Roadmap to Online Fraud Prevention
Transaction monitoring systems can help retailers reduce online payment fraud, but some retailers don't deploy such tools to their full extent for fear of inconveniencing consumers. The trick is to strike the right balance between generating the correct ratio of false positives to fraudulent transactions.
The central role played by online payment fraud detection is based on the inability to establish and verify personal identities quickly and efficiently. Finding the ultimate solution will eventually require more development by retailers and also from governments, card issuers and banks.
What it means
"Transaction monitoring -- trying to detect fraud when consumers are buying online -- is the fastest growing segment of the market," says Geoffrey Turner, senior analyst at Forrester. "That's just my opinion because it is very hard to get reliable industry statistics.
"Key to this strategy is having the necessary software and processes to detect fraud, determine a response and deny the purchase in near-real-time -- at least before the item is shipped. In the past, these efforts were done after the goods had already left. To be effective, retailers need to be pro-active and interrupt fraudulent transactions on the fly."
The good news for retailers is that existing tools can do the job. "If retailers use the software as designed, it can reduce online fraud by at least 0.5 percent," says Avivah Litan, vice president at Gartner. "But some are holding back and trying to find a balance between accepting fewer false positives -- stopping incorrectly identified legal transactions -- and letting too many fraudulent ones go through."
A premier luxury retailer, handling more than 240,000 online transactions per month needed to beef up its legacy, in-house security system. Although its fraud rates were low by industry standards, the system was bumping up against its limitations. These included mainframe-powered applications requiring substantial IT resources to repair, update and make changes, especially to combat constantly shifting fraud trends.
Also, it had limited capacity to increase scalability efficiently and to provide robust statistical reporting. While it captured a high level of fraud incidents, it also incurred an unacceptable rate of false-positive alerts. In addition, during peak season demands, the existing system needed additional resources, which reduced the quality of customer experiences.
The implementation of the 41st Parameter's FraudNet system enabled the retailer to detect fraud more effectively by using a robust risk engine. It could analyze both user-entered and device-generated data against a wide variety of algorithms. Also, it could flag suspect transactions and then sort them for further review.
By conducting link analysis to recognize multiple transactions with common data elements, investigators reduced the retailer's charge back costs by 50 percent.
"Remarkably, in our first peak season using this system, we stayed on top of double transaction volume without holding up a single transaction or ever falling behind, enjoying zero false positives, which is great for the customer experiences," says the retailer's vice president, loss prevention.
What's at Stake
A leading e-commerce aggregator, which hosted e-commerce Web platforms for multiple retail clients, implemented FraudNet to outwit fraudsters who bundled together fraudulent, small-denomination electronic gift cards (EGCs) to order high-ticket items.
The aggregator and its clients had overlooked the potential for EGCs to become a high-risk problem since the cards were pre-validated and considered safe as cash. However, the scam artists purchased the cards using stolen identities. In addition, the small amounts did not to trigger existing fraud detection alarms. But the aggregator quickly developed specific business rules and algorithms to meet the various attacks on different online merchants across several retail segments.
Benefits arrived swiftly. Within four days of being deployed, the updated algorithms analyzed thousands of EGC orders flagging about one percent as suspicious, of which more than 80 percent involved fraud rings targeting a single retailer.
The aggregator's loss prevention team then helped the police track down five perpetrators and recovered stolen items valued at approximately $93,000.
How to Succeed
One retailer that recently announced it was using an online-fraud prevention solution from Accertify is Urban Outfitters. It is using the Interceptas solution to take a tougher stance against online fraud while maintaining a smooth and easy customer experience.
But retailers cannot combat online payment on their own. "They also rely on credit card industry standards such as CVV (card validation value) and AVS (address validation system)," says Gartner's Avivah Litan. "And there is the Verified by Visa system, which uses a password. The original system was a bit 'klugey' or awkward. It needs an update."
Government-based solutions aimed at the root causes of online fraud are in the works.
"Within three to five years, there will be a more solid infrastructure for establishing and authenticating personal identities," says Forrester's Geoffrey Turner. "The first step will involve standardized state drivers licenses and federal e-passports. The second will include biometric digitization tools such as PC cameras to conduct iris scans and PC readers to verify fingerprints. As well, there will also be secure, wireless scanners built into mobile devices not to mention smart cards using chip & pin technology for out-of-band verification and authentication."
In the future, when such real-time confirmations of personal identity and card ownership become reality, card-not-present, online payment fraud may become a thing of the past.
The central role played by online payment fraud detection is based on the inability to establish and verify personal identities quickly and efficiently. Finding the ultimate solution will eventually require more development by retailers and also from governments, card issuers and banks.
What it means
"Transaction monitoring -- trying to detect fraud when consumers are buying online -- is the fastest growing segment of the market," says Geoffrey Turner, senior analyst at Forrester. "That's just my opinion because it is very hard to get reliable industry statistics.
"Key to this strategy is having the necessary software and processes to detect fraud, determine a response and deny the purchase in near-real-time -- at least before the item is shipped. In the past, these efforts were done after the goods had already left. To be effective, retailers need to be pro-active and interrupt fraudulent transactions on the fly."
The good news for retailers is that existing tools can do the job. "If retailers use the software as designed, it can reduce online fraud by at least 0.5 percent," says Avivah Litan, vice president at Gartner. "But some are holding back and trying to find a balance between accepting fewer false positives -- stopping incorrectly identified legal transactions -- and letting too many fraudulent ones go through."
A premier luxury retailer, handling more than 240,000 online transactions per month needed to beef up its legacy, in-house security system. Although its fraud rates were low by industry standards, the system was bumping up against its limitations. These included mainframe-powered applications requiring substantial IT resources to repair, update and make changes, especially to combat constantly shifting fraud trends.
Also, it had limited capacity to increase scalability efficiently and to provide robust statistical reporting. While it captured a high level of fraud incidents, it also incurred an unacceptable rate of false-positive alerts. In addition, during peak season demands, the existing system needed additional resources, which reduced the quality of customer experiences.
The implementation of the 41st Parameter's FraudNet system enabled the retailer to detect fraud more effectively by using a robust risk engine. It could analyze both user-entered and device-generated data against a wide variety of algorithms. Also, it could flag suspect transactions and then sort them for further review.
By conducting link analysis to recognize multiple transactions with common data elements, investigators reduced the retailer's charge back costs by 50 percent.
"Remarkably, in our first peak season using this system, we stayed on top of double transaction volume without holding up a single transaction or ever falling behind, enjoying zero false positives, which is great for the customer experiences," says the retailer's vice president, loss prevention.
What's at Stake
A leading e-commerce aggregator, which hosted e-commerce Web platforms for multiple retail clients, implemented FraudNet to outwit fraudsters who bundled together fraudulent, small-denomination electronic gift cards (EGCs) to order high-ticket items.
The aggregator and its clients had overlooked the potential for EGCs to become a high-risk problem since the cards were pre-validated and considered safe as cash. However, the scam artists purchased the cards using stolen identities. In addition, the small amounts did not to trigger existing fraud detection alarms. But the aggregator quickly developed specific business rules and algorithms to meet the various attacks on different online merchants across several retail segments.
Benefits arrived swiftly. Within four days of being deployed, the updated algorithms analyzed thousands of EGC orders flagging about one percent as suspicious, of which more than 80 percent involved fraud rings targeting a single retailer.
The aggregator's loss prevention team then helped the police track down five perpetrators and recovered stolen items valued at approximately $93,000.
How to Succeed
One retailer that recently announced it was using an online-fraud prevention solution from Accertify is Urban Outfitters. It is using the Interceptas solution to take a tougher stance against online fraud while maintaining a smooth and easy customer experience.
But retailers cannot combat online payment on their own. "They also rely on credit card industry standards such as CVV (card validation value) and AVS (address validation system)," says Gartner's Avivah Litan. "And there is the Verified by Visa system, which uses a password. The original system was a bit 'klugey' or awkward. It needs an update."
Government-based solutions aimed at the root causes of online fraud are in the works.
"Within three to five years, there will be a more solid infrastructure for establishing and authenticating personal identities," says Forrester's Geoffrey Turner. "The first step will involve standardized state drivers licenses and federal e-passports. The second will include biometric digitization tools such as PC cameras to conduct iris scans and PC readers to verify fingerprints. As well, there will also be secure, wireless scanners built into mobile devices not to mention smart cards using chip & pin technology for out-of-band verification and authentication."
In the future, when such real-time confirmations of personal identity and card ownership become reality, card-not-present, online payment fraud may become a thing of the past.