The reality of ecommerce is that payments attract fraud and merchants of all sizes have needs for preventing fraud.
The word “Fraud” can be defined in different ways depending on who you ask.
- You buy an item from a merchant on a marketplace but they never ship it and stop communicating with you and the online store disappears.
- You sell an item online and after shipping it with a trusted carrier, the buyer claims they never got the item and requests a refund.
- A person steals your credit card information and makes purchases without your permission. Things like first party misuse or “friendly fraud” also wind up in this bucket of disputes. An example of this is your toddler is playing a game on your phone and makes in-app purchases that later you tell your credit card company you did not do.
While most people would agree that someone was defrauded in the examples above, the card schemes define fraud chargebacks as the latter where a card is involved in a purchase the cardholder did not authorize.
Merchants in ecommerce generally have fraud manifest in the form of chargebacks. Chargebacks cause financial loss from the transaction plus operational costs for staff to receive and process the chargebacks and additional fees charged for receiving a chargeback.
Risk Management Not Risk Aversion
Fraud attacks are only growing in sophistication. Fraudsters will seekout and exploit loopholes in systems or policies to realize a gain and use tactics to monetize their stolen assets that make their activity look like regular traffic. These attempts to blend in make it difficult for merchants to detect the bad activity before it is too late. Enter the need for equally sophisticated tools to accurately identify bad activity without harming the good. Fraud prevention solutions may be a bit of a misnomer in naming in that while detecting bad activity they are also detecting good activity and a successful risk management strategy can actually increase authorization rates and lower fraud rates at the same time.
A successful fraud management strategy consists of preventative and reactive solutions. Prevention is always the best idea on paper but is different in reality. These solutions typically use tools like barriers to entry or algorithm based tools to predict if an event is bad and stop it before it happens. The reality is that stopping every bad event is not achievable and pursuing perfection generates enormous customer friction which prevents good sales in the name of stopping the bad ones. An example of prevention is a credit card purchase being declined by the issuer because they suspected fraud.
Reactive solutions cover the leakage from proactive solutions. These solutions ‘react’ to negative events that happen to limit the losses and stop the exact same thing from happening the next time. Another role they play is to close the loop by learning from what happened and train the preventative solutions. An example of a reactive solution is when a fraud related chargeback is received, the merchant may restrict the account of the user to keep the same account and credit card from making another bad purchase in the future.
Fraud Management Systems
A complex problem to solve like fraud prevention requires a lot of consideration to implement successfully. Preventing fraud requires a multi layer approach. Holistic fraud systems can be thought of as made up of 4 main components to manage proactive and reactive approaches.
Detection Tools
How do you identify what is good vs bad? Detection tools can range in sophistication from simple rules to a robust machine learning model taking in thousands of data points to assess an event. An important thing about detection tools is even though we tend to think only about the bad activity they are detecting, they are determining good as well and this can be used to reduce friction and improve the customer experience for those known good events.
Actions
When you identify something as good vs bad, what do you do with it? The action taken can vary depending on the risk of the event, the confidence level in the detection, and the event type itself. As an example, let's say you are on vacation and buying a gift to be shipped to your sibling from a hotel lobby computer. The merchant site you make purchases from all the time does not recognize this new device and the location you are shopping from. Should the merchant immediately shut down your account forever to prevent a potential bad purchase? Or can an additional authentication step be performed to confirm the person accessing your account is you?
Checkpoints
Where in the customer journey can you detect an event and take action on it? Natural moments of truth exist in ecommerce around ‘submit’ or ‘buy’ buttons. These checkpoints represent the last possible point at which a negative event can be prevented when a customer is completing actions like making a profile change or completing a purchase.
Data and Tooling
How do you implement detection tools or monitor performance without data? Data is the most critical component of any solution. The feed of data to detection solutions is critical to the efficacy of the tool. Data can range across a broad spectrum of categories such as identity, velocity, device intelligence, session telemetry, customer history, and on and on.
Accessing Fraud Management Tooling
Sourcing a Solution
One of the perpetual strategic decisions for any company is the decision to build vs buy a software solution for any problem they face. Fraud prevention solutions are widely available from various providers in the market and can also be found as embedded solutions in payment service providers gateway tools.
In a multi provider approach, using tools embedded within a given PSP’s solution causes complexity, inconsistency and scalability issues. Building your own solution internally is extremely costly from both capex and opex perspectives and typically takes years to develop a full solution. In house solutions also typically suffer from the fact that the data it is trained on is only the internal data and patterns.
Integrating a third party solution can be a sweet spot for many merchants and even play a role as a component of in house built solutions. A third party solution can operate agnostic to the PSP the transaction is ultimately routed to. This keeps fraud decisions consistent across current (or future) providers and the flow of data of all your traffic to a single provider enhances the ability of the provider to learn and constantly fine tune the model. Third party providers also anonymize transaction data from other merchants in their system and use that network effect across the entire portfolio to spot trends and be even more effective at preventing bad activity.
Orchestration as An Enabler
For merchants, a payments orchestration platform is already a centralized, single integration to access multiple payment services like vaulting, network tokenization, and access to multiple PSPs. An orchestration platform is a natural place to add in other services like fraud prevention vendors.
Thinking back to the core components of a fraud system, a third party vendor plays the role of the detection system. The orchestration platform already has an enormous amount of data on the payment method and the transaction details being shared with the PSP, this data can very easily be shared with a fraud provider without any extra work from the merchant.
Actions like stopping a transaction before an authorization attempt or voiding an authorization when the fraud prevention layer detects high risk activity can be built in and automated in an orchestration workflow. This is another place that saves a merchant development time and operations cost to mitigate risky payments in the funnel.
The natural flow of payments provide built-in checkpoints in an orchestration workflow where these detection capabilities can take action. Key moments such as pre-authorization and post authorization are common in the industry and already exist in the orchestration workflow. No need for merchants to build additional workflow steps in their internal workflows.
Lastly the data and tooling aspects are covered in the orchestration flow for both send and receive. The existing data is shared with the fraud prevention provider with little effort from the merchant but the orchestration workflow can seamlessly close the loop on transaction data as well without additional steps from the merchant. The outcome of authorizations or receipt of disputes can be an automated loop from the orchestration platform to the fraud prevention provider for use in further training and development of models. All this data is also returned to the merchant for their internal tools and natively aggregated across PSPs in the orchestration platform.
Why Fraud Prevention Is Important
Fraud prevention is a necessary component of mature ecommerce solutions. For the largest and well funded merchants there are opportunities to build in house and address their needs, but at great effort and financial cost. Large and small merchants alike can benefit from accessing third party fraud prevention solutions via an orchestration platform, reducing time to value for all and leveling the playing field so merchants of all sizes can access industry leading fraud prevention solutions.
Fraud prevention solutions and payment solutions are like chocolate and peanut butter. They can be good on their own but can be great together.
Reach out to Spreedly today to see how you can get proactive about fraud prevention.
Download the Payments Orchestration eBook Below
.png)
.png)
.svg){kind=icon}
.svg)
