When you’re in a store, there are plenty of signs that shoppers might be trying to rip you off — what they’re wearing, their behavior while walking through a store, or the time they spend in a dressing room.
While visual indicators are always good tools to help you identify fraudsters in the store, what happens when you don’t have access to those physical cues? It used to be that retailers didn’t have any insight to fraudsters’ identities when shopping online. But with the advance of new technology and solutions, there are now more opportunities to obtain data that you can leverage to identify and combat fraud. These insights mean you can create profiles for your shoppers in order to make better informed risk decisions.
The struggle, however, lies in finding the right balance for your fraud protection so you’re not blocking legitimate transactions while still effectively keeping out fraudsters. With data-driven risk tools and a smart payments strategy, you can walk that line between the two with confidence.
Identify Your Fraudsters
Spotting fraudsters online is increasingly complex. These days, you can’t rely just on a device ID or IP address to tell you who is behind a purchase; you actually need a lot of information to correctly identify your shopper. You can use identifying information on transactions — such as card numbers, digital fingerprinting, email addresses, timestamps, IP addresses and industry-specific data points — to build a 360-degree view of the behavior of both fraudsters and your legitimate shoppers.
For instance, if you see an email address associated with 50 different credit cards, then it’s likely a fraudster. While none of these attributes is a silver bullet in and of itself, you can use them together intelligently to track transactions across devices, networks and online personas, to reach a point where you can identify and block fraudulent transactions while allowing the real ones to go through.
Apply 3-D Secure Dynamically
While the card schemes have various names for 3-D Secure, the concept is the same: it’s an extra security step for online credit and debit card transactions that verifies the shopper’s identification. U.S. retailers look at 3-D Secure as a conversion killer (it interrupts the payment flow by redirecting shoppers to an external site) and thus take an all-or-nothing approach in using it.
We know from our experience, however, that 3-D Secure in other markets is not only a great risk management tool, but it also increases conversions. Shoppers in countries where 3-D Secure is viewed positively, for example the U.K., expect to see the extra authentication step and don’t trust sites without it. Because of this, global retailers need to be more open to using 3-D Secure in markets where it makes sense.
Many factors impact the success of 3-D Secure: the card type, order amount, day or time of the order placed, risk score, the shopper or issuing bank country, to name some. Because of this, and because each business is unique, retailers should take a dynamic approach to 3-D Secure that allows them to decide when to apply the additional security layer and when not to.
By assessing the factors that are most risky for your business, you can identify which transactions should be routed through 3-D Secure. One global e-Commerce company took a rules-based approach to 3-D Secure, applied it selectively to transactions based on risk scores and other card characteristics, and realized revenue gains of nearly $2.5 million over three years as a result.
Check with your payments provider on whether this is an option; the more data-centric providers, such as Adyen, provide this for all customers. Dynamic 3-D Secure takes the guesswork out of the system, boosts authorizations without damaging conversions, and ultimately results in more revenue.
Spot Suspicious Checkout Behavior
Just like shoppers who seem overly nervous or constantly pick up random items with no interest, fraudsters exhibit suspicious behavior you can identify too. When it comes to detecting bot attacks, hyper-specific behavioral tracking during checkout is your best bet. Whether it’s keystrokes, mouse behavior or speed of interactions, there are specific factors that point to whether your “shopper” is a human or an automated system.
Understanding and identifying these factors means you can detect “card testing” and other high-velocity attack methods that fraudsters use, and can block them while allowing your legitimate shoppers to continue to shop — even if they check out as a guest or alter their behavior. You can even go so far as to isolate bots into a fake checkout, wasting fraudster’s time and resources, and encouraging them to quickly move off of your site.
Continuously Monitor And Adapt
Keep in mind that as you expand to new markets and roll out new products, what works today may not necessarily work tomorrow. Data is your friend when it comes to managing your risk and fighting fraud. With data you’ve collected, you can adjust your risk settings according to trends, based on legitimate and fraudulent transaction information. Fraudsters are continuously trying to beat the system and this means you need to consistently monitor and adjust to identify and combat new potential risks.
Managing your approach to fraud will always be a fine balance between too much and too little. Like visual tools that have helped loss prevention in stores, data and risk management methods are imperative to your fraud identification and prevention online. By using these tools intelligently, you can see an increase in authorizations, a decrease in chargebacks — and ultimately more revenue.
Tommy Bush is the SVP of Business Development at global payments technology company Adyen. An expert in global payments, he has worked with the world’s leading international retail brands and technology companies to implement payments systems across all channels and countries. Bush has years of experience working in the payments industry, and was instrumental in growing Adyen’s footprint in the U.S. He is currently based in New York, where he continues to lead Adyen’s retail business development efforts.