For ecommerce merchants the key question in fraud prevention is: What combination of technology and strategies can maximize the number of approved legitimate sales?
The easiest solution, in theory, for any single merchant would be to get rid of most fraud prevention measures and eat whatever costs are incurred by actual fraud. Merchants as a group actually lose much more money to legitimate customer transactions blocked by poorly designed fraud prevention systems than to actual fraud by a factor of 12 to 1. The problem is that the credit card networks are obliged to ensure that the entire community of network stakeholders – and their own bottom-line – is protected from significant fraud losses. They do this by forcing merchants to enact anti-fraud measures to keep chargeback rates in-line with the threat of fines, higher interchange fees and/or denial of service from acquirer banks if a merchant’s chargeback rate exceeds industry norms.
Rules of the game
Well, if the rules of the game are already established, how can merchants solve the problem in a way that increases their revenue and net profit from today’s status quo? I think the basic contours of the solution are agreed upon by most people in the ecosystem and are fairly clear:
The reason is simple: Within the bounds set by the credit card network’s industry chargeback rate guidelines, it should be better for merchants to let thru more dubious but legitimate transactions even at the expense of additional chargebacks. Only when a merchant is already close to or exceeding the chargeback rate guidelines, should the solution they implement focus more on reducing chargebacks at the expense of additional legitimate revenue. Otherwise, these merchants may lose their acquirers or lose significant profit margin due to fines and higher interchange fees.
For merchants that don’t already face excessive chargeback rates, the key is to reduce customer friction in the checkout process. Any solutions, such as 3-D Secure and most biometric options, that require additional action and/or hardware from the consumer are bound to increase checkout friction and reduce the amount of sales whether or not they reduce actual fraud. The only two types of solutions that are truly passive, i.e. they don’t require any change in behavior on the part of the consumer, are solutions based on identity information and visitor behavior data.
Simple, elegant solution
The simplest way for merchants of all sizes to do that is by using identity data, such as phone number verification, email address verification, physical address verification and more. All these data points are already provided by customers during checkout to ship and receive confirmation of their order, so no extra work on their part is required.
Meanwhile, the merchant can check all these data points against Pipl’s search index and identity resolution engine to see if these data points are contained in the index and can be verified as belong to the individual in question. For example, if typing in the email address Fab1992@hotmail.com in pipl.com leads to the name on the order and credit card, the risk of the order being fraudulent is low.
Pipl will also provide an identity profile that will show the merchant other information connected to the customer, whether additional contact details, social media accounts or job history and past residence locations.
This information can be used by all types of merchants with all sorts of logistical requirements:
Sometimes relying solely on identity data solutions may not be enough. For example, some data points such as email addresses and phone numbers are missing from the databases of all major data suppliers on the market, despite the contact info provided being legitimate. The absence of confirming data cannot be taken as proof of fraud. It is also possible, although incredibly infrequent, for a fraudster to hijack a person’s legitimate accounts to engage in fraud, in which case people data will authenticate the relevant information, since it is in fact correct.
Adding a behavioral protection layer
Using behavioral data is a great way to further filter transactions that cannot be clearly approved or rejected based on identity data. Major fraud platform providers as well as industry consultants have gained quite a lot of knowledge regarding behavior frequently associated with fraudulent purchases.
Some examples:
But why can’t you just use behavioral data to filter out fraudsters?
Behavioral data used by itself has two problems: the need for huge scale to be effective and the likelihood that fraudsters will adapt their behavior over time to fool algorithms.
For starters, behavioral data is popular because the data itself is free or very cheap to access for any merchant that control’s their own website and check-out page. The problem is that there really is no free lunch. Without the expensive manpower and infrastructure to collect and analyze the vast amount of behavioral data your site visitors will be generating, your behavioral data will produce nothing of value. That means you must hire, train and support a talented group of data scientists to develop algorithms that maximize the percentage of legitimate transactions approved without spiking your chargeback rate.
After they achieve your goals, they also can’t rest on their laurels because the fraudsters don’t rest. Fraudsters will find ways to alter their behavior to get past your originally effective algorithm. That means you have to continue paying and supporting your data science team so they can continually tweak the behavioral fraud detection algorithms as fraud patterns adjust over time.
In addition, to minimize the number of legitimate transactions blocked because of random, atypical behavior by legitimate visitors to your site, you will need a very large sample of training data (read: potentially millions of transactions). The resource and data set size requirements for effective behavior based fraud prevention set a high bar that only make clear operational and economic sense for large retailers dealing with many millions of transactions per year. Everyone else has to judge on a case by case basis whether the behavioral based fraud prevention solutions offered on the market truly make sense for their retail operation.
Practical tips for implementation
There are a variety of ways to implement an identity data + behavioral analysis solution for your ecommerce transactions. Many sizable companies prefer to access all their data and fraud tools via a single fraud platform like Accertify or ThreatMetrix. These platforms usually have pre-existing API integrations with data suppliers to make it easier for merchants to pick and choose what data sources they want with relative ease. Meanwhile, some of the largest e-commerce operations build their own fraud prevention systems in-house and for this they can hook up directly to Pipl and other data providers to integrate the right data into their workflow.
Regardless of automated review products, all merchants that conduct their own manual review of transactions can and do take out subscriptions for manual search tools like Pipl Pro to enhance the speed, accuracy and efficiency of their fraud analysts
To find out more about your options for identity data, read more on Pipl’s website or fill out this contact form.
Original blog post written by former Pipl Technology Evangelist Ronen Shnidman. Ronen is now Managing Editor @ about-fraud.com