When it comes to fraud, the worst mistake is to stick your head in the sand and hope it won’t affect you. When looking for a way to guard against fraud, however, there are several different options from which you can choose and a number of things to keep in mind when making a decision.
The first typical line of defense against fraud is the fraud filter.
Fraud filters are provided by your e-commerce platform and designed to identify potentially fraudulent orders and prevent them from being processed. They work in multiple ways, depending upon which one you use:
- Velocity filters limit how many sales can be submitted to your website during a given
time period. This prevents fraudsters with lists of stolen credit card numbers from testing them all on your business.
- An address verification service (AVS) declines or flags transactions when the billing and shipping addresses don’t match to keep card thieves from having merchandise sent anywhere but to the cardholder.
- A Time-of-Purchase filter can flag or even block transactions that happen during timeframes when fraudulent transactions are more likely to occur.
A card verification value (CVV) filter looks for errors in the CVV number being submitted.
A purchase amount filter flags high-dollar transactions that fall outside the business’s typical range.
IP Address mismatches can flag transactions in which the customer’s IP address and shipping address don’t match, a potential fraud indicator.
While these filters can offer a fair amount of protection, they’re far from perfect. For example, during peak sales times like Black Friday, velocity filters can slow sales down and result in customers being turned away.
Similarly, during the holidays, AVS filters can create a large number of false declines: If a customer purchases a gift item, or if they request an order be shipped to their work address instead of home, the AVS filter might decline the legitimate transaction.
Some merchants try to solve these issues by layering multiple levels of fraud filters. However, if the filters aren’t applied in the correct order, some rules could wind up being contradictory to other rules, and the merchant may end up exposed to even more levels of fraud or false declines.
The Dangers of False Declines
The topic of false declines naturally comes up when talking about fraud filters, but what ARE false declines?
False declines take place when legitimate transactions get caught up in the merchant’s (or e-commerce site’s) fraud filters and are inadvertently declined. Examples of false declines include:
A grandmother buys gifts and has them shipped directly to her grandkids, but the AVS filter flags the orders as fraudulent.
A couple is travelling out of the country, and while ordering something online to be delivered to their home, the fraud filter declines it based on their current location.
A merchant has the good luck of a product going viral online, but the sudden influx of sales triggers the velocity filter, turning away scores of customers.
False declines are a massive concern, with losses due to false declines predicted to grow to $443 billion by 2021, dwarfing the estimated $6.4 billion in e-commerce fraud losses.
In addition, false declines can have a nasty ripple effect. They’re embarrassing and inconvenient for customers, who in turn react negatively:
19% of cardholders will refuse to shop with a merchant after a false decline, while 24% decrease their purchase levels with the merchant. For businesses that sell high-end goods that typically have a smaller sales volume, like cars, travel or luxury goods, losing even one customer can be devastating.
According to an American Express study, U.S. consumers tell an average of 11 people about good customer service experiences, but they tell 15 about poor experiences. And if they do their talking via social media, complaints can easily be seen by thousands of people.
Many merchants, when trying to protect themselves against fraud, can find themselves implementing fraud rules and filters that are too strict and inflexible. In trying to protect themselves from fraud losses, they end up incurring even greater losses due to false declines.
For this reason, many e-commerce and multi channel merchants choose a more sophisticated fraud management solution.
Manual Fraud Review
Manual fraud review is just that: a team of individuals reviewing each transaction (or a selection of transactions) to detect fraud. This can be done in-house through a fraud-review team that analyzes orders, or through a third party, where the merchant sends orders that seem “iffy” to a vendor for them to analyze.
Manual fraud review has pros and cons:
Advantages of Manual Fraud Review
On one hand, people tend to be better at understanding context than automated fraud filters. Trained fraud experts can look at each situation individually instead of blindly adhering to preset rules.
These experts can also dig quite deep while investigating, for example, by performing reverse lookup searches on addresses and phone numbers, calling a bank to verify records, and even calling the customer to ask authentication questions.
Disadvantages of Manual Fraud Review
On the other hand, manual review is very time – and resource-intensive. Even the best manual reviewer can’t work as quickly as a computer program, so customers may have to wait slightly longer to be approved for their orders.
Also, the effectiveness of the review is only as good as the expertise of the individual staff members performing the review. If you want to keep your manual review team in-house, you’ll need to hire experienced staff or pay to train them. And if you have a high turnover of employees, your results with manual review may be inconsistent. Outsourcing your manual fraud review may solve these issues.
Because of the increase in both the quantity and sophistication of fraud attempts, many companies are turning to technology. Software that relies on machine learning or artificial intelligence (AI) can provide a fast and reliable way to screen out fraud. These programs rely on mathematical algorithms and data to identify fraud trends and patterns.
Because no humans are involved in this form of fraud detection, machine learning is scalable and consistent, applying the same level of scrutiny to every transaction.
Unfortunately, this consistency can be a double-edged sword. Fraud solutions that rely solely on machine learning can be inflexible. Different industries, and even different merchants within the same industry, may experience different
fraud attempt patterns that slip under the AI’s radar – not to mention new types of fraud that won’t be part of the algorithm’s database until it’s updated.
Lastly, false declines tend to increase when using only AI/machine learning, since there is no human intuition or analysis. A program won’t be able to call a long time client to get more informatIon; instead, it will instead simply decline the purchase. But what if this client was simply shopping online while travelling abroad? You’ll lose the sale and possibly the customer, too.
Fraud Managed Services
Fraud managed services incorporate a two-pronged approach:
... and protect the merchant
if a fraudulent transaction
does slip through
The managed services solution does this by blending a fraud protection strategy, chargeback management strategies, and a team of trained fraud analysts. The solution can be used in place of an expensive internal fraud team or to supplement an in-house team, particularly during times of increased sales volumes.
Typically, as an order comes in, it is screened in real time using automated technology that may include geolocation, email validation, fraud filters, machine learning, and fraud score.
However, at no point is an order automatically declined. Instead, any order that fails to pass the initial screening is sent to human analysis. There, a team of expert analysts reviews the order to see if data is missing, compare the order to typical cardholder or store behavior, and contact the customer for further authentication if needed.
There are major advantages to this approach: