Ask the Experts: Q&A with Fraud Professionals – Webinar Recap
If you missed yesterday’s webinar “Ask the Experts: Q&A with Fraud Professionals”, this blog post provides a convenient summary recap.Panelists
Greg Coles, Former Director, eCommerce Operations, The Source
- The Source is Canada’s leading consumer electronics and wireless retailer, operating in 600 retail locations, with eCommerce operations since 1999-2000.
- ClickBank is a Top 100 Internet Retailer and leader in digital e-commerce for 6 million entrepreneurs in 190 countries around the world. ClickBank specializes in digital product sales, such as eBooks, software, memberships, and digital subscriptions, processing over $3 billion in sales to more than 200 million customers.
- Kount helps online businesses boost sales by reducing fraud and allowing them to accept more orders. Kount’s all-in-one, SaaS platform is designed for merchants operating in card-not-present environments and the payment service providers that support them, simplifying fraud detection and dramatically improving bottom line profitability.
The webinar employed a Q&A format, with questions from merchants solicited prior to the webinar, as well as during the live event. Don Bush opened with a brief overview of fraud trends. He showed how card-not-present fraud is growing rapidly as fraudsters are becoming more sophisticated and relentless. He emphasized that it is critical that online retailers collaborate, share their experiences, and learn from each other in forums like this webinar.
The panelists then turned to the questions that had been emailed in earlier by merchants…
Q: What are fraudsters up to today?
Greg Coles: 1) Fraudsters are getting more and more educated, 2) they have access to more information than ever before, and 3) the speed at which they are able to operate is much faster. However, that speed is helping make it easier to detect them using today’s tools. When fraud attempts pick up in velocity, it’s actually easier to spot them. We are seeing that they are much more organized. Even the smaller criminal rings are much smarter than they used to be. The other thing is the EMV effect, which we saw a little earlier in Canada because we moved to EMV before the U.S. We saw a spike in online fraud after the implementation of EMV.
Brittanie Posey: I would agree about the speed of fraudulent transactions, and would also highlight the quantity of fraud. With our digital transactions, you can see multiple purchases coming in under one person’s credit card information within seconds of each another, so it’s clear that fraudsters are getting smarter and quicker on how they’re inputting that information.
Don Bush: Kount is also seeing these same increases in speed, plus the increasing sophistication and networking amongst fraudsters. They sell and share information and capitalize on each other’s knowledge to create a fraudster’s “Network Effect.”
Next, Greg discussed two examples that he had pulled from his transaction history to illustrate how quickly fraud is evolving. In the first example from 2015, Greg discussed how a small ring of fraudsters in a couple of hours attempted 23 fraudulent transactions. It was obvious that the quality of credit card data they had obtained wasn’t very good, as 19 were declined by the issuing banks and only four received credit card authorization. The techniques used by the fraudsters to disguise their identities were also quite basic:
Greg pointed out that the links between these fraudulent orders were quickly and easily detected, as much of the data was the same.
The second example from just 12 months later exhibited a much higher level of sophistication. As you can see in the bullet points below, the techniques used to disguise the fraudsters identities were complex, varied, and more difficult to detect. Greg pointed out that the credit card information was also much better. As a result, out of 22 attempted fraudulent transactions, all 22 received credit card authorization. None were declined.
Greg pointed out that this example really demonstrated the better tools and better data that the fraudsters were using and how much smarter they were – and greedier, too – as he noted the much higher average order value. Don added that these examples drove home the point that what you did last year to fight fraud is not good enough for this year, because of the increasing sophistication, changing tactics, and accelerating pace of card-not-present fraud.
Q: Which of these fraud techniques or tactics are you seeing today?
Greg Coles: I am surprised, I thought these percentages would all be up around 100% because I see all of these every day. I’m concerned that some merchants are being hit by these types of attacks and may not know it. I first saw the account takeover technique 12 or 13 years ago. Rushed shipping continues to be a flag that we look at, but some fraudsters are getting smarter and realize that merchants are screening for that particular tactic. Triangulation is relatively new. I think “steal to order” would be a good name for it. It’s interesting to see the websites that are offering this merchandise. We will have customers contact us about a price match and send us to these fraudster websites where prices are 25 cents on the dollar. While some techniques are more prevalent today and some are less prevalent, I do see them all…every day.
Britannie Posey: Because we deal in digital goods, we see a lot of friendly fraud. All of our products tend to be just emailed with an electronic purchase receipt. Customers are not looking closely at what they’re buying or don’t realize they’re purchasing a digital item. They get a purchase receipt without getting a physical item in the mail and they immediately contact their bank and attempt to process a chargeback. We also see a lot of card testing, fraudsters running a bunch of transactions by saving card information into a mobile device, clicking “Pay Now” on every single order form and auto populating.
Q: Are there certain regions of the world that concern you more than others?
Brittanie Posey: We do have a list of high-fraud/no-purchase countries and our order form is set up so purchases from those countries are just not an option. Broad-spectrum, we see fraud issues from Africa, some Middle East and some European countries.
Greg Coles: It varies from time to time, but having the data as to where customers are coming from can be really helpful. At one point, we got hit really hard with card testing coming from Vietnam. The fact that you can write rules around particular countries and areas is very helpful.
Q: How are you dealing with false positives?
Greg Coles: This is a subject near and dear to my heart. I often say, there’s a lot more to fraud detection than fraud. The revenue lost from one false positive is just the tip of the iceberg. You also probably lost that customer for life. And they may tell 20 of their friends about the horrible experience of their order being canceled even though it was legitimate. And then there’s review time. If you are canceling orders after you’ve reviewed them and approving a certain number, the slowdown you’re putting on a substantial number of orders is huge. When you see the numbers on false positives ($112 billion in lost revenue from false positives) and you see how low the actual fraud rate is (0.8% to 1.3%), you might be tempted to just let all the orders in so you don’t lose revenue. But don’t do it. When the thieves discover that you are an easy target and spread the word to all their fraudster friends, your small percentage of fraud attempts will increase dramatically.
Brittanie Posey: You can definitely lose a lot of customers with false positives. I speak to customers on a daily basis where they’re not sure why they cannot make a purchase. But it comes down to what red flags have popped up that either stopped them from making that purchase or have canceled their refund of that purchase. It’s a hard conversation to have with customers that legitimately attempted to make a purchase.
Finally, two questions came in during the live question-and-answer session near the end of the webinar.
Q: Just before the holidays, we offered gift cards that could be ordered online and used electronically. The number of fraud charges surprised everyone. We have since taken them off our website but I know our eCommerce team will want to use them again. The other surprising thing was that very few of them were ever redeemed. Could you give me some insights on that?
Greg Coles: We love to sell gift cards because studies show how much more customers spend above the gift card amount and it’s significant. If it never got used, it may be because of card testing, especially if they were of low value. There’s a wonderful case study on the Kount website about a company called Spotify that had the exact same gift card problem. They were able to relaunch their cards once they implemented Kount.
Q: Is there specific information or wording that is needed to win chargebacks? Also, would we need to upgrade to catch more fraudulent orders?
Don Bush: We talked earlier about collaboration. Kount has forged some significant partnerships with payment processors, and with data services like Ethoca and Chargebacks911 that help Kount customers minimize chargebacks and maximize re-presentments.
Greg Coles: Having a physical address and all the transaction data from Kount helps us fight chargebacks due to friendly fraud. From the Kount screen, we can print out a detailed report with the billing address and shipping address and show that it’s the same as the account address we have on file and attach with that the proof of delivery from the carrier.
Brittanie Posey: We use Kount to analyze the transaction data, looking at the IP address and – if it’s purchased on a device – if that device is the same billing address for that card or billing method. Providing that information shows that that customer is linked to that purchase. We also use a ticketing system, and if a customer has contacted us previously about the product, we have that information to make them aware that they were interested in the purchase and agreed to make the purchase. In addition, we use the Ethoca chargeback alerts and Chargebacks911 capabilities within Kount, and they definitely help with mitigating those.
To hear the entire webinar and learn more about how fraud experts are beating fraudsters, please click this link to view a recording of the 60-minute webinar: “Ask the Experts: Q&A with Fraud Professionals.”