Ecommerce fraud prevention depends on good data. That data can come from payment card providers, credit bureaus, address listings, and, more recently, other merchants.
A few years ago, a shoplifter stole products at a D&B Supply store in Caldwell, Idaho. Then a couple of days later, he robbed the chain’s store in Meridian, Idaho, some 20 miles away. The retailer’s vice president of operations notified several of the other large retailers in the area, sharing surveillance images of the thief and details of each crime.
The local Fred Meyer grocery store was hit next. It shared what it learned, and before long, a network of retailers was able to provide police with a complete picture of the crook, including the make of this car and a license plate number. An arrest followed.
In this example, a few stores shared information about a criminal and, by so doing, helped to protect their local community. What if ecommerce merchants could also share customer actions and, thereby, reduce the risk of ecommerce fraud?
“One of the things I have realized working in this domain for so many years … is the advantages and disadvantages of artificial intelligence and machine learning and, also, the reliance on having good data sources,” said Uri Arad, vice president of product and research and co-founder of Identiq, which provides a peer-to-peer trust network for retailers and other consumer-facing businesses.
That so much of modern ecommerce fraud prevention is dependent on data and patterns of data “is especially important when you have to manage risk against an unknown,” Arad said. “An unknown may be a user that you haven’t seen before, a credit card that you haven’t seen before, or a significant change in behavior. So all of those things introduce new patterns and new data.”
“Combined with the increasing sophistication on the side of the bad guys … telling good from bad is becoming a harder problem to solve,” Arad continued.
Solving this problem is important because trusted transactions are a linchpin of ecommerce retailing.
The customer has to trust that the merchant has accurately described and presented the product and that the company will ship that product as promised.
The merchant has to trust that the customer is a genuine buyer presenting his own payment card information and not planning fraud.
Many merchants use fraud prevention tools to sort out safe and trustworthy transactions from questionable ones.
When a mid-sized or enterprise ecommerce business encounters a new customer, a customer whose information has changed, or a shopper exhibiting new behaviors, that merchant will often introduce friction into the transaction.
This friction may take one or many forms. Some of these steps will be invisible to customers. Others will impact the shopping experience or even kill the transaction.
For example, many automated fraud-prevention tools will respond to the sorts of unknowns Arad described in one of three ways.
- Decline the transaction.
- Hold the transaction.
- Flag the transaction.
In the two latter cases — hold or flag — someone at the merchant will take manual action, such as reviewing the order or calling the customer to verify.
But the first case — declining the transaction — may be the most damaging when it is wrong, as the merchant would be turning away a real, trustworthy customer. It’s called a “false positive.”
“False positives are a result of the inability to properly quantify the level of fraud risk in a transaction. The true results of false positives can be tough to measure, but lost sales are a direct impact,” wrote the authors of an ebook, “The Silent Sales Killer: False Positives,” from Kount, a leading fraud-prevention provider.
“Too often, false positives go unnoticed as online businesses perceive them as successfully thwarted fraud instead of foregone sales. Yet false positives harm online businesses financially in four fundamental ways,” the ebook continued.
- “Immediate revenue loss. Every order wrongly turned down is revenue not realized.”
- “Lost customer lifetime value. Lifetime customer value is the total profit anticipated from all future purchases by a customer. Legitimate customers who are wrongly rejected will often stop buying from that merchant permanently.”
- “Wasted acquisition spend.” All of your company’s marketing and advertising is wasted on a false positive.
- “Degraded brand image. In today’s connected world of social media and viral posts, one shopper’s experience with a false positive can suddenly reach thousands of customers and potential customers. While difficult to quantify, the impact of negative publicity is nonetheless real.”
Fraud prevention businesses take different approaches to address actual card-not-present fraud and avoid revenue-damaging false positives.
Many use artificial intelligence, which is software with algorithms and pattern recognition to accomplish a task that would usually require humans. But Identiq is noteworthy for its peer-to-peer approach.
When an Identiq member, a company with millions of customers, encounters a new buyer, it can ask other members on the network about their experience with the shopper, if any. This is done anonymously so that each individual’s privacy is protected in accordance with the General Data Protection Regulation in the European Union and the California Consumer Privacy Act.
The idea is that while a new customer may be unknown to a specific merchant, another retailer or a popular paid app has likely experienced that same shopper.
Just about every fraud prevention software provider and financial institution is trying to improve ecommerce fraud detection while avoiding false positives. As Arad said, in the end, it depends on the data. Thus sharing customer experiences could help all participating merchants.