We’re past the crisis stage this year. Or at least we’re past the point of still thinking about the situation as a crisis. It’s now the new normal.
Dealing with the immediate consequences of COVID-19 was extremely challenging for many fraud prevention professionals. The shifts in technologies, buyer behaviors and priorities were so dramatic that some still feel that they’re running just to catch up.
But the truth is, there’s now a different challenge in front of us. We need a fraud prevention approach that works in the new normal — for as long as that lasts. We can’t afford to remain reactive, putting out fires wherever they sprout next. It’s time for a strategy that fits the time we’re in.
The Two Parts of the Problem
Looking at the challenges we’ve faced this year, there are two broad categories of problems that stand out to me.
Firstly there’s the technological aspect; our normal ways of working and the tools we typically use didn’t keep up very well with the upheaval.
Secondly there’s the fact that new buyer behaviors have emerged, or emerging ones were solidified. We need to work out ways of dealing with threats that are either novel, or that have only recently become serious enough to justify the time and effort required to stop them.
I think the solutions to these two issues are related, but different.
The Tech Problem
Machine learning and AI have become central components of most fraud-fighting systems. Yet many found that this technology became less reliable in the crisis; like other anomaly detection, it works on the assumption that the present is much like the past. Right now, it’s not, and it changes fast.
Retraining the AI is not a solution at this time, as the behavior keeps changing and no new baseline exists.
Rules engines face a similar problem; your fraud team adds rules to the system based on what they’ve seen happen in the past. When patterns change quickly, the rules can’t keep up. Moreover, maintenance takes time and effort that many fraud prevention teams don’t have right now, and old rules can become counterproductive, failing to catch fraud while increasing friction and false positives unnecessarily.
Teams tried to limit the damage with methods that were easily at hand — increasing manual reviews, trying to add new rules, adding more friction than usual, etc. While those approaches are excellent short-term responses, they come at a cost in approval rates, user experience and losses.
We are now at the point where we all need strategies for the long term.
Mitigating the Tech Problem
Although this is a technical issue, the solution isn’t as simple as adding a new integration with a new tech tool. Rather, a difference in approach is required. Fraud teams need to stop focusing on transactions.
This sounds counterintuitive, because transactions are where the money is and can be lost. But limiting your focus there leads to a blinkered perspective that won’t work for you now.
Firstly, shift from transactions to an understanding of identities. Don’t ask if this credit card is good or bad; ask if this person is authorized to use it. Who are they? Can they be trusted? What other activity have they had on your site? If you can work together with other businesses so you can build trust based on your shared consensus, even better. There are providerless options you can use to do that without sharing personal user data.
Secondly, make sure you’re including the entire customer journey in your understanding of the identity. Don’t wait to stop fraudsters at checkout — make sure you get them at the door. It’s much easier to identify them there, and you can reduce friction for good users at the same time. Collaboration with other fraud teams is valuable here too, so you can flag known fraudsters faster.
The Problem of Evolving Fraud
The second problem fraud prevention teams face in the current situation is that buyers have developed behaviors that make sense in the context of coronavirus, but make fighting fraud much harder.
For instance, signing for packages, which used to be standard practice, is now rare. BOPIS purchases have skyrocketed, alongside curbside pickup. These trends and others like them feel safer for consumers at the moment, and businesses want to facilitate them — but they also make life easier for fraudsters.
Moreover, most online merchants have never considered, never mind built systems that can manage these risks. They’re new risks.
In a related development, friendly fraud has spiked for many businesses. Consumers in distressingly precarious financial positions are stuck at home looking for distractions. Refund fraud in particular has shot up, with professional refund fraudsters working at scale on behalf of ordinary customers.
Mitigating the Problem of Evolving Fraud
Many of these challenges reflect the fact that the work of a fraud team now touches, and is impacted by, so many other parts of the business. It’s not practical to work in silos anymore.
If you aren’t in touch with your customer service team, you might not even be aware that you’re being hit by refund fraud. Delivery and curbside pickup colleagues have vital information you need to know about.
Your response needs to be joined up as well. Many of these problems can only be solved if you work out ways to work together with other departments, sharing information and trends, defining safe user experiences and working together to find solutions.
Reaching out to fraud-fighting peers in other companies is valuable too. For example, serial refunders are probably hitting other businesses. Collaboration can enable you to stop them cold much earlier on.
You’ll want to be careful about privacy features in these collaborations, since personal data belonging to normal customers may be involved. It’s sensible to leverage Privacy Enhancing Techniques and the providerless trend to pool information without sharing the data outside your organization at all.
Tools or solutions that are part of this shift will enable you to exchange knowledge and trust with other companies without sharing any personal user data. In this way you can avoid legal, privacy or competitive resistance to collaboration outside the company.
Different Times Call for Different Measures
The crisis this year hit us all out of the blue. Fraud fighters had to make do with what they had at hand to manage as well as they could when the storm of change blew in.
Now, though, it’s time to take stock, analyze the shifts and trends in your own company and users, and adapt accordingly for the future.
A move to an identity-focused perspective, collaboration with fraud-fighting teams at other companies and investing in working relationships within your own company will all benefit your team in the long run as well as ease the pressures of the moment.