According to a 2018 report, retailers who earned over $50 million in annual sales lost 2.10% of their annual revenue to fraud.1 While organized fraud rings have developed increasingly sophisticated methods to steal customer data and commit chargeback fraud, most ecommerce fraud prevention best practices have failed to evolve to detect and prevent fraudsters fast enough to mitigate revenue loss.
To accurately detect and prevent fraud as it happens, retailers must embrace more sophisticated ecommerce fraud prevention strategies that survey thousands of customer data points in real-time, accurately differentiate between customers and fraudsters, and accelerate manual review time. Included below are three best practices that empower retailers to prevent fraud and maximize revenue.
Ecommerce Fraud Prevention Best Practices for Enterprise Retailers
1. Create Comprehensive Customer Profiles
Every time a customer logs in to an ecommerce platform they leave behind traces of their digital identity and their personal identity. Personal identity includes information manually submitted by the customer to the retailer: their username, password, name, address, date of birth, and phone number are all common forms of authentication.
Beyond their personal identity, the platform also gathers information about the customer’s digital activity. Digital identity includes the customer’s IP address, devices they use, geolocation, and type of device.
To build comprehensive profiles, retailers have turned to behavioral analytics, device intelligence, and machine learning to review a customer’s digital and personal identity data in real-time. Pairing a customer’s digital identity with their personal identity results in a comprehensive customer profile that helps retailers accurately identify warning signs of fraud.
2. Define and Identify Warning Signs of Fraud
Cross-referencing a customer’s digital identity with their personal identity empowers retail security teams to identify inconsistencies in account activity indicative of fraud. Common warning signs of fraud include:
- Card Testing Fraud – Card testing fraud occurs when fraudsters make small fraudulent purchases on an ecommerce site to verify stolen credit card details. Small orders help fraudsters avoid the retailer’s fraud detection solution and ensure their stolen payment information is correct before they make larger purchases. Small transactions made in quick succession with a high rate of authorization failures or card verification value are indicative of card testing fraud. To prevent card testing fraud, retailers should enforce CVV and AVS checks, and flag orders that do
not match a customer’s typical geolocation or online order behavior.
- Payment Fraud – Fraudsters commit payment fraud when they make purchases with a stolen credit card. Payment fraud typically results in fraud chargebacks for enterprise retailers. To prevent fraud chargebacks, retailers can flag suspicious activity by looking at various data points. Excessive distance between a customer’s shipping address, billing address and IP address, high value and high demand items being purchased, and payment attributes are all valuable points to survey.
- Chargeback/Friendly Fraud – Friendly fraud occurs when a customer makes an online purchase and disputes the order. To identify friendly fraud, cross-reference the customer’s dispute with the customer’s order history, shipping information, and refund policy. Retailers can prevent friendly fraud with custom rules that flag repeat order disputes linked to the same email, phone number, card number, or shipping address.
- Promo Abuse – To take advantage of retail promotions, fraudsters create fake accounts or execute account takeovers to steal gifts and discounts. There are two primary methods that retailers can use to stop instances of promo abuse. Retailers can prevent account creation from the same device and IP address. Or retailers can survey new accounts for suspicious behavior via behavioral analytics and require suspicious accounts to verify their identity before the fraudster claims a promotion.
Card testing fraud, friendly fraud, and promo abuse are all common obstacles for large retailers. By surveying massive amounts of customer data, and setting up custom rules and models, retail enterprises are able to cross-reference typical account activity and identify fraudulent activity before it occurs.
3. Layer Fraud Prevention and Detection Protocols
To implement a comprehensive fraud management strategy, security teams should layer their fraud management technologies. A layered fraud technology stack learns and adapts to new trends in fraudulent behavior, identifies and prevents fraud in real-time, and reduces the need for manual review. The recommended requirements for an enterprise retailer are:
- Rules Engine – A rules engine represents the fundamental building block for retail fraud prevention and detection. Security teams create custom rules to flag suspicious activity, such as a higher than normal of orders from the same IP address. Rules are a minimum requirement for retailers and require additional technical support to survey the vast amount of digital collected by larger retailers.
- 3rd Party Data Services – In some instances, internal data may not be sufficient enough to identify fraudulent activity. Third-party data such as email information, or IP geolocation data provides retailers with an additional layer of data to differentiate good customers from fraudsters.
- Device Intelligence – Device intelligence, or device fingerprinting, reviews key device data such as a customer’s typical device type, connection, and when they typically access the retailer’s website. Collecting device data helps retailers
immediately identify returning customers and mitigate acts of fraud.
- Behavioral Data – Behavioral analytics can survey a customer’s visitation patterns, time on page, and items of interest. Behavioral data helps create a more robust digital identity for customers that security teams can use to write improved rules and models that drastically reduce instances of false positives and streamlines the approval process.
- Machine Learning – Machine learning algorithms reduce the need for manual review and naturally evolve to prevent and detect fraudulent activity. As machine learning has matured it has replaced rules engines as the primary decision point. While rules engines survey a limited data set, machine learning can survey massive amounts of data in real-time, which empowers security teams accurately differentiate between good customers and fraudsters.
By surveying customer data in real-time and identifying inconsistencies in customer behavior, security teams no longer need to manually sort through all customer data. Instead, security teams can focus on targeted instances of fraud that have been marked for manual review, document fraudulent activity, and establish custom rules to flag fraudulent transactions.
Comprehensive customer profiles, clear definitions of fraudulent behavior, and layered fraud prevention help retail enterprises accurately detect and prevent ecommerce fraud. Accurate detection mitigates the amount of revenue lost due to chargebacks, shipping fraud, and friendly fraud reduces customer frustration and foils fraudsters.