How Enterprise Ecommerce Businesses Should Benchmark Fraud
“There’s no such thing as 0% fraud for enterprise merchants. Their focus should be on reducing fraud as low as possible and managing the expectations of their executive team.”
Rafael Lourenco, ClearSale Executive Vice President & Partner
When we talk to enterprise ecommerce clients, we discuss their goals and benchmarks, setting relevant expectations thresholds to warn internal teams that your fraud rate might be approaching the “danger zone.”
These thresholds aren’t set in stone either – they vary by country and industry.
- For example, in Mexico, where fraud rates are higher and institutions are less involved in gatekeeping, a chargeback higher than 0.5% and/or an approval rating lower than 90% is a sign of a problem.
- In the United States, on the other hand, a chargeback rate higher than 0.3% and/or an approval rate lower than 98% signals an issue.
There are several other justifications for elevating your data science capabilities.
Data Provides a Big-Picture View for Enterprise Ecommerce Businesses
Enterprise ecommerce businesses tend to not share data, so the information you have is usually limited to your own customers.
However, this puts enterprise retailers at the risk of being blindsided by fraud trends that originated in other industries or countries. After all, how can you expect to detect a fraud trend that originated in Australia when you have no customers there?
Having access to data across industries and countries allows you to improve your capacity to identify and stop fraud – based not just on a narrow cross-section of customers in your specific market but on trends occurring around the world.
“We inform our clients about what’s happening elsewhere in the world whether it applies directly to them or not. They find out about trends and what is being done to successfully address them.”
Rick Sunzeri, ClearSale Client Solutions Director
Data Identifies Ecommerce Fraud as it’s Happening
Some retailers assume a fraudulent transaction was an isolated incident and move on. But fraudsters don’t work like shoplifters who slide a piece of jewelry under their jacket and slink out the door. Their attacks are orchestrated and multi-faceted. Where there’s one fraudulent transaction, chances are, countless more are also happening at the same time.
When an enterprise’s team does find a fraudulent transaction and prevents it from being processed, it’s a small win, but it doesn’t really count unless the team also finds the swarm of other fraudsters who came along for the ride.
Data makes it easier to detect these types of attacks … once your team has access to the expertise needed to use it with precision.
Data Provides Training for Your Fraud Team
It’s also not enough to find fraud while it’s happening and stop it. Enterprise fraud teams also need to take a retrospective view to understand how historically accurate their decisions have been, so they can continue to get smarter.
This improves the maturity of their fraud team, increases precision in approval rates and maximizes revenue.
At ClearSale, we perform batch analyses of transactions after processing to determine if the right decision was made. Not only does this educate the customer, but it also provides training and insights they wouldn’t typically have … and a team of data scientists analyzing the client’s fraud and markets.
What about deny/allow lists?
A common practice among enterprise businesses is to automatically deny or allow certain customer transactions. It’s not a practice we recommend.
For example, let’s say your company decides to automatically allow every transaction associated with your C-suite. On the surface, this seems to make sense. Your executives are VIPs after all, and it’s not uncommon to offer them perks.
But executive employees aren’t immune to data hacks or account takeovers. If anything, they could even be your company’s biggest internal targets because of their data access permissions.
So if a fraudster gets his hands on any of your executives’ credentials, they will hit the jackpot. Every transaction will be approved, because those approve lists are typically independent of any order analysis or review. Allow-list transactions get approved carte blanche, and your company will have absolutely no clue that there is an issue … until the executive checks their account activity.
The same goes for deny lists. (These were traditionally called “blacklists,” but ClearSale and other ecommerce industry leaders are moving away from this type of naming convention.)
Deny lists are used to automatically decline transactions associated with specific names, addresses, email addresses and select other factors, for a variety of reasons.
The problem with deny lists is they are also applied outside of transaction analysis or review, so your company learns nothing from these automatically declined transactions – you get no insight about patterns and habits. And what if the identifiers are linked to a valid customer whose information was stolen?
You’re losing valuable data that can help inform your team and your process.
Instead of being a filter, your lists should act as an alert: Flag VIP transactions for automatic approval (just in case) while applying machine learning to detect any suspicious activity the VIP should be alerted to. Similarly, flag “deny” list transactions for further screening and data gathering, to make sure they really should be declined. By arming your ecommerce department with data, you can take a step toward having a sustainable fraud team.