This piece is part of our Expert Spotlight on Fraud series, dedicated to featuring experts in the online risk management and fraud detection sphere. As a group, they encounter diverse challenges and mount their offenses in different and innovative ways, and in this series, they offer their learnings for others starting out in the industry and for those running risk teams.
This week, we’re featuring Mark Skrapits, Director of Operations at PetFlow, an online retailer of over 300 brands of high quality pet foods, medications and hard goods.
On how he fell into the fraud management role
When I joined PetFlow just over three years ago, I started in customer service and then moved over to operations and order management. That’s when this list of chargebacks found its way to my desk. At the time, chargebacks had largely been flying under the radar, but they finally threw up a red flag and the accounting department asked me to look into it.
Turns out, chargebacks of fraudulently-placed orders had accumulated to levels of real financial significance. Analyzing and preventing fraudulent orders from getting through quickly became a very serious concern and one we that we needed to put dedicated resources behind. At first, I simply helped out with the time-consuming investigations into preventing chargebacks, then transitioned into day-to-day fraud prevention over the next few months. Currently, I oversee our purchasing, warehousing, and merchandising operations, so while I’m no longer involved in day-to-day fraud prevention, I was the first one to experience it at PetFlow.
On how his initial approach to fraud changed with time
Our fraud management was pretty reactionary at the beginning.
After a chargeback would come in, we’d spend significant time combing through the new orders to see if this was a part of a trend that was developing. At the time, we were receiving nearly a thousand orders a day, and every one of those orders came under the microscope for fraud detection because we didn’t know how widespread the issue was. I worked on it almost full-time, and even our two co-founders looked at new orders and sent things to me that they thought looked a little suspicious.
At the beginning, it was very unsophisticated, but we did get to the point where just looking at an email address threw up a red flag to us, and we could say “I’ve seen this trend before, and I’m going to cancel this one order.” This was incredibly time consuming. The main issue, though, is that customers who are completely legitimate wound up getting hurt in the process of identifying false positives. That was a serious concern for us. We had to ultimately balance being proactive with lowering our insult rates.
On the qualities that make him well suited to fraud detection
I’m very willing to dive into an investigation to do some detective work, look at points of an order differently, and seek the opinions of others. I think that by initially taking orders and customers at face value, we probably got burned, but now, we’re approaching fraud in a more sophisticated manner by being proactive about identifying possible trends.
On the revelation that lower price point items are also susceptible to fraudulent attempts
Originally, I assumed that retail fraud targeted electronics or other high-end items. I’ve since realized the appealing thing about pet food (to someone who is going to try to resell it or acquire it with a stolen card and resell it) is that there will always be a market for it. It’s a huge industry.
Consumers are very conscious of what they typically pay for pet food in the same manner that they know what they spend to fill their gas tank or buy a gallon of milk, so if I buy a particular bag of food every month, I know exactly what I pay for it. If the fraudster can price it online at $5 cheaper than I’m used to paying for it (because they paid zero dollars for it), it’s very easy to offload this product as opposed to an obscure luxury watch or something like that.
On how professional fraudsters operate like a well-oiled machine
When I first started out in order investigations, I was impressed with how smooth of an operation these fraudsters had going on. I realized that if I saw an order that I considered likely fraudulent, I could look on eBay about a half hour later and see the exact product there. I had a list of eBay usernames where I’d see a checkout on our end, and then the same exact product posted on eBay by these known offending sellers. It was pretty impressive. This wasn’t someone who was doing this on their free time; this was a professional who was doing this for a living and presumably making a ton of money off of it. Playing this game of cat and mouse with sophisticated cyber-criminals made us quickly realize the need for either more dedicated resources internally or the help of an outside service to protect us.
There are absolutely simple-minded fraudsters out there that will stick out like a sore thumb, but those are not the real concerns. The concern is the well-oiled machine. The well-oiled machine is like a hole in your pocket that sucks a few dollars out every so often but never gets quite obvious enough for you to detect.
On the benefit of having an automated, expert tool at hand for order review
Fighting fraud is game of back and forth. In our early days of fraud prevention, our goal was to detect trends as quickly as possible and build rules in our order processing logic to protect against that trend. Now that we have the right resources (and a more automated service in Signifyd), we can catch these initial fraud cases without it necessarily turning into a trend that we detect a month later. It’s basically put our entire fraud review operations much further down the funnel of potential offenders to sift through.
We’re no longer looking at every single order that’s placed to see if there’s a potential for fraud. We’re not manually reviewing every order because we have someone doing that initial legwork for us. Now, instead of reviewing a thousand orders a day, we’re reviewing only 30 very high potential, high risk cases. This made us better suited to avoiding that reactive back-and-forth with fraudsters, where we had to comb through orders to detect new trends in the industry before they get in our systems or before they turn into chargebacks. Now, the legwork requires an hour or so per day as opposed to a dedicated FTE, and issues are detected before they can turn into trends that wreak havoc on our bottom line.
On the most important tool in a risk analyst’s arsenal.
Intuition, common sense and an inquisitive nature are the finest tools for fraud protection. Don’t take things at face value. If you see something that looks a bit suspicious, there’s a good chance it’s worth investigating.