Ecommerce fraud can quickly drain the bottom line of even the most successful ventures. The risks around online card fraud, known as card not present (CNP) fraud, continue to grow. Fraudsters keep finding new and creative ways to exploit ecommerce merchants and their customers, and to evade the many layers of fraud protection that have been put in place.
In this article we offer four top tips to help ecommerce merchants manage the risks around fraud, including how to reduce the costly chargebacks that are the inevitable result of CNP fraud and how to avoid the trap of false positives, which can add to an extremely high cost to merchants, even when compared to the cost of CNP fraud in itself.
- Apply anti-fraud criteria to incoming orders
There is no reason for ecommerce vendors to simply sit back and accept the impact of losing money due to CNP fraud, which is the typical result of a fraud-related card refund (also known as a chargeback). Even basic internal criteria can stop the flood of fraud, as long as these are well judged and not too blunt. Though fraudsters are great at hiding their intentions throughout the ordering process, fraudulent transactions can leave tell-tale clues. Ecommerce operators can filter transactions against a set of rules on either an automated or manual basis, and by doing so catch out transactions which are going to result in a chargeback.
Criteria that should be monitored include anti-fraud blacklists, obtainable from outside sources; card security criteria such as the address verification system (AVS) as well as order characteristics such as order sizes and shopping cart contents. Ideally merchants should deploy a sophisticated algorithm that scores transactions on a mix of criteria. Rejecting a transaction based merely on a single data point can lead to an unnecessarily high number of false positives.
- Outsource fraud management
At the dawn of the ecommerce revolution, merchants were left to fend for themselves, with few options in the way of getting help with fraud risks. The growing number of ecommerce merchants combined with the interoperability of internet technologies means that a number of excellent anti-fraud vendors have emerged that can directly integrate with common ecommerce platforms. These vendors act both as advisors and as middle-men: sifting through transactions, in real-time, on behalf of merchants.
Specialist fraud protection vendors build such a high degree of expertise that they are able to offer chargeback protection to ecommerce merchants, effectively refunding a merchant if a chargeback is incurred due to fraud. This is because fraud protection vendors smartly deploy economies of scale: even a small ecommerce operation can benefit from the vendor’s experience across verticals. There is also sophisticated technology expertise including machine learning plus a large head count dedicated to fraud prevention. This critical mass of fraud insight is especially valuable to smaller merchants that cannot afford a large internal fraud review team, with larger operators also standing to benefit.
- Engage help in tricky areas
A variety of reasons can lead merchants to conclude that managing fraud in-house is a better option, but that does not imply that external help is off the table. For example, gift cards is a particular risk category with the presence of a gift card significantly reducing the fraud-screened approval rates of shopping carts. Merchants may conclude that risky orders such as these should be referred to an outside anti-fraud vendor with the necessary expertise.
Outside vendors can also help when the internal team is overloaded with work. Vendors could be further integrated into the shopping process by, for example, providing a fraud risk score for each transaction. At a certain threshold, transactions would be referred for evaluation by the internal team and, based on the merchant’s own criteria, an approve or decline will be assigned.
- Watch out for false positives
Though merchants should do everything in their power to avoid letting a fraudulent transaction through, they should be equally vigilant against the cost of false positives. A false positive occurs when a valid transaction from a genuine customer is incorrectly declined based on anti-fraud criteria. A single false positive can be very costly, losing not just the revenue pertaining to the declined transaction, but potentially all future revenue from the customer.
Managing the issue of false positives is not trivial, with a 2017 report by Javelin finding a false positive rate of 11-14% at the payment stage alone. This presents a huge loss of business. Avoiding false positives in part relies on avoiding blunt anti-fraud measures and instead opting for more sophisticated systems that intelligently apply rules. Ideally, merchants should rely on anti-fraud measures that can incorporate machine learning as these systems can rapidly adapt to changing customer behavior – and the changing behavior of fraudsters.
Fraud risk management is key to ecommerce success
Ecommerce vendors should be aware of fraud risks and act accordingly. However, fraud management is a complex arena, and factors such as the cost of false positives cannot be ignored. Some merchants may feel they have the desire and capacity to build internal fraud review teams that have the required expertise to make balanced judgements, speedily processing transaction while avoiding false positives. For others, the involvement of a fraud protection expert will be of great value, whether it is on a full-on outsourced basis, or to assist where internal teams struggle.