Data security and fraud have become top-of-mind for retailers of all sizes and across all categories.
As e-Commerce traffic and sales continue to rise, retailers must take the proper measures to prevent fraud. Below, Eido Gal, CEO and Co-Founder of Riskified, delves into the current security landscape, and how retailers can effectively protect themselves from fraud without risking potential sales.
Retail TouchPoints (RTP): How is fraud and/or data security impacting retail businesses across categories?
Advertisement
Gal: Data security and fraud has and always will be a major issue for both online and offline merchants, but 2014 really showed retailers how vulnerable and unprepared they are for massive attacks.
The seeming ease with which hackers were able to penetrate some of the largest U.S. retailers is a clear indicator that a) more fraud is on the way; and b) greater investments need to be made in fraud detection and prevention technologies. Similarly, greater attention must be paid to who has access to the retailer’s network, what data is vulnerable, how exposed are they legally and financially to a breach, what is the plan to prevent fraud and what is the plan in the event of a breach.
As for categories and size, the reality is all merchants can be targets of fraud. Since fraudsters typically don’t keep the stolen merchandise to themselves — rather they sell it for a profit — they focus on goods that are easy to sell for close to the original price. Some of the most common verticals fraudsters attack include luxury goods and fashion, digital goods (e.g. tickets, gift cards), and electronics. At Riskified, we also see many less-obvious categories targeted by fraudsters, such as sneakers and — believe it or not — hair extensions. Naturally, fraudsters will seek the largest, most lucrative targets first, but eventually they will move downstream as security improves among the larger merchants.
RTP: How will fear of fraud impact retailers’ holiday results?
Gal: With more than 100 million accounts compromised since the Target breach, merchants — especially online merchants that deal with CNP transactions — are very worried about fraud, so they’re increasing their fraud thresholds to better protect themselves. During the holidays, merchants are overworked and understaffed. Fear of fraud and the need to reach decisions quickly often lead to high decline rates during peak times — which negatively impacts sales and revenue growth and customer satisfaction.
To quantify, our data shows that on Black Friday online fashion retailers made 10 times the revenue of an average day. Within the Riskified community, I’m happy to report that fraud on entry levels remained consistent and decline rates did not increase this season. This is likely due to the fact that the holidays are the biggest shopping season for everyone, including many legitimate, returning customers. The real problem is retailers will only know the actual impact of decisions made during the holiday season two to three months from now, when all chargebacks are reported.
RTP: Why do the holidays specifically amplify retailers’ fear of fraud and why does it lead to such loss?
Gal: When analyzing online transactions, any combination of high volume of purchases, cross-border transactions, expedited shipping, billing and shipping address mismatches, or a generic email address could indicate potential fraud. But during the holidays it could simply mean someone traveling overseas is buying gifts for her family from the hotel lobby computer, using her yahoo address and a different credit card, and having them shipped to her parent’s house for the family celebration upon her return. But how are retailers supposed to know the difference?
They have two choices: They could chase the revenue by assigning someone to manually review the purchase data and details — including possibly tracking down the customer for confirmation — which increases costs and slows down the order confirmation; or they can deem it too a risky transaction and decline it — thus protecting themselves at the expense of lost revenue and customer dissatisfaction.
Now layer on top of that the millions of stolen credit cards flooding the market and you can see why the fear of fraud is a very tangible fear.
RTP: Why are retailers challenged to determine the difference between “good” and fraudulent transactions?
Gal: Most fraud prevention systems are based on static rules or risk “scores.” For merchants using such systems, orders placed using a proxy, with unavailable Address Verification System (AVS) information, or with a billing-shipping address mismatch, will likely receive a high-risk score and will often be rejected. In fact, there are many legitimate explanations for mismatches, unavailable information and use of proxies. We often see fraudulent transactions with full AVS match and legitimate transactions with AVS mismatch. This makes it hard to distinguish between fraudulent and legitimate transactions. Our data indicates that 66% or more declined transactions are actually legitimate.
Due to the heavy volume of transactions, merchants have to rely on technology to filter out the good from the bad. But even the most sophisticated technology has a hard time discerning human behaviors and intent. Therefore merchants resort to a team of risk fraud specialists to analyze orders manually – which amounts to an average 27% of total orders, according to the MRC Global Fraud Survey. But, we’re only human — we move slow, we make mistakes.
To make things worse, even when merchants do everything right, there is always the risk of friendly-fraud, where — for one reason or another — a customer claims they did not authorize a transaction that they actually placed. According the MRC’s 2014 Global Fraud Survey, on average, e-Commerce merchants estimate 28% of the total revenue loss due to fraud is “friendly fraud.”
Also, many retailers don’t know how to properly review international orders, and reject non-domestic orders due to fear of fraud. Across the Riskified community, the average cross-border order is worth 3.5 times more than the average domestic order. PayPal has reported similar numbers, all demonstrating that merchants who reject cross-border transactions are leaving a lot of money on the table. While it is challenging to optimize your store for international shoppers, taking the time to identify your key markets and investing in tools that allow you to confidently accept cross-border orders can boost merchant’s revenue significantly.
RTP: What tools, tactics and solutions should be implemented to tackle this challenge?
Gal: There are several steps retailers can take to prevent fraud and avoid losses due to fear of fraud over the holiday season. Merchants must ensure they are properly staffed to handle the spike in incoming orders, update their models- or rules-based system to reflect unique holiday shopping characteristics and analyze previous orders to improve their performance going forward. In fact, we put together a quick guide to help merchants prepare their fraud prevention operations for the busy sales season.
RTP: Do you have any final best practices for how retailers can recover lost revenue opportunities during the holiday season and beyond?
Gal: Riskified works with merchants across many categories, including fashion and apparel (Ssense), electronics (Leica Camera), digital goods (giftcard.com, GAWminer), ticketing (viagogo & ticket evolution) and travel (Skypicker), among others. The following tips for recording lost revenue opportunities apply to merchants in all these categories:
- Don’t auto decline: For every incoming order, retailers need to decide whether to accept or decline the transaction. One pitfall many retailers make is relying on systems that automatically reject orders based on certain rules or criteria. Declining an order automatically, without human supervision, could easily lead to a situation where legitimate customers are turned away. For example, after incurring a chargeback for an order shipped to a certain address, a merchant might add the address to a blacklist. But if the address is an apartment building, the blacklist could block legitimate orders as well. Since turning away good customers will negatively impact their long-term goodwill and your bottom line, be sure to avoid auto declining transactions. If you’re not responsible for risk management, check with the e-Commerce Operations Director or with your organization’s Fraud Manager and make sure you are not automatically declining orders.
If an order is declined, have analysts note a detailed reason and communicate it to customer service in case they field a customer inquiry. Often times, a declined transaction can be approved with just a few additional pieces of information gathered by a customer service rep.
- Make your technology smarter: As I said, it can be difficult for a machine to interpret human behavior, but there are clues to help your systems distinguish friend from fraudster. For instance, fraudsters would never use a promo code, compare product features, read the return policy or come to your site via a digital marketing campaign. Those are the patterns of legitimate shoppers.
You can also adjust your existing fraud models to reflect the unique characteristics of holiday shoppers that I mentioned before.
- Improve the efficiency and accuracy of the manual review process: Give your risk/fraud analysts homework in order to train them to review cases as quickly and accurately as possible. Have them analyze past orders that had long approval times to identify the hold-up and determine what data or tools were used to eventually approve the transaction. This will speed up the process of manual reviews.
During the holidays, you may see an increase in international orders as non-domestic customers take advantage of U.S. sales. To better handle these orders, familiarize yourself with local data sources in these markets, such as social media networks, white pages, etc., and use them to check the identity of the buyer. To identify potential weak points, segment past international transactions and fraud-related chargebacks by country or region and make sure your analysts are aware of them when reviewing international orders.