It was again our pleasure to host the latest of our fraud roundtables in the Quality Chop House in Clerkenwell, London. This time, we were joined by our clients Glen and Corey from eShopworld as well as Peter from Asos, Rebecca from FeelUnique, Richard of JD Sports and Richard of Matches Fashion. Philip who until recently was CFO at Deliveroo, another Ravelin client, was also present. From Ravelin I was joined by Mairtin O’Riada and Martin Sweeney, CIO and CEO of Ravelin respectively.
We started the discussion with a consideration of how fraud and risk management was changing. A common thread was that the range and variety of risks were increasing. The core of payment card fraud was still there of course, but added to that were account takeovers (ATO), data hacks, credential stuffing and ever more elaborate friendly fraud and returns abuse. All of the attendees shipped highly desired goods, and some were seeing a growing trend of people returning counterfeit goods for a refund.
All of these emerging threats are as much a risk to the reputation of the businesses as to the finances. And this is a relatively new phenomenon. It’s felt that ATO had the double jeopardy of an immediate cost in terms of refunding a customers whose account had been hacked, but then the added risk of losing that customer and that customer sharing their experience on social media. The guests were definite that new solutions were needed both technically and policy-led to manage this in the very near future.
There was an interesting divergence of views on 3D Secure. There was an almost equal split of companies that never use it for any orders, and those companies that use it for every order. It seems that the decision to use it or not is almost an emotional one as the data is hard to generate if you have always used it (or vice versa) - that is, how can you know your drop-off rate if all your transactions have always been 3DS. It’s counterfactual. In any case, 3DS is not a panacea for all ills by any means and and can often generate different types of fraud through its use - in the opinion of some.
Another area of discussion was proving the worth of a fraud team in an organisation. An amusing observation was that when fraud is under control, the exec team asks ‘why do we have a fraud team’. And when fraud is out of control, the exec team asks ‘why do we have a fraud team’. So proving the value is not straightforward.
There was general agreement though that the challenge for the fraud function is that it is seen as part of the growth and revenue story of a company. To help this it was generally agreed that fraud should not be part of the finance team. The reason is that it is will be incorrectly too focused on revenue protection.
The reality is that fraud should be part of allowing the maximal number of good transactions through. To that end it should sit somewhere close to customer care. One person shared that their role is a little like having a devil in each ear, one from finance and another from marketing and their job is to satisfy each master. If either is too happy then there is probably something wrong with the balance.
As the lunch broke up I was reminded again that there is no single strategy for tackling fraud. Around the table there were numerous technologies, techniques and policies in play to mitigate the fraud risk that each company faces. The specifics of the types of fraud each company experience are subtly different. And even those using the same solution, eShopWorld and Deliveroo for instance, apply it in wholly different ways.
What is universally true however is that events like this are are critical part of tackling the shared problem. Sharing experiences and building networks of professionals is equally if not more important than any technical solution. So it is with thanks again to our guests for allowing us to help drive the conversation.
If you think you would like to participate in a future roundtable please do contact me at gerry dot carr at ravelin dot com.