by Scott E McGlon
In 2013, e-commerce will surpass $1.5 trillion in revenue. Online merchants are estimated to lose 1 percent of revenue in fraud and an additional 3 percent annually in wrongly declined transactions or charge-backs. Simply put, the majority of e-commerce platforms merchants are using today (internal or external) do not protect against fraud at a level that could significantly reduce losses incurred by losing billions in potential clean revenue.
Typically, fraudsters detect or stumble upon areas with weak online check-out security points. Often online merchants simply do not do enough to set up rock-solid security features and processes that go well beyond the basics. This white paper’s main objective is to introduce the different ways you can check the validity of every order you receive through your online store and provide tested viable solutions against the significant liability fraud creates for many online merchants.
To start, the fraudster’s are looking for websites that do not do the basics in making sure each online order is valid. Unfortunately, there are thousands of sites that do not do what’s necessary to limit fraudulent activity on their sites. Many online businesses lack the in-house capability to carry out such complex anti-fraud tasks efficiently and at sophistication levels that work.
Some online businesses can get away with limited fraud detection internal processes due to the certain categories that have a much lower probability in receiving fraudulent orders. These categories include, but are not limited to, low-end specialty goods, custom or made-to-order goods, grocery or perishable items, raw materials, and heavy or bulky products (furniture, etc.). Fraudsters love small, high-end products like jewelry, electronics, and collectibles that can easily be resold in almost any market. It is highly recommended that you do your research before investing into certain high-risk product categories.
There are over 100 risk indicators that look for footprints in both online and offline data to determine the validity of a transaction. Knowing and understanding the various risk indicators and what your company can actually execute in regards to the highest level of fraud detection is critical. A simple example of what a fraudulent transaction looks like starts with the addresses used in a transaction. A consumer making an online purchase from an IP address located in Atlanta but has a billing address in Mexico City, Mexico and a ship to address going to Miami should kick out and immediately either put the order on hold for review or decline the transaction altogether. Depending on the complexity of the fraud detection solution your company goes with, the more risk indicators that are integrated into your solution, the higher probability you will stop fraud in its tracks.
Over the last few years, the automated level of sophistication fraud detection solutions has been impressive. This is great for merchants and bad for the fraudsters. For example, some solutions use social media in qualifying transactions as legit or not by seeing which country the card was issued and the strength of the consumer’s social profile on Facebook, Twitter, LinkedIn, and other social networking sites. If the consumer’s LinkedIn account indicates they live around Los Angeles and the issuing card bank was in Switzerland, fraud detection solutions today can flag the order within seconds or minutes of being completed.
There are many things you can look at regarding how to detect fraud. Below outlines some of the more popular ways to detect fraud that can be coded into your shopping cart steps. Depending on your complexity level in how much you can control the ways to detect fraud, you can create a scoring system that determines the level of validity of each order you receive online. The following is ranked based on what is done most frequently.
1. Credit card authorization at time of sale but capture funds at shipping – this option is becoming more popular as e-commerce companies develop their internal SOP’s for fraud prevention. By only authorizing your customer’s credit card allows extra time to review the information and details before you collect payment or ship the order.
2. Address match requirement - by requiring the bill to address to be the same as the ship to address will distract many fraudsters at checkout. This is a top choice and is sometimes bundled with #1 above. By only using this method is not recommended. Fraudsters have been known to wait for delivery at the bill to address and sign for the package.
3. If the distance between bill to & ship to is different, call and verify the reasons why with your customer. Just talking with the customer using their bill to phone number verifies whether or not the order was placed and the right ship to address was entered. This option is not used with high-volume online retailers due to the inefficiencies it causes.
4. IP Geo-Location or Proxy Setting (U.S. – accept, foreign – reject). This is simple for most hosting and shopping carts available today but the fraudsters are getting smart by linking to U.S. based IP address or masking their foreign IP address.
5. Different names on bill to / ship to and not noting it as a gift in the cart. Using different names on the bill to address and ship to address is a definite red flag. Depending on the shopping cart software you use, blocking transactions that have different names can be a sign of a fraudster who plans to intercept the package at the delivery point that requires a signature. A “Gift” check-box option in the shopping cart (if checked) allows this rule to be ignored. However, it is recommended that you call your customer to verify the information entered is correct.
6. ARPS, or Average Revenue per Sale, is another great indicator of fraud. If online sales ARPS is currently $100 but suspicious orders are hitting at $200+ throughout the day or week, it is a good idea to flag these orders and verify them with the customer on record. It is not recommended to only use ARPS as the determining factor for fraudulent activity.
7. If you sell a highly targeted product (jewelry or electronics for example), it is recommended to flag all first time customers. Some companies use this as an opportunity to call and verify the purchase and welcome the new customer to your company. Others use first time customers with at least one additional potential fraud violation before contacting them by phone. Do not verify suspicious activity using chat or email.
8. If you have an online order that shows time on site less than 50% of site average coupled with another fraud violation could equate to fraud activity. It is recommended to call the customer to verify information, request they recite the purchase, and total spent on order.
9. Develop if/then logic based on your target customer demographic historical stats or business intelligence and build your own potential fraud profile. If you have built your shopping cart in-house or work with one of the larger content management system (CMS) or shopping cart providers, you should be able to build out a more comprehensive demographic with a goal that highlights “misfit” customers (successfully checked-out) or visitors. The higher the sophistication, the more fraudulent activity your online business will catch.
10. Flag all high-risk geographies in the United States and, if you ship internationally, worldwide as well. Firewall rules can be set that do not allow transactions from South Africa, India, Russia, China, and Southeast Asia that are known for fraudulent activity. Also parts of Los Angeles, Chicago, Miami, and New York City can be flagged by originating zip codes.
11. Guest checkout vs. registered user checkout. Fraudsters avoid sites that require you to register before checking out since most information is verified during registration.
One of the more important aspects of fraud detection is just paying attention to details of each order. Customer service representatives need to be on the lookout for the obvious potential threats of fraud including ship-to phone numbers that are entered as “(123) 456-7890” or a fake domain extension within the email address provided (email@example.com). Before getting excited about a $1,250 online order that just hit, review all elements of the order either manually or through fraud detection rules. It is critical your CSR’s and sales team ask all the right questions and complete a thorough due-diligence before fulfilling unordinary orders! It never ceases to amaze the number of transaction that slips through the cracks by simply ignoring or not catching the easiest signs of fraud.
To utilize the prevention methods above while optimizing the efficiencies of your customer service department, it is recommended to first define what capabilities you have with your current shopping cart. If you have an in-house IT department, it is much simpler to integrate the most thorough fraud-detection strategy. If you outsource your e-commerce platform, you might be more restricted but most “top-shelf” CMS and shopping cart companies offer fraud detection components within their platforms. Because of the many different product categories sold online, the majority of these platforms require the clients to “turn on” the fraud detection components. Either option, it is recommended to define the level of detection you are shooting for to reduce fraudulent orders getting through your system. The level should be based on what fraud is costing your business today before a plan and budget is put in place.
Most third-party fraud detection companies use a scoring system that meets their client’s objectives to eliminate fraudulent orders. For example, ABC Enterprises, LLC sells high-end GPS tracking devices for multiple applications. Because their sales are both in the electronics and technology industry, their exposure to fraud has hit as high as 7% of gross sales. ABC built a scoring system that best countered the fraudulent activity that they collected. Their example of scoring also included deducting points on checkout information associated with low probability of fraud. The scoring system that ABC put in place automatically declined orders that scored 25 or higher, put all orders on hold that scored 15-24, and fulfilled orders that totaled 14 or less.
ABC Enterprises, LLC Fraud Score Sheet:
The flexibility that comes with a successful scoring system to detect fraud is the flexibility you have in what you score, how you score, and the threshold that ultimately defines whether or not the order can be fulfilled, put on hold, or denied altogether. Many companies tweak their fraud scoring system throughout the year by lowering the threshold totals during the holiday season for example.
In the example above, ABC found through its business intelligence that the majority of fraud orders had Yahoo email account with low time on site. So, ABC gave all orders with Yahoo email accounts a score of 10 plus another seven points if the visit was also under two minutes. Just on these two parameters, ABC saved over $2Mn in potential loss sales in the first year of implementing their fraud scoring system.
A strong fraud detection process has other benefits as well. By successfully defining the characteristics that drive fraudulent orders specific to your online initiatives, allows growth in other markets that were previously cautious in going after.
A well-designed and implemented online fraud detection plan is based on both the transactional and historical business intelligence analysis. The more in-depth the analysis and understanding your core customer demographic, the stronger your fraud detection will be. Any online business can significantly reduce the chance of fraud occurring if both the scoring rules and excution is successfully implemented. The sooner that indicators of fraud are available, the greater the chance that losses can be recovered and address any weaknesses within your SOP’s or CSR training. Effective detection techniques tailored to the merchants order history through scoring every order will build a stronger wall and serve as a deterrent to potential fraudsters.
As e-Commerce continues to grow, online security is an increasingly important issue that you must assertively address to keep your business protected from unnecessary losses. Unfortunately, statistics clearly show the continued growth in both fraud and Internet-based scams. Using every tool and resource to counter fraudulent activity will save you both time and money. It is important to collaborate with other similar e-commerce companies to review what anti-fraud initiatives that have worked well. Good luck!
Scott E McGlon is the President of McGlon Properties, LLC and the author of many blog post on MP Blog. He has been a serial entrepreneur, investor, and president of many successful start-ups since 1998.
MP, LLC credits blog post with the original author and links (if available).
Scott E McGlon is the President of McGlon Properties, LLC and the author of many blog post on MP Blog. He has been a serial entrepreneur, entrepreneur-in-residence, investor, and president/CEO of many successful start-ups since 1998.
“Success is walking from failure to failure with no loss of enthusiasm." - Winston Churchill
"The few who actually
go out and take extraordinary initiatives are the envy of the majority who sit back and just observe."
“The LORD makes firm the steps of the one who delights in him; though he may stumble, he will not fall, for the LORD upholds him with his hand.” - Psalm 37:23-24
“Keep away from people who try to belittle your ambitions. Small people always do that, but the really great make you feel that you, too, can become great.”
"It is more important in what you become than what you achieve. What are you going to become in pursuit of what you want?" - John Marsh, Marsh Collective
“Work harder on yourself than you do on your job" - Jim Rohn
"The secret to success is very simple: EVERYDAY if you do quality work, take initiative, act on innovative thoughts, and are assertive in your actions all backed by faith, the dividends will consistently flow your way." - SEM