Skip to content

Retailers have made commendable progress in the way they fight fraud, but the advancements and the sophistication in merchant fraud is still a major concern. According to Invesp, the eCommerce industry suffered an estimated revenue loss of USD $6.7 billion due to chargebacks in 2016, out of which 71% ($4.8b) was due to friendly/chargeback fraud. Whether it’s highly-polished friendly fraud, sophisticated account takeover or simple manipulation based on address and email, effectively fighting fraud during peak requires time and pre-planning – which I’ll addressing in detail in this post.

Merchants should remember that eCommerce fraud grows nearly twice as fast as sales. Fraud increased 30% in 2017 compared to 2016, while overall eCommerce volumes were up only 16%.

The fraud trend is also clear from our own internal benchmark data:

  • In 2017, 1 in every 85 transactions was a fraud attempt
  • In 2016, 1 in every 95 transactions was a fraud attempt
  • In 2015, 1 in every 109 transactions was a fraud attempt


Factors determining peak season

While different merchants across different sectors (including retail, travel, gaming and telco) experience different spending patterns, KPIs and customer behaviors, one thing they all share is the importance of making the proper adjustments to their fraud strategy going into peak shopping season.

However, the adjustments they make can vary based on the KPI, or based on the model they follow. For instance, Merchant A may want a review rate (manually screening transactions/total number of transactions) below 2%, whereas for Merchant B a review rate anywhere below 5% would be acceptable. It may depend upon the additional staff they have, their volume anticipation, and their products. Many merchants follow a Pass/Fail model that makes it quick to action the orders, without the analyst team having to manually screen thousands of orders. Transactions are denied or accepted based on the strategic rules put in place. Creating diverse and customized rule strategies is essential for merchants when it comes to preparing for peak.

According to the National Retail Federation’s (NRF) Consumer Holiday Spending Survey, U.S. celebrations extend from Valentine’s Day to Christmas — with milestones along the way including graduation, “back to school,” Mother’s Day, Father’s Day, Black Friday and Cyber Monday. In other words, ‘peak’ season may be at various times throughout the year for different merchants. For the merchants in the gaming sector, it could be a launch of hot new game. The following factors can help determine and influence the peak season for various industries:

  • Location: The different countries in which a merchant’s business operates.
  • Sector: The industry or the sector in which the vendor sells their products.
  • Product offering: Range of products a merchant offers and how these merchants entice different age groups. For instance, the gaming sector may attract people across all age groups for a certain title, whereas an educational merchant may target a highly-specific age demographic.
  • Seasonality: This plays a vital role, and may vary depending on the area. Planning goes into actions based on the trend and seasonality.
  • Marketing strategies: Not only what a merchant sells, but how many people know about it. Marketing strategy creates awareness.
  • Promotional events: Upcoming offers or sale events, and related inventory.


Crucial fraud strategy considerations before diving into peak

One of the steps that organizations must take when planning strategies for the peak season is deciding on whether to add additional staff to review orders, to rely more heavily on automated processes and tools to auto-decision orders, or utilize third-party vendors for manual reviews.

Though manual reviews may potentially be more accurate, the time and money spent on them is very high compared to that of automated jobs. It may take an analyst several hours to perform manual reviews, whereas the same tasks can be automated and performed in seconds. It goes without saying that automated jobs are faster, more efficient and cheaper than hiring additional resources, yet one shouldn’t ignore that the strategies created for the jobs must be well sorted and created in advance to avoid last minute hassles.

Peak season is not only about decisioning orders or maintaining the review rate when transaction volumes start to spike; every organization needs to ensure that certain checks are performed well before peak begins. Here are some of the parameters that should be considered, in some cases many months before peak season:

  • System capabilities for increased traffic: During peak processing, volumes are expected to spike. It is imperative that the system (hardware and software) functions as anticipated. For instance, in India, during a big online sale event in 2016, a renowned retailer experienced a surge of eCommerce traffic on its biggest day for online sales. The unprecedented influx of visitors on the website was a wonderful opportunity to build customer faith, but instead led to a less-than-stellar shopping experience. Ensuring the services are working properly – through testing – is a key factor.
  • Learning from the past mistakes: Going back retrospectively and determining what worked during prior peak period (versus what didn’t), ensuring steps are taken to overcome previous shortcoming and then taking appropriate actions.
  • Keeping an eye on traffic and customer behavior: Proactively monitoring incoming traffic to identify changes in consumer behaviors is essential, and strategies should be tweaked accordingly.
  • Prepare for fraudsters: It is important to understand that major sales events will not only lead to an increase in sales conversion, but also the fraud attempts that come along with it.
  • Focus on specific products and targeted strategies around high fraud areas: Making a list of high fraud products based on high dollar value or high resale, and creating strategies focused on mitigating risks.


Setting fraud strategies for success

This is an area which requires the utmost care and foresight, as fraudsters are getting more professional, organized and persistent.

When planning to fight fraud it’s crucial to take into consideration these factors:

  • Maintaining positive/negative lists: One of the foremost strategies should be creating a negative list to outright deny consumers that have been associated with multiple fraudulent chargebacks in the past. To avoid consumer insults, equal priority should be given to create a positive list to bypass consumers with good history.
  • Positive profiling: This is about looking at certain data fields like email, phone and card; analyzing them to determine the spending patterns of the user, and creating profiles based on behaviors, time on file, and other attributes associated with a good consumer. The feature, when utilized efficiently, greatly helps to capture fraud and minimize disruption and potential insult to consumers. The difference between profiling and positive/negative list is that a list is created in a database, which needs to be manually updated from time to time, whereas positive profiling is a feature that once enabled generates history and updates itself.
  • Combining distinctive features: There are a lot of distinctive features that are best utilized when combined with other features, rather than used individually. For instance, AVS response alone would not be a good basis for decisioning orders; however, when it is combined with the field values like CVV, or bill shipping address match, it is a much stronger field. Similarly, features like address manipulation and email manipulation are the features where fraudsters make slight changes to the field values so they can place multiple orders. By creating manipulation strategies, combined with features like IP geolocation, device ID further augments these strategies.

It goes without saying that these strategies vary widely depending on industry. In the travel industry, for example, the most important feature would be to calculate the distance from where the ticket is booked. If a concert is in New Jersey and the person booking it is from Los Angeles (on the same day as the event), there is a high likelihood this could end up being fraudulent. Similarly, for virtual gift card, it is important to ensure elements such as email address both for sender as well as the recipient, the history associated around both email domains, gift message, as well as the dollar amount.

All in all, based on the industry and data analysis, utilizing different elements and technologies such as IP geolocation, positive profiling, lists maintenance, device intelligence, 3D Secure, biometric analysis, manipulation strategies, AVS, IP, and device ID are imperative to ensure that customer friction is minimized.


After peak is before peak

Planning for the next peak season starts now. Fraudsters are becoming more educated on fraud prevention models and fraud attempts are becoming more sophisticated. Fraudsters look forward to peak season just as merchants do. Without proper preparation, and without the right tools in place, fraudsters can more easily disguise their activity on peak days – so merchants need to ensure that they take all the necessary precautions to ensure that they are ready for peak. Having a robust fraud solution in place to help ensure customer satisfaction, minimize customer friction, reduce fraud losses, and increase good sales is essential.

Merchants must opt for enhanced and streamlined fraud detection and prevention technology to stop peak season fraud. A multi-layered approach is one of the best ways merchants can be prepared to resist fraud attacks.


Can you tell good customers from fraudsters? Register for our webinar “The Power of Positive Profiling” on Tuesday, February 12, 2019 to find out how to use consortium data intelligently in the fight against fraud.

Risk Analyst

Radha Chawla works with ACI's eCommerce merchant customers to mitigate and manage fraud, ensuring risk strategies are performing well and continuously assessing to reflect industry changes and reduce clients' potential losses. Radha uses statistical analysis to identify and quantify fraud trends, implement new risk management metrics utilizing a range of tools, and monitors risk strategies.