Fraudsters Don’t Wait for Peak, So Neither Should You: 2019 Fraud Strategy Starts Now!
In existence for barely two decades, eCommerce has transformed not only the way we shop, but also how retailers plan and execute their marketing strategies around the peak shopping season. Now that we’re deep into this period, retailers will have prepared for changes in buyer behaviors, relaxed their strategies to be within the limits of manageable review rate, and most important of all, put strategies in place for increased fraud attempts.
Retailers have made commendable progress in the way they fight fraud, but the advancements and the sophistication in merchant fraud is still a major concern. According to Invesp, the eCommerce industry suffered an estimated revenue loss of USD $6.7 billion due to chargebacks in 2016, out of which 71% ($4.8b) was due to friendly/chargeback fraud. Whether it’s highly-polished friendly fraud, sophisticated account takeover or simple manipulation based on address and email, effectively fighting fraud during peak requires time and pre-planning - which I’ll addressing in detail in this post.
Merchants should remember that eCommerce fraud grows nearly twice as fast as sales. Fraud increased 30% in 2017 compared to 2016, while overall eCommerce volumes were up only 16%.
The fraud trend is also clear from our own internal benchmark data:
- In 2017, 1 in every 85 transactions was a fraud attempt
- In 2016, 1 in every 95 transactions was a fraud attempt
- In 2015, 1 in every 109 transactions was a fraud attempt
Factors determining peak season
While different merchants across different sectors (including retail, travel, gaming and telco) experience different spending patterns, KPIs and customer behaviors, one thing they all share is the importance of making the proper adjustments to their fraud strategy going into peak shopping season.
However, the adjustments they make can vary based on the KPI, or based on the model they follow. For instance, Merchant A may want a review rate (manually screening transactions/total number of transactions) below 2%, whereas for Merchant B a review rate anywhere below 5% would be acceptable. It may depend upon the additional staff they have, their volume anticipation, and their products. Many merchants follow a Pass/Fail model that makes it quick to action the orders, without the analyst team having to manually screen thousands of orders. Transactions are denied or accepted based on the strategic rules put in place. Creating diverse and customized rule strategies is essential for merchants when it comes to preparing for peak.
According to the National Retail Federation's (NRF) Consumer Holiday Spending Survey, U.S. celebrations extend from Valentine’s Day to Christmas — with milestones along the way including graduation, “back to school,” Mother’s Day, Father’s Day, Black Friday and Cyber Monday. In other words, ‘peak’ season may be at various times throughout the year for different merchants. For the merchants in the gaming sector, it could be a launch of hot new game. The following factors can help determine and influence the peak season for various industries:
- Location: The different countries in which a merchant’s business operates.
- Sector: The industry or the sector in which the vendor sells their products.
- Product offering: Range of products a merchant offers and how these merchants entice different age groups. For instance, the gaming sector may attract people across all age groups for a certain title, whereas an educational merchant may target a highly-specific age demographic.
- Seasonality: This plays a vital role, and may vary depending on the area. Planning goes into actions based on the trend and seasonality.
- Marketing strategies: Not only what a merchant sells, but how many people know about it. Marketing strategy creates awareness.
- Promotional events: Upcoming offers or sale events, and related inventory.
Crucial fraud strategy considerations before diving into peak
One of the steps that organizations must take when planning strategies for the peak season is deciding on whether to add additional staff to review orders, to rely more heavily on automated processes and tools to auto-decision orders, or utilize third-party vendors for manual reviews.
Though manual reviews may potentially be more accurate, the time and money spent on them is very high compared to that of automated jobs. It may take an analyst several hours to perform manual reviews, whereas the same tasks can be automated and performed in seconds. It goes without saying that automated jobs are faster, more efficient and cheaper than hiring additional resources, yet one shouldn’t ignore that the strategies created for the jobs must be well sorted and created in advance to avoid last minute hassles.
Peak season is not only about decisioning orders or maintaining the review rate when transaction volumes start to spike; every organization needs to ensure that certain checks are performed well before peak begins. Here are some of the parameters that should be considered, in some cases many months before peak season:
- System capabilities for increased traffic: During peak processing, volumes are expected to spike. It is imperative that the system (hardware and software) functions as anticipated. For instance, in India, during a big online sale event in 2016, a renowned retailer experienced a surge of eCommerce traffic on its biggest day for online sales. The unprecedented influx of visitors on the website was a wonderful opportunity to build customer faith, but instead led to a less-than-stellar shopping experience. Ensuring the services are working properly – through testing – is a key factor.
- Learning from the past mistakes: Going back retrospectively and determining what worked during prior peak period (versus what didn’t), ensuring steps are taken to overcome previous shortcoming and then taking appropriate actions.
- Keeping an eye on traffic and customer behavior: Proactively monitoring incoming traffic to identify changes in consumer behaviors is essential, and strategies should be tweaked accordingly.
- Prepare for fraudsters: It is important to understand that major sales events will not only lead to an increase in sales conversion, but also the fraud attempts that come along with it.
- Focus on specific products and targeted strategies around high fraud areas: Making a list of high fraud products based on high dollar value or high resale, and creating strategies focused on mitigating risks.
Setting fraud strategies for success
This is an area which requires the utmost care and foresight, as fraudsters are getting more professional, organized and persistent.
When planning to fight fraud it’s crucial to take into consideration these factors:
- Maintaining positive/negative lists: One of the foremost strategies should be creating a negative list to outright deny consumers that have been associated with multiple fraudulent chargebacks in the past. To avoid consumer insults, equal priority should be given to create a positive list to bypass consumers with good history.
- Positive profiling: This is about looking at certain data fields like email, phone and card; analyzing them to determine the spending patterns of the user, and creating profiles based on behaviors, time on file, and other attributes associated with a good consumer. The feature, when utilized efficiently, greatly helps to capture fraud and minimize disruption and potential insult to consumers. The difference between profiling and positive/negative list is that a list is created in a database, which needs to be manually updated from time to time, whereas positive profiling is a feature that once enabled generates history and updates itself.
- Combining distinctive features: There are a lot of distinctive features that are best utilized when combined with other features, rather than used individually. For instance, AVS response alone would not be a good basis for decisioning orders; however, when it is combined with the field values like CVV, or bill shipping address match, it is a much stronger field. Similarly, features like address manipulation and email manipulation are the features where fraudsters make slight changes to the field values so they can place multiple orders. By creating manipulation strategies, combined with features like IP geolocation, device ID further augments these strategies.
It goes without saying that these strategies vary widely depending on industry. In the travel industry, for example, the most important feature would be to calculate the distance from where the ticket is booked. If a concert is in New Jersey and the person booking it is from Los Angeles (on the same day as the event), there is a high likelihood this could end up being fraudulent. Similarly, for virtual gift card, it is important to ensure elements such as email address both for sender as well as the recipient, the history associated around both email domains, gift message, as well as the dollar amount.
All in all, based on the industry and data analysis, utilizing different elements and technologies such as IP geolocation, positive profiling, lists maintenance, device intelligence, 3D Secure, biometric analysis, manipulation strategies, AVS, IP, and device ID are imperative to ensure that customer friction is minimized.
After peak is before peak
Planning for the next peak season starts now. Fraudsters are becoming more educated on fraud prevention models and fraud attempts are becoming more sophisticated. Fraudsters look forward to peak season just as merchants do. Without proper preparation, and without the right tools in place, fraudsters can more easily disguise their activity on peak days – so merchants need to ensure that they take all the necessary precautions to ensure that they are ready for peak. Having a robust fraud solution in place to help ensure customer satisfaction, minimize customer friction, reduce fraud losses, and increase good sales is essential.
Merchants must opt for enhanced and streamlined fraud detection and prevention technology to stop peak season fraud. A multi-layered approach is one of the best ways merchants can be prepared to resist fraud attacks.
Our merchant payments and fraud prevention experts will be at NRF 2019 Retail’s Big Show (Jan 13-15, New York City) to share insights into preparing an integrated payments and fraud strategy.
Related Blog Posts
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
Dedicated Followers of Fintech: Why Transaction Banking Never Goes Out of Fashion
Taking part in a panel at a recent corporate treasury conference, I was introduced as a ‘consumer payments expert’ – not an obvious qualification for sharing stage-time with serious corporate liquidity and cash management folk, but as the talk track was on mobile wallets and Open Banking, I had some reasonably safe and relevant content on which to fall back.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
Can Corporate Banking be as Easy as Ordering Pizza?
ACI recently hosted Greenwich Associates on a webinar to discuss corporate banking. While not a topic that would usually make attendees salivate, the discussion turned toward ordering pizza (maybe, because it was close to lunchtime) and Greenwich highlighted how corporate banking should be as easy as ordering pizza.
Modernizing Cross-Border Transfers with SWIFT gpi
The customer experience for domestic payments – retail and corporate – has recently undergone a complete transformation. There’s still plenty more that could be achieved, but the advent of real-time payments in combination with open APIs has seen the launch of Request for Payment services and direct eCommerce instant payments in the UK and Europe. And it’s not just the PSD2 push in Europe that’s driving change – in the U.S., Zelle is moving beyond standalone P2P payments to become an integrated part of the retail banking app experience, as well as being included in new kinds of corporate disbursements.
Instant + Open Payments = A Winning Combination
I recently joined a panel discussion at EBAday 2018, alongside representatives from across the payments ecosystem, and the clear consensus was that real-time payments will be the new normal. This was evidenced by some of the interactive polls carried out.
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.
How the Merchant Payment Ecosystem Can Create Value in Instant Payments
Recently, ACI conducted some research into the appetite to make use of instant payments among corporates. The results were overwhelmingly favorable, but when we think about the benefits of immediate payments for corporates, it does seem obvious that they would want to leverage this new payment type.
Real-Time Payments Will be Europe’s Most Dominant Payments System – Are You Ready to Realize the Full Value?
Since the launch of the SCT Inst rulebook in November 2017, many more banks are live and offering real-time payments to their customers, with most of the rest committed to 2018. The buzzword at the recent ECB #TIPSapp Event in Frankfurt was ‘Interoperability,’ or as my friend José Beltrán from STET would say, ‘Reachability.’ No-one expressed this more clearly on February 6th than Javier Santamaria, President of the European Payments Council, when he reiterated his message from Il Salone Dei Pagamenti, the day after the SEPA launch; "We have launched the Pan-EU scheme, now it is up to you in the audience and beyond to take advantage of it and make it work."