Chapter 5:
Comparing Fraud Prevention Options

Fraud Filters

When we talk to small businesses about fraud prevention, the most common response we hear is that they already have fraud filters in place.

How fraud filters work

Fraud filters are usually built into your ecommerce platform. They’re designed to identify potentially fraudulent orders and prevent them from being processed, and they function differently, depending on which one you use:

• 

  Velocity filters limit how many sales can be submitted to your website during a given time period. This prevents fraudsters with lists of stolen credit card numbers from testing all of them by flooding your site with orders.

• 

  Address verification service (AVS) is a filter that declines or flags transactions when the billing and shipping addresses don’t match. These are intended to keep credit card thieves from having merchandise delivered to another address.

• 

  Time-of-purchase filters are used to flag or block transactions during a specific timeframe – usually when fraudulent transactions are more likely to occur, such as holidays and special sales.

• 

  Card verification value (CVV) filters look for errors in the CVV number being submitted.

• 

  Purchase amount filters flag high-dollar transactions that fall outside a typical transaction amount.

• 

  IP address mismatches can flag transactions where the customer’s IP address and shipping address don’t match, a potential fraud indicator.

Fraud filters are commonly included in ecommerce platforms (the ecommerce platforms for small and medium size businesses that integrate with ClearSale all offer fraud filters.)

Fraud filters do have a downside

While fraud filters have value and can provide insight into what is happening on your ecommerce site, they can also create more problems than they solve.

Some businesses try to solve any issues with fraud by layering multiple levels of fraud filters. But without intimate knowledge of fraud trends, cues and other factors, those businesses end up with filters that either negate each other or completely block all sales.

For example, your best customer might be on vacation when she remembers that her friend’s birthday is coming up, so she places an order from her phone while in her hotel room. A fraud filter might identify that the geographic location of the device is different from the credit card account address and therefore decline that transaction – even though it is in fact legitimate.

The bottom line: Fraud filters are an important part of a fraud solution.

While fraud filters do put ecommerce businesses at risk of increasing false declines and lowering your approval rate, they are very effective for identifying which transactions should be flagged for further analysis and manual review.

Pros:

• Inexpensive: Fraud filters come standard on most ecommerce platforms.
• Easy to set up: Ecommerce platforms like Shift4Shop, Shopify, PrestaShop, and OpenCart are incredibly easy to set up.
• No integration required.

Cons:

• High risk of false declines: Fraud filters don’t have the artificial intelligence to “learn” behavior, so a transaction that looks fraudulent is assumed to be fraudulent, whether it is or is not.
• No option for manual review: If a valid transaction is declined, businesses will likely anger the customer, lose the sale, and risk a bad review on social media.
• Few options for customizing: Ecommerce businesses would need to have their developers or a consultant customize standard filters.
• Potentially lower approval rate: The order in which fraud filter rules are applied can result in some rules contradicting others, which can reduce the number of approved transactions.

Secondary Fraud Review

Secondary fraud review is just that: a team of individuals manually reviewing each transaction (or a selection of transactions) to detect fraud. This can be done in-house through a fraud review team that analyzes orders, or through an external third party, where the business sends orders that seem “iffy” to a fraud protection vendor to analyze.

Secondary review is better than just fraud filters

Expertly trained humans are generally better at understanding context than automated fraud filters. These fraud experts can look at each situation individually to assess the fraud risk, instead of blindly adhering to preset rules.

These experts can also dig quite deep while investigating—for example, by performing reverse lookup searches on addresses and phone numbers, calling a bank to verify records, and even calling the customer to ask authentication questions.

Secondary review takes time

On the other hand, manual review is very time- and resource-intensive. Even the best manual reviewer can’t work as quickly as a computer program, so customers may have to wait slightly longer to be approved for their orders. However, most small businesses who’ve worked with a fraud prevention solution will say the secondary review is worth the wait.

Also, the effectiveness of a manual review is only as good as the expertise of the employees performing the review.

If you want to keep your manual review team in-house, you’ll need to hire experienced staff or pay to train them. This can be a solid approach if your volume and business are stable, but a sudden (or seasonal) increase in business could add strain. In those cases, outsourcing manual fraud review can provide better flexibility.

The bottom line: Manual review is essential to decisions about potentially fraudulent transactions.

Manual review on its own can be costly—and not as fast as filters—but is an ideal way to evaluate potentially fraudulent transactions instead of simply declining them.

Pros:

• Thorough fraud review: Every transaction is carefully examined.
• High level of accuracy: Reviewers can be trained to apply new knowledge about fraud trends into their decision-making process

Cons:

• Not scalable for sudden changes in transaction volumes: Sudden spikes in sales volume will slow down the review process and could result in customer service issues if the reviews take too long.
• Not cost-effective: Small businesses have to incur the expense of recruiting, hiring, and training more enough staff to handle the maximum volume of transactions.
• Potential loss of institutional knowledge: If staff members leave, their expertise and knowledge leave with them.

Outsourced Automated Solutions

Outsourced automated solutions allow small ecommerce businesses to offload all of their fraud protection onto a third party. Transactions are processed through automated systems and are approved or declined based on preset parameters and filters.

This type of machine learning and artificial intelligence (AI) are fast and reliable because they use mathematical algorithms and data to identify fraud trends and patterns. And because no humans are involved in this form of fraud detection, machine learning is scalable and consistent. Every transaction receives the same level of scrutiny.

But, if you recall from Chapter 4 where we discussed false declines, making decisions about transactions purely because they appear to be fraudulent increases the risk of declining legitimate transactions. And that can have a serious negative impact on customer experience.

Without human intuition, analysis or interaction, you can’t contact a longtime client to get more information about a suspicious purchase. The last thing you want to do is have an algorithm drive away your best customers.

The bottom line: Outsourced automation is a great part of the solution.

Outsourced automated fraud protection using machine language and AI can detect most fraudulent transactions and identify transactions that require further review.

Pros:

• TFast processing time: Automated rules allow for immediate decision-making and transaction disposition.
• Hands-off fraud protection: With their fraud protection handled by a third party, ecommerce businesses don’t have to understand the nuances of fraud and fraud risk.
• Better fraud identification: With more sophisticated options that offer machine learning and AI, outsourced automated solutions “learn” buying patterns.
  

Cons:

• Limited variability: Outsourced automated solutions can’t account for variations in consumer behavior, such as vacation purchases.
• High risk of false declines: Automated solutions treat potential fraud like actual fraud.
• Slow adoption of new fraud trends: Automated solutions require programming with new data, which can take time to integrate into its intelligence.
  

Fraud Managed Services

Fraud managed services incorporate a two-pronged approach: Prevent fraud from happening ... and protect the small business if a fraudulent transaction does slip through.

A managed services solution does this by blending a fraud protection strategy, chargeback management strategies, and a team of trained fraud analysts.

The solution can be used in place of an internal fraud team or to augment an in-house team, especially during times of increased sales volumes or periods of rapid growth.

Here’s how it works:

Typically, as an order comes in, it is screened in real time using automated technology that may include geolocation, email validation, fraud filters, machine learning and fraud score.

However, even if the order looks like it might be fraudulent, the order is not automatically declined.

Instead, any order that fails to pass the initial screening is sent to a manual review team for analysis. There, a team of expert analysts reviews the order to see if data is missing, compares the order to that cardholder’s typical ordering or store behavior, and contacts the customer for further authentication if needed.

Why a fraud managed services approach works

• Because no transaction is automatically declined, you have fewer false declines.
• Expert fraud analysts can quickly spot new fraud trends and flag them for insertion into the AI’s algorithms.
• The analysts can work alongside a company’s in-house team, or in consultation with the client, bringing specific business/industry insight to their fraud screening.
• The solution easily scales to accommodate peak sales times, while still ensuring each flagged transaction is manually reviewed.

The bottom line: A fraud managed solution offers the best of all worlds.

By combining all of the options available for fraud protection, a fraud managed solution offers ecommerce businesses a reasonably-priced way to protect themselves from fraud without risking turning away good customers. Plus, you’ll still have control over the process without having to manage every aspect of the process.

Pros:

• Fewer false declines and higher approval rates: The combination of AI and manual review distinguishes between clearly fraudulent and potentially fraudulent transactions
• Fewer chargebacks: AI “learns” customer behavior and takes into account fraud trends to quickly spot fraud patterns.
• Fast processing: Approved transactions are automatically processed, which adds to the customer experience.
• Full transparency: Data analysis provides the company with information about why a transaction was flagged.
• Peace of mind: Ecommerce businesses don’t need to be fraud analysts, and if available, they can provide the vendor with historical customer and transactional data that helps improve the accuracy of the solution.

Cons:

• Longer process for declining transactions: Manually reviewing suspicious transactions will take more time to determine if those transactions are fraudulent. So if a good customer’s transaction is flagged, they may need to wait a little longer before shipping – and may be asked to provide some verification information.
• More costly than ecommerce platform fraud filters: The cost of a hybrid solution is higher than simply relying on your ecommerce platform fraud filters. However, when you consider the cost of losing customers and negative reviews, the cost difference may easily be justified.

If you’ve settled on what type of fraud protection you want, great! But now comes the tricky part—making a decision. There are a lot of fraud prevention solutions out there. What questions should you ask to find the perfect match for your business?