Consumers are shopping online in increasing numbers. It is estimated that the web will capture 10 per cent of all UK retail transactions by the end of 2012. But as the British Retail Consortium (BRC) pointed out recently in their study, e-crime is the greatest emerging threat to retail, costing the sector £204.5 million in 12 months.
Counting the cost of fraud
As e-commerce retailers rely on Customer-not-Present (CNP) payments carried out with debit and/or credit cards, the cost of online fraud cannot be ignored. Quantifying the problem of card fraud itself is difficult, but Chase Paymentech’s own analysis has revealed that 62 per cent of companies had lost on average £1.2 million each through fraudulent CNP transactions during the last 12 months. This negatively affects business and may hurt brand reputation. The challenge is to make life as difficult as possible for fraudsters, while maintaining a positive shopping experience for the customer – a difficult balancing act. While there is no “silver bullet” to entirely safeguard merchants, the use of an appropriate blend of controls may help mitigate loss by fraud. Merchants are advised to work closely with their payment acquirer to ensure the best solutions are in place to suite the merchant’s business needs.
Preparing for Christmas
Christmas is the busiest shopping season of the year for most UK merchants and naturally, with this increased volume comes a greater risk for fraud. As e-commerce grows in popularity, so too does the threat of fraud. E-commerce merchants should talk with their acquiring partner, who will offer insight into how to make payments more secure. They should also develop strategies to ensure that their business can detect fraud across all channels as close to real time as possible. This will enable them to identify threats quickly, to respond immediately and prevent future fraud. The tools for the Christmas shopping period should be the same, up-to-date and reliable tools that an e-commerce merchant would use all year-round. These include reviewing all available metrics, using real-time risk scores, putting better rules in place, adopting device fingerprinting, and comparing good and fraudulent behaviour.
Seven best practices to fight e-crime
Many merchants have successfully driven down fraud rates to less than one per cent of orders by using techniques including automated real-time screening. However, a superior fraud-prevention strategy will also consider the number of legitimate orders that are rejected on suspicion of fraud. Some fraud survey reports suggest that this is one of the biggest concerns for Customer Not Present (CNP) merchants, with some retailers reviewing as many as one in five orders but confirming less than five per cent as fraudulent. Customers who discover that their order has been delayed or rejected on suspicion of fraud may take their business elsewhere, never to return. Hence, by initially accepting more of these good orders, your business could increase sales and boost revenues.
Here are seven steps that may help achieve an acceptable balance between fraud filtering and order acceptance:
- Review all available metrics: Analyse your fraud rates regularly to spot false positives as well as new types of fraud. Look for patterns in the type of transaction, buyer’s location, time of day, IP address and card issuer as well as the country or channel being used. Chargeback analysis can help assess how well your fraud tools are performing and identify further improvements in your acceptance process.
- Use real-time risk scores: Optimise your fraud screening through continuous transaction monitoring. Some tools can provide every transaction with a fraud score to indicate the level of risk associated with it.
- Put better rules in place: Refine and upgrade the rules used by your automated screening to ensure that they reflect peak seasons, campaign initiatives and your latest products, channels and markets. Put custom rules in place to adapt quickly to new threats and improve your order review flow. This will also minimise the number of valid orders that are sent to your manual review team.
- Adopt device fingerprinting: Integrate the latest fraud detection techniques to fingerprint multiple layers of a computer device to ascertain a unique device ID, despite a user’s best efforts to change identity settings. This identifies repeat transactions from the same device.
- Compare good and fraudulent behaviour: Look for patterns in both good and fraudulent customer behaviour. This will help to reduce the number of genuine customers being reviewed unnecessarily as well as identify unusual peaks in activity that might indicate fraud. Providing your customers with a dedicated user account area on your website can give insight into how trusted customers behave.
- Friendly fraud analysis: Friendly fraud, when dishonest customers claim that they never received their purchases, can contribute to your overall CNP fraud. A regular analysis of all chargeback codes can help reveal possible friendly fraud that would not be apparent by reviewing fraud-related codes alone.
- Website analysis: Fraudsters can tend to take a more direct route through your website to get to the checkout. Continual analysis and monitoring of how customers normally navigate their way through your website can help you to identify unusual patterns of fraudulent activity.
Perhaps the biggest challenge for retailers as they open new channels is to strike the right balance between security and consumer convenience. This requires a more flexible and agile approach to fraud prevention. Fraudsters will always try to exploit new models, such as one-click payments or same-day delivery. But the inability of a retailer to meet the expectations of customers because of an inefficient fraud prevention process may present a greater cost to the retailer. Delays in fulfilling orders could lead to dissatisfied customers switching to a competitor.
As the e-commerce landscape is ever-changing, so too is the threat of fraud. Connect with your acquiring partner who should be able to offer insight into how to make payments (mobile or other) more secure. Plan strategies to ensure that your business can detect fraud across all channels as close to real time as possible. This will enable you to identify threats quickly to counteract and prevent future fraud.