autofill personal information when filling out shopping cart forms. The automation goes so far as to automatically populate credit card numbers. Also, fraudsters figured out how to automatically lengthen the purchase duration, negating the efficacy of this metric for determining whether an order is fraudulent or not. This is why it is important for fraud prevention specialists to understand the latest technological innovations that fraudsters use to conduct their nefarious operations. Often, these technologies are developed and used to solve legitimate business opportunities but fraudsters take these powerful tools and use them to steal from online businesses.
Create a Fraud Prevention Strategy Now
A billion dollar corporation that processes millions of transactions every month can afford high refund and chargeback rates. The payment service providers and merchant acquirers for these businesses are highly interested in retaining their massive transaction volume and are therefore more lenient with them in terms of refund and chargeback rates. This is not the case for most online businesses. Most of you reading this article have contracts with merchant acquirers and payment service providers stating that after a certain threshold of chargebacks are reached, you are longer allowed to accept payments online through your webstores. For a digital goods manufacturer not being allowed to accept online payments is the death knell of your business.
A skilled and knowledgeable fraud prevention team armed with empowering tools can look at the details of any transaction and make the most effective decision possible as to whether it is secure or not. These effective decisions have a significant impact on your bottom line.
Tim Russo contributed to this blog post