Mitigating online fraud risk
Some years before joining the e-commerce bandwagon, I was curious about shopping online. What piqued my interest more was the process of online auctions. So, just out of interest, I registered myself in E-bay. As a part of the routine sign-up process, I was asked to fill my profile details, including the shipping and billing address. I registered and forgot about it. At least for a while. Later one day, when I decided to buy some stuff, I tried changing my primary shipping address. The system did let me, but after informing me that the new address would undergo address verification check before being considered. That interested me. So, digging more I found out that E-bay as well as an increasing number of e-tailers are making address verification mandatory as a part of the registration process in an attempt to curb fraud in the online shopping process. Quietly in the background, they hire third parties who verify addresses to validate and pass a registered customer. This brings me to the topic of my blog - curbing online fraud.
Post the economic recession retailers are now optimistic of the future with expected growth in online revenues. However it is important for retailers to optimise the payment & fraud management processes in order to reduce the revenue leakage to online fraud. Online fraud cost UK business an average of £ 400,000 last year & merchants expect to lose 1.8% of online revenues to fraud payment (6th UK Online Fraud Report by Cybersource). Retailers should remain abreast of fraud trends & preventive measures to combat the occurrence of online fraud incidents.
Card payments have emerged as the most popular form of payment. Online retailers are particularly vulnerable to card not present (CNP) scenarios as it can be hard to know whether the card payment is really from a valid customer. Immediate financial loss, damaged reputation, loss of customer trust, extra costs of time/money to manage each fraud incident, possible legal costs, additional bank fees for transaction reversal are some of the effects of fraud on a retailers business.
Managing fraud risk is a continuous effort that involves the use of a variety of risk tools, strategies, and fraud controls that will mitigate incidents of fraud without restricting business development. Retailers should build a comprehensive blacklist of customers and the attributes of previous fraudulent transactions (e.g., IP addresses, customer names, payment card accounts, cardholder names, mobile numbers and e-mail addresses). Establishing strict customer registration policies through submission of mandatory customer information such as name, telephone number, e-mail address and date of birth will raise the barrier of entry for potential fraudsters. Retailers should also implement a comprehensive suite of authentication tools to make more effective transaction risk assessments and decisions. Tools such as Card Verification Value 2 (CVV2), Address Verification Service (AVS), MasterCard SecureCode & Verified by Visa (VbV) for card not present transactions can greatly reduce the incidence of fraudulent transactions and increase retailers' profitability.
Retailers should actively monitor transactions & flag orders which are unusually large, shipping to an address that isn't billing address & unable to pass an address verification system. Also retailers should look out for customers who use a disconnected or changed phone number, use anonymous email address, and supply a fake sounding physical address. Establishing velocity checks by specifying daily/monthly limit on both the customer's ID/mobile number level and IP address level is another fraud monitoring step for the retailers. Majority of the retailers manually check orders as part of their fraud management process which involves a lot of time & effort. A real time fraud detecting system would be able to detect high-risk transactions based on previous fraud trends/attributes and flag them for further action by the risk management team. This would also mitigate the scalability limitation & customer dissatisfaction associated with manual review. However retailers should also focus on improving the accuracy of their automated screening so that only truly suspicious orders are subjected to risk filters & trusted customers are not subjected to unnecessary service issues. In this context the blacklist & the whitelist of customers can be effectively used to distinguish between customers. These lists should be regularly updated & maintained by the retailers. Retailers should proactively share information on fraud patterns and blacklist attributes with other peer merchants and (or) acquiring financial institutions, subject to applicability & permitted law.
Frauds can prove to be costly to the retailer in both monetary and non-monetary terms. It is only by being more proactive in implementing safeguards and constantly updating oneself that businesses can build a more secure and safe transactional environment. And who would not want a complete peace of mind with assurance that the right order has been delivered to the right customer with the right people getting paid.
