When it comes to fraud, the worst mistake is to stick your head in the sand and hope it won’t affect you. When looking for a way to guard against fraud, however, there are several different options from which you can choose, and a number of things to keep in mind when making a decision.
The first typical line of defense against fraud is the fraud filter.
Fraud filters are provided by your e-commerce platform and designed to identify potentially fraudulent orders and prevent them from being processed. They work in multiple ways, depending upon which one you use:
- Velocity filters limit how many sales can be submitted to your website during a given time period. This prevents fraudsters with lists of stolen credit card numbers from testing them all on your business.
- An address verification system (AVS) declines or flags transactions when the billing and shipping addresses don’t match to keep card thieves from having merchandise sent anywhere but to the cardholder.
A card verification value (CVV) filter looks for errors in the CVV number being submitted.
A purchase amount filter flags high-dollar transactions that fall outside the business’s typical range.
While these filters can offer a fair amount of protection, they’re far from perfect. For example, during peak sales times like Black Friday, velocity filters can slow sales down and result in customers being turned away.
Similarly, during the holidays, AVS filters can create a large number of false declines: If a customer purchases a gift item, or if they request an order be shipped to their work address instead of home, the AVS filter might decline the legitimate transaction.
Some merchants try to solve these issues by layering multiple levels of fraud filters. However, if the filters aren’t applied in the correct order, some rules could wind up being contradictory to other rules, and the merchant may end up exposed to even more levels of fraud or false declines.
The Dangers of False Declines
The topic of false declines naturally comes up when talking about fraud filters, but what ARE false declines?
False declines take place when legitimate transactions get caught up in the merchant’s (or e-commerce site’s) fraud filters and are inadvertently declined. Examples of false declines include:
A grandmother buys gifts and has them shipped directly to her grandkids, but the AVS filter flags the orders as fraudulent.
A couple is travelling out of country, and while ordering something online to be delivered to their home, the fraud filter declines it based on their current location.
A merchant has the good luck of a product going viral online, but the sudden influx of sales triggers the velocity filter, turning away scores of customers.
False declines are a massive concern, causing merchants to lose over $118 billion in sales per year — 13 times more than losses to actual e-commerce fraud.
In addition, false declines can have a nasty ripple effect. They’re embarrassing and inconvenient for customers, who in turn react negatively:
32% of US customers will refuse to shop with a merchant after a false decline. For businesses that sell high-end goods that typically have a smaller sales volume, like cars, travel, or luxury goods, losing even one customer can be devastating.
According to an American Express study, U.S. consumers tell an average of nine people about good customer service experiences, but nearly twice as many (16) about poor experiences. And if they do their talking via social media, complaints can easily be seen by thousands of people.
Many merchants, when trying to protect themselves against fraud, can find themselves implementing fraud rules and filters that are too strict and inflexible. In trying to protect themselves from fraud losses, they end up incurring even greater losses due to false declines.
For this reason, many e-commerce and multi-channel merchants choose a more sophisticated fraud management solution.
Manual Fraud Review
Manual fraud review is just that: a team of individuals reviewing each transaction (or a selection of transactions) to detect fraud. This can be done in-house through a fraud-review team that analyzes orders, or through a third party, where the merchant sends orders that seem “iffy” to a vendor for them to analyze.
Manual fraud review has pros and cons:
Advantages of Manual Fraud Review
On one hand, people tend to be better at understanding context than automated fraud filters. Trained fraud experts can look at each situation individually instead of blindly adhering to pre-set rules.
These experts can also dig quite deep while investigating, for example, by performing reverse lookup searches on addresses and phone numbers, calling a bank to verify records, and even calling the customer to ask authentication questions.
Disadvantages of Manual Fraud Review
On the other hand, manual review is very time and resource intensive. Even the best manual reviewer can’t work as quickly as a computer program, so customers may have to wait slightly longer to be approved for their orders.
Also, the effectiveness of the review is only as good as the expertise of the individual staff members performing the review. If you want to keep your manual review team in-house, you’ll need to hire experienced staff or pay to train them. And if you have a high turnover of employees, your results with manual review may be inconsistent. Outsourcing your manual fraud review may solve these issues.
Because of the increase in both the quantity and sophistication of fraud attempts, many companies are turning to technology. Software that relies on machine learning or artificial intelligence (AI) can provide a fast and reliable way to screen out fraud. These programs rely on mathematical algorithms and data to identify fraud trends and patterns.
Because no humans are involved in this form of fraud detection, machine learning is scalable and consistent, applying the same level of scrutiny to every transaction.
Unfortunately, this consistency can be a double-edged sword. Fraud solutions that rely solely on machine learning can be inflexible. Different industries, and even different merchants within the same industry, may experience different
fraud attempt patterns that slip under the AI’s radar – not to mention new types of fraud that won’t be part of the algorithm’s database until it’s updated.
Lastly, false declines tend to increase when using only AI/machine learning, since there is no human intuition or analysis. A program won’t be able to call a long-time client to get more informatIon, and will instead simply decline the purchase. But what if this client was simply shopping online while travelling abroad? You’ll lose the sale and possibly the customer, too.
Fraud Managed Services
Fraud managed services incorporate a two-pronged approach:
... and protect the merchant
if a fraudulent transaction
does slip through
The managed services solution does this by blending a fraud protection strategy, chargeback management strategies, and a team of trained fraud analysts. The solution can be used in place of an expensive internal fraud team or to supplement an in-house team, particularly during times of increased sales volumes.
Typically, as an order comes in, it is screened in real time using automated technology that may include geolocation, email validation, fraud filters, machine learning, and fraud score.
However, at no point is an order automatically declined. Instead, any order that fails to pass the initial screening is sent to human analysis. There, a team of expert analysts reviews the order to see if data is missing, compare the order to typical cardholder or store behavior, and contact the customer for further authentication if needed.
There are major advantages to this approach:
- Because no transaction is automatically declined, the merchant’s rate of false declines is greatly reduced.
Expert human analysts can quickly spot new fraud trends, and flag them for insertion into the AI’s algorithms.
- The human analysts can work alongside an in-house fraud team, or in consultation with the client, bringing specific business/industry insight to their fraud screening.
- The solution is easily scalable for peak sales times, while still providing specific review of each flagged transaction.