Fraud protection: how it can underpin growth for online merchants

Fraudsters want the same things we all do; highly desirable goods and services that make our lives easier, more pleasant or more productive. They might put a higher value on re-sellability of the items but the very same marketing that pulls us in as consumers pulls in the fraudster too - read more about this here.

At Ravelin, one of the first signals we see that means we can expect a conversation with a prospective client to happen soon is when we see a new advertising push on the underground. For our existing clients when we see a new ad campaign it’s a warning to expect some increased activity in their accounts. As we’ve grown with our customers we now get a heads-up when a significant campaign or expansion is planned.

It is an axiom now that increased marketing spend drives an increase in transaction volume and a consequent increase in fraudulent attempts. However, the actual fraud attempts increase disproportionately to the transaction volume. And the successful fraudulent orders during a campaign push are larger, often much larger, than an average order size. This combination means an online business is at significantly increased risk during a marketing drive.We’ll explore why this is and what can be done to address it.

So why does marketing drive fraud at a higher rate than legitimate transactions? Why do companies lose more to fraud disproportionately during marketing campaigns?

We can determine from the data and in conversation with client fraud teams that:

• fraudsters are reminded the service or product exists. As with the rest of us, a successful campaign reminds them that the target is there. Fraudsters are highly consumerist either for their own purposes or for resale, so are more likely to respond to marketing signals than the average consumer.

• fraudsters spend more and spend more often. After all, they are not actually paying for the goods so the economic restrictions of a normal buyer are not there. They are only restricted by the goal of not drawing attention to themselves. So any loss is likely to be exaggerated.

• a campaign may increase the resale value for a good that is stolen online. The incentive to go after that brand is consequently increased thus motivating the fraudster.

• a fraudster likes to hide in a crowd. Peak shopping days are easier for fraudster, especially where manual review is in place. They know every order cannot be reviewed so now is the time to move. Higher value orders are also less likely to be flagged when demand is up.

• for established businesses, sales and other marketing activities can remind fraudsters they have sleeper accounts waiting to be used. These sleeper accounts get around rules that many businesses have on new users and represent a golden opportunity to commit a high-value fraud on a business.

• for some new market entrants the level of checks in place are very low in the drive for new users. This is especially concerning for the industry as a whole as it can pull a host of fraudsters back into a market that had otherwise been tightened up.

Time for a reality check

The hard truth is that the initial impact and success of a marketing campaign often ignores the level of fraud that had occurred alongside the growth in new business. That a significant proportion of a campaign's transaction colume and profit was due to fraud is a very bitter pill to swallow and a deeply unpopular conversation to have within a business. No-one wants to spoil the growth party but like many hard conversations, it is a necessary one. So how to best undertake it?

Fraud defence that enables growth

The best practice that we have seen is to include the fraud team at the point of campaign planning. This helps with awareness within the fraud team of course but also the growth team needs to made aware of the risks that they are potentially exposing the business to. If there is a resource restriction in place - that is if there are too few people available to deal with the volumes then there are a number of options which we list in reverse recommendation order:

1. Take the risk and hope for the best

2. Find some external source of analysts

3. Hire more analysts

4. Use a less human-intensive fraud system

1. Take the risk and hope for the best

This option is probably taken more often than companies would like to admit. Chargebacks due to use of stolen payment card take time to filter back in, they take time to attribute and can get lost is the overall reporting picture. So it is possible to kick that can down the road but any sensible business knows it’s impossible to escape the consequences for long.

2 and 3. Find some external source of analysts or hire more analysts

We can bundle these together as they are essentially the same solution. Some businesses may have a standing workforce who are trained in their systems and familiar with their fraud but they are very few. Others can look to the managed services offered by some fraud vendors. This is an eye-wateringly expensive option however and one that never gets cheaper with volume or experience.

4. Remove some inherent risk

There is an opportunity with the right technology to identify and close the bogus and fake accounts that are in a customer database. With the right techniques this is a little easier than many businesses realise. The use of some clever graph-networking it is possible to highlight dormant and never-used accounts which are associated with chargebacks or other fraudulent events.

There is some work to get to the point of being able to do that, but the result is that it cuts off fraudsters at the knees - disabling their precious sleeper accounts and throwing huge productivity hurdles in their path as they now have to create new accounts in addition to adding and testing new payment instruments. Anything that serves to make a business less of a target is an investment worth making.

Use a less human-intensive fraud system

To remove the requirement for more people doing repetitive reviewing work is clearly the best way to align the fraud team with the growth team. This is because an increase in volume does not require an investment in people to ensure the same level of protection for the business.

Machine learning is the go-to technique for this approach and there is a ton of material on Ravelin including this guide as to how it will help. It’s important to note that machine learning is not a replacement for the fraud team itself. Its purpose is to liberate that team from being a bottleneck to expanding the customer base to being part of the conversation about how a business grows faster, more profitably and more sustainably.

Conclusion

Nothing in this should be read as advising against investing in growth. Instead, it is intended as a reality check for online businesses that there is a cost to customer acquisition in the form of fraud, chargebacks and other ill behaviour. We need to recognise and deal with this reality. As an e-commerce industry, we need to bring the fraud function to the growth table. We need to invest in the right tools. We need to align the challenges of the growth functions with but the revenue protection functions and of course with the interests of the customer. Everyone wants a smooth, safe and secure buying experience - let’s work together to build it.

To learn more about online payment fraud visit our insights page.