Most people will at the very least know someone who has been the victim of online fraud. Recent figures from Cifas revealed that a record-breaking total of 89,000 cases of fraud were recorded in the first six months of the year in the UK. The study found that while the number of identity fraud attempts against bank accounts and plastic cards has fallen, these still account for more than half of all cases. Last year alone, payment card fraud amounted to $21.84 billion globally.
Efforts to gain personal or financial information to commit fraud have evolved to highly sophisticated operations. It’s no longer a case of optimistically sending out emails about princes from foreign lands trying to send you large sums of cash. Now, fraudsters buy stolen credit card and personal information in bulk on the dark web and write programs or code to go about testing each card to determine if they can be mined for financial gain. The origin of fraudulent payments can normally be traced back to a data breach of an organisation. The recent case of Equifax, the US-based consumer credit reporting agency that compromised 143 million people’s data, is a prime example of this. Equifax then directed customers to a spoofed customer support page, failing to identify that it was deception and demonstrating how easy it is to mimic a business’ page.
The pressure on merchants
While having one’s card details stolen or used to make a fraudulent payment is undoubtedly stressful and inconvenient, it’s relatively straightforward for an individual to get the funds refunded through their bank. For merchants, fraudulent payments represent a rather different challenge. For a consumer to get their money back, their bank collects a refund from the merchant. But, if the merchant has shipped the goods or performed the service, they often have little recourse to recover costs. One study has found that every dollar spent fraudulently costs merchants $2.40. This means that merchants, particularly those selling goods or services online where the card is not physically present, must be extra vigilant to try and determine if the person buying the product is who they say they are.
One approach to manage risk is to simply decline any transaction that trips a card issuer’s fraud system – for example if the card has been used in a different country that it’s issued, or if the billing address is different to the shipping address. While this is likely to reduce fraud, chances are the merchant will also lose legitimate revenue opportunities as a result. Blocking legitimate transactions because they trip a fraud system is known as a ‘false positive’ and is reported to cost merchants close to $8.6 billion last year alone. Some tools such as 3D secure can help with this by asking for additional information on a stand-alone secure site before completing the transaction, but they are not fool-proof and often seen by consumers as ‘friction’ to the customer experience. In an era where consumers demand a frictionless experience, as Uber and Airbnb have become known for, adding the 3D secure layer can harm conversion.
Identifying the shopper behind the transaction
It’s no longer the case that the targets of online fraud are old people who fall for email scams – Cifas research suggests that it is actually people in their 30s who are most likely to fall victim. In fact the over-60s is the only age group that has seen fraud cases fall this year. Identifying the customer behind the transaction is the key to prevent fraud.
Device fingerprinting is a useful solution for creating a clearer picture of the person behind the transaction. This is the process of understanding the device that a shopper uses to make purchases and can help to eliminate false positives. For example, people buying gifts for friends in other countries can be a common red flag to fraud detection systems, because it is an international card purchasing something that is shipped to a foreign address that the card is not registered to. However, if this purchase was made on a device that the customer commonly uses, its device fingerprint would be familiar and the risk to the merchant is significantly reduced. Additional data analysis using algorithmic matching and behavioural analytics also play a very important role to correctly identify a purchaser.
Fighting data breaches with data science
If fraudsters are using algorithms and data science to quickly test and validate stolen card details in bulk, merchants must also use data science and predicative analytics to get ahead of the game.
Intelligent risk management solutions use a combination of transaction data and technology to build intelligent risk profiles designed to identify fraudsters early and remove friction for legitimate customers.
At Adyen we process payments for more than 4,500 merchants across the globe, including some of the world’s largest companies. This comprehensive dataset enables an intelligent assessment of each transaction – so that if a merchant identifies a fraudulent card in use, it can be analysed and treated with caution across the whole network.
With data science and machine learning, we can start to predict fraudulent behaviour and prevent these transactions from taking place. A crucial step to is to look at transactions as more than just stand-alone entities. There is a lot of valuable data that can be clustered with a transaction to get a holistic view of the shopper – such as email address, login credentials and card details. Through our ShopperDNA system, we apply advanced linking algorithms to these clusters, alongside proprietary device fingerprinting and network intelligence, to track devices, networks, and online personas. This enables merchants to track and block fraudsters as they adapt to reduce risk and chargebacks (the process where fraudulent payments are refunded).
Minimising risk while reducing friction
In the age of omni channel, ecommerce and the desire for frictionless payment processes, preventing fraud is not just about keeping bad payments out, but equally about letting the good payments through. Data really is the key – it’s what fraudsters crave in their schemes to extract money, but it’s also the best way to fight fraudulent payments. It enables merchants to reward good customers and provide them with a seamless checkout experience, while at the same time stopping fraudsters – who will try stolen credit cards across multiple devices, networks and email addresses.
Attila Doğan, Head of Revenue Protect at Adyen
Image Credit: Sergey Nivens / Shutterstock