Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Other
We had the privilege of having lunch with fraud professionals from the biggest UK retailers to talk about fraud trends they're seeing and swap tactics for keeping the bad guys out.
Share this article:
We were privileged to host a roundtable at St John in Clerkenwell with some of the leading names in UK (and global) ecommerce. We had Argos, ASOS, Deliveroo, JDSports, Lego, and Waitrose in attendance who, between them, represent over a billion yearly transactions - all of which need to be assessed for fraud - a daunting task. The discussion, as always with our roundtables, was under the Chatham House Rule allowing for free and open conversation.
The conversation began with some observations on the nature of fraud in the last 12 months - read more about this here. I suggested that perhaps the nature of fraud was not changing particularly but that there was simply much more of it. I was wrong. The participants all agreed that not only was there more fraud but also that the fraudulent attacks were more sophisticated. Better, easier-to-use tools were increasingly becoming available to fraudsters. The bots used in brute force and other attacks were becoming harder to spot. The challenge for fraud teams therefore was not simply one of scale but also one of knowledge. Recognising and developing tactics to deflect fraud was a growing challenge.
Aligned with the technology, the demographics of fraud was also shifting. First party fraud - where someone decides to charge back something they bought - was growing. This was at least partly and maybe mostly because of the ease with which the crime can be committed. Banks are making it so easy to instigate a chargeback that is it almost tempting people into having a try. Third party fraud is also growing. The stigma of using compromised details is diminishing so the crime is spreading into new demographics. Clearly there is a long road ahead to defeating this crime.
Most of the table felt that a low to zero tolerance level was required by merchants themselves towards people who attempted either. For instance, someone tries multiple cards that fail and then uses his or her own legitimate card as a last resort to purchase goods. This order should still be declined and the the user blocked even though it is technically legitimate since the user has shown a clear propensity to defraud.
The changing nature and complexity of the fraud threat is a clear challenge for the analyst teams. It was brought up that expecting one person to be able analyse all the data of any order in a timely way is not sensible when there are machines that can process the data in milliseconds. There was general consensus that simply growing teams to meet a growing threat only made sense if the tools they used got smarter too.
The conversation turned to the twin challenges of GDPR and PSD2. For GDPR there was a feeling that the legitimate use exemption for fraud detection was in theory a good thing. However, people were less sure about how it would stand up to test cases. There was a general fear of GDPR becoming the next PPI industry with thousands of time-wasting cases brought forward by unscrupulous firms. Most of the people at the table felt their data compliance teams were preparing as well as they could for the new legislation however.
The picture for PSD2 was less clear. It was expressed that many parts of the legislations had yet to be decided, so trying to plan for compliance was a little like trying to catch smoke. Many of the elements made sense and indeed if well-implemented could have great benefits in combating fraud. But the law of unintended consequences could mean opening up a whole new vector to fraud.
The meal broke up with an intention on all sides to continue the conversations. The sharing of new approaches, especially with regard to making more of the data we have available seemed a sensible route to explore. In general the immediate feedback was that it is always time well spent to hear from fellow practitioners and understand the shared threat being faced.
We host these events regularly, usually in central London. If you think you could benefit from joining please contact me at gerry dot carr at ravelin dot com.
To learn more about online payment fraud visit our insights page.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?