Navigating the minefield of ecommerce and online transactions can often feel like playing a game of Whac-a-Mole. Just as you think you’ve sorted out one problem, another pops up. One challenge that never fails to resurface, however, is payment fraud.
Reviewed, revised and approved by Signifyd humans.
As merchants scale up, the complexity and volume of transactions typically introduce a whole new set of risk factors. It’s a case of more transactions, more problems. As the ecosystem evolves, so does the language used to describe the strategies merchants deploy to keep fraudsters at bay. Phrases like “fraud detection,” “fraud prevention” and “fraud protection” have often been tossed around interchangeably, creating a confusing web of jargon that does little to help merchants understand their own processes. In this article, we aim to explain why fraud detection is important and to pull the curtain back on these terms, offering clear, concise definitions, with particular focus on the most basic component, fraud detection.
Fraud prevention and analysis in ecommerce transactions
Fraud is a constant threat to ecommerce businesses, constantly evolving and adapting. For merchants, the cost of fraud can be staggering, resulting in lost revenue, damaged reputation and legal liabilities. As the number of ecommerce transactions grows, fraudsters become more sophisticated and find new ways to exploit vulnerabilities in the system. It’s crucial for merchants to understand the types of fraud they might encounter and how to protect themselves from financial losses. We put together some tips and insider information to help you protect your business from fraud while avoiding adding friction to the checkout experience.
Invest in a quality payment fraud detection solution
Payment fraud creates a revenue-depleting conundrum for merchants. Fear of fraud can lead them to over-protect and cancel legitimate transactions, resulting in a false decline or false positive. A false decline creates a fundamentally bad customer experience, destroying relationships with good customers. This poor choice represents a potential cascade of bad business. When finding a fraud detection solution, look for one that minimizes false positives.
Utilize merchant networks in fraud prevention
A merchant who stands alone to try to prevent fraud, is in a desperate race against a well-equipped enemy. By using the power of large merchant networks that underlie state-of-the-art fraud protection solutions, in addition to fraud detection driven by artificial intelligence, merchants get to leverage the entire ecosystem of transaction data available to a particular vendor. A large merchant network provides more data points for fraud detection and prevention, as well as a broader perspective on fraudulent behavior across ecommerce. This ultimately leads to stronger fraud protection for all members of the large merchant network.
Be sophisticated in your approach to payment fraud detection
There is no one-size-fits-all approach to fraud detection and mitigation. Each business has its unique ecommerce business nuances, made up of price points, sales volume, discounts, returns, fraud, chargebacks and the capabilities and preferences of the people who operate the business. Merchants with large sales volume will, by necessity, rely on automated systems to process most transactions, with only a very small percentage selected for manual review. Artificial intelligence can improve the performance of automated systems, but the people who operate them need to understand the constantly changing business environment of threat and opportunity, and use all the tools and expertise at their disposal.
Types of payment fraud that can be detected
Credit card payment fraud is one of the most common types of fraud. It occurs when a criminal uses stolen credit card information to make unauthorized purchases.
Identity theft is another common aspect of fraud, in which a criminal obtains someone’s personal information, such as their social security number, to open fraudulent accounts or make unauthorized purchases by taking over their accounts.
Friendly fraud, also known as first-party fraud or chargeback fraud, occurs when a customer files a false chargeback, when a customer disputes a legitimate charge, leading to a financial loss for the merchant.
Payment fraud detection tools
Merchants are increasingly turning to merchant fraud detection tools to protect their businesses from the devastating effects of fraud. From fraud scoring and machine learning to biometrics and velocity checks, these tools are designed to help merchants identify and prevent fraudulent activity before it can cause harm.
Fraud scoring to rate the likelihood of fraud
Fraud scoring is a technique to assign a score to each transaction based on the likelihood of it being legitimate. The score is based on various factors such as billing address, IP address, device fingerprint and transaction history. If the score indicates sufficient uncertainty about the purchase, the transaction could be flagged for further investigation, allowing merchants to take action to protect their business and customers.
Machine learning trains the robots to fight
Machine learning is another key tool in the fight against fraud. By identifying evolving patterns and trends in the data, machine learning algorithms can get better and better at detecting fraud and abuse. This technique can be used to automatically decline orders that are highly likely to be fraudulent, or to flag suspicious transactions for further investigation in manual review, helping merchants stay one step ahead of fraudsters.
Deny and allow lists of known heroes and villains
Fraud deny lists and allow lists, once known as blacklists and whitelists, are another important tool in the fraud prevention arsenal. These lists contain the names and other identifying information of known fraudsters on the one hand, and well-known customers on the other, making it easier for merchants to identify and block fraudulent transactions and approve good ones. By leveraging these lists, merchants can quickly weed out suspicious activity while quickly shipping legitimate orders, thereby protecting their businesses from financial losses and missed revenue opportunities.
Biometrics: Are you really you?
Biometrics are a group of cutting-edge technologies where the device used provides verification of the user’s identity during the purchase process, using physical traits such as facial recognition, fingerprint or voice recognition. Biometrics help close the password security gap and strengthen authentication without adding extra user friction.
Only fraud bots can buy this fast
Velocity checks are another key tool in the fight against fraud. These checks analyze the frequency and volume of transactions to identify patterns that may indicate fraudulent activity. High velocity purchases can be a sign of fraud, but can also reflect good orders, so having additional signals is helpful to preventing fraud and maximizing revenue.
Merchants can prevent fraudsters from making multiple fraudulent transactions in quick succession by setting limits on the number of transactions in a certain timeframe, but should also review denied transactions to ensure they are not systematically denying good purchases.
Are they where they say they are? Part one.
The Address Verification System (AVS) allows merchants to cross-check the billing address provided by their customers at checkout against the record at the card’s issuing bank, for a large number of purchases. By comparing the billing address with the address associated with the payment method, AVS can help verify known customers, and speed approval of the purchase.
Many legitimate purchases will find a match between purchase order address and the address on file with the issuing bank in AVS, giving merchants greater confidence in those purchases.
Are they where they say they are? Part two.
Finally, geolocation and proxypiercing are powerful tools that allow merchants to identify the physical location of the user during purchases, and whether they are using a proxy server to conceal their location. Location data can support either approval or denial of an order.
Good purchases have a device signature
Device fingerprinting and location data are important tools in fraud prevention techniques for ecommerce transactions. Device fingerprinting involves collecting information about the device used to place an order, such as the operating system, browser version and IP address. By creating a unique “fingerprint” of the device, merchants can gain insights into which orders are good orders and which orders are fraudulent.
Sources of fraud intelligence in payment fraud detection
Accuracy of merchant fraud detection tools depends almost entirely on the quality and quantity of the data available to them. Some of the common sources used for fraud detection include:
How they behave in the purchase
Transaction information acts as a valuable tool for identifying patterns and trends that may signify fraudulent activity. This information includes details such as the date, time, and location of the transaction, all of which can be analyzed to uncover potential fraud. A seemingly innocuous set of inputs, yet one that holds immense power in the hands of merchants seeking to safeguard their businesses and protect their customers.
The device they use to make the order
As mentioned before, device information proves to be a crucial tool for merchants seeking to safeguard their business. This “fingerprint” includes information such as the device’s IP address, browser type, and operating system, all of which can be utilized to identify potentially suspicious devices and flag them for further investigation.
Know your customer
A merchant’s own customer information provides insights into purchasing habits, preferences and behavior of their own customers, and can be used to build profiles and identify patterns that may indicate fraudulent activity, such as unusual purchasing or returns behavior, or an unexpected change in location. Merchants can also sometimes find evidence to fight chargebacks in a purchaser’s social media accounts. It’s not unheard of for a customer to post a photo of an item they said never arrived, for instance.
Know your websites
Analytics plays a vital role in identifying anomalous activity that could potentially indicate fraudulent behavior. Clickstream, web search, web activity, and traffic data can all be analyzed to identify patterns, trends and “normal” purchasing behavior. Equipped with knowledge of what “normal” looks like, merchants are on the lookout for the unusual, and when it emerges, urgently analyze it to determine if fraud is happening, and if it is, move quickly to cut it off.
Human factors in payment fraud prevention
While automated merchant fraud detection tools are essential, wise humans are also critical to effective fraud detection. Some of the human factors involved in merchants’ fraud detection include:
Train well to know your foe
A solid training program can do a lot to ensure a team’s success against fraud. Training helps fraud analysts stay up to date with the latest techniques and tools, new fraud trends and to improve their ability to prevent fraudulent activity.
Nothing beats experience against fraud
Experience is a crucial component in fraud detection. Experienced fraud prevention experts can recognize patterns and trends and amplify the work that automated merchant fraud detection tools do. That provides a valuable human element in the fight against fraud.
Get the word out
Effective communication is essential in the prevention of fraudulent activity. Those responsible for fraud prevention techniques must communicate effectively with each other and with other departments within the organization in order to identify and prevent fraud. Schedule regular cross-functional meetings to review fraud concerns, incidents and evolving ongoing strategy.
Evolve ahead of the fraudsters
Continuous improvement is a vital aspect of preventing fraud. Fraud prevention techniques that use machine learning are constantly evolving as fraudsters’ tactics evolve. They are also able to analyze and approve or decline transactions at a speed and scale that are impossible for human teams to achieve. Fraudsters don’t seem to sleep, and they will never stop.
The future of fraud detection
Transformative artificial intelligence (AI) and machine learning (ML)
Artificial intelligence and machine learning have transformed the fields of fraud detection, protection and fraud prevention for merchants. By analyzing large amounts of data and detecting patterns, machine learning algorithms can detect fraudulent activity more accurately and quickly than manual review processes. As machine learning algorithms continue to evolve and improve, they will play an even more significant role in fraud detection and prevention.
Blockchain not just for coins
Blockchain technology is an emerging player in the world of fraud. By creating a permanent, tamper-proof record of transactions, blockchain offers the potential to dramatically increase transparency and accountability in ecommerce. While still in its early stages and overshadowed by news and drama about coins and exchanges, blockchain technology is a promising area of innovation for fraud detection and prevention.
Cybersecurity the must-have for the 21st century
As the world becomes more digital, the threat of fraud grows. To fight this ever-present danger, merchants need to stay ahead of the curve. Most already invest in the latest cybersecurity. Many need to add the latest innovations in fraud protection to their arsenals.
Fraud protection systems and services help fight fraudsters coming through the front door and ringing up purchases. Just as importantly, they help merchants better recognize their good customers, fulfill their orders quickly and keep them as lifetime customers.
Networking, collaboration and information sharing
Collaboration and information sharing are essential in the fight. As fraudsters become more sophisticated, it becomes increasingly challenging for individual merchants to detect and prevent fraudulent activity on their own. To stay ahead of fraudsters, merchants must work together to share information and collaborate on new fraud prevention techniques.
Finding and working in common cause with other competing merchants can be challenging, but ecommerce workers are increasingly turning to each other for support and common action. Events where ecommerce merchants, risk analysts and anti-fraud professionals can network and share challenges and best practices are now opening back up in the waning of the pandemic.
Merchants can also seek the safe harbor of fraud protection, prevention and detection vendors and their data networks. Access to data from the transactions managed through their systems provides these fraud protection vendors a great deal of information beyond the individual purchases in the system. In aggregate, these vendors often see fraud and chargeback trends coming, and can take steps to help protect the merchants they serve.
Fraud detection vs. fraud prevention vs. fraud protection
Although related, fraud detection, prevention and protection are distinct practices with overlapping concerns and related processes.
Fraud detection involves identifying fraudulent activity as it happens, or fraud that has already taken place. This involves analyzing live and historical data and can use machine learning algorithms to detect patterns and anomalies that may indicate fraud. To be useful though, fraud detection needs to lead to fraud prevention or protection.
Fraud prevention involves taking proactive measures to prevent fraudulent activity from occurring at all. Prevention includes steps like implementing security measures such as two-factor authentication and other purchaser identification techniques, and by declining orders that appear too risky. Merchants need to tread carefully in this area to avoid adding frustrating friction to the buying process and missing out on revenue by issuing false declines from the bottom line. Prevention usually depends on preventing purchases that might be fraudulent from going through. There is a step beyond prevention, and that is protection.
Fraud protection refers to the measures taken to ensure that merchants are not held liable for fraudulent transactions and includes both fraud detection and prevention. It also can include some or all of a combination of processes, such as manual reviews for extreme edge cases, fraud scoring and financial guarantees to minimize the risk of fraudulent transactions. Unlike fraud prevention techniques, which focus on stopping fraud from occurring in the first place, the highest quality fraud protection, such as Signifyd’s Guaranteed Fraud Protection, is designed to also provide financial compensation and support in case fraud does occur, as it inevitably does.
If you are an online merchant evaluating commerce protection vendors, you might be interested in our free Commerce Protection Buyer’s Guide. This comprehensive guide outlines the evolution of commerce protection from fraud prevention and details the integral components of a commerce protection solution. Takeaway resources include:
- A sample RFI template to leverage in your evaluation process
- Tips on how to build a business case for a commerce protection solution
- How to evaluate ROI and understand the tools used to protect against fraud and chargebacks
- How to find the right solution for your business
Final thoughts about fraud detection
Fraud detection is a critical first step for ecommerce merchants to understand how to best protect themselves from financial losses and maintain the trust of their customers. Automated merchant fraud detection tools and human factors can work together to provide effective fraud protection. Merchants need to invest in the right merchant fraud detection tools and ensure that their fraud solutions and strategy keep up with the evolving nature of fraud.
Merchants must strike a balance between fraud protection and customer experience. False positives can lead to lost revenue and dissatisfied customers.
To strike a balance between fraud protection and customer experience, merchants should find a solution that relies on a vast network of transaction, behavioral and historical intelligence to instantly sort fraudulent from legitimate orders. Moreover, those decisions should be backed by a financial guarantee against chargebacks. That way they can stop worrying about fraud and chargebacks and get back to the business that they love.