Webinar Recap: Ask the Experts: Live Q&A with Fraud Professionals
If you missed our webinar on June 29th, “Ask the Experts: Live Q&A with Fraud Professionals,” this blog post provides a convenient recap.
- Elie Chemaly, Sr. Manager of Global Fraud and Investigations Staples
- Sam Hartung, Risk Partnership Manager, Whitepages Pro
- Kelly Reynolds, VP of Client Success, Kount
- Melayna Gabiou, Senior Marketing Manager, Kount
The webinar featured an interactive format in which participants could ask the panelists questions, as well as a presentation about the current state of fraud, the habits and tactics of today’s fraudsters, trends in e-commerce and mobile commerce fraud, and balancing the need to prevent fraud with the desire to increase sales.
Melayna Gabiou, Senior Marketing Manager at Kount, started the presentation with a look at why fraud is rampant and growing:
- Easier for the bad guys. The surge in data breaches and stolen credit card data means that frequently used credit cards are compromised. The bad guys only have two rules to follow: 1) don't get caught, and 2) make money.
- Harder for the good guys. There are thousands upon thousands of rules that online businesses must follow, which slows their ability to respond and can put fraud control at odds with the user experience which is required to drive sales growth.
This led into the first poll question, asking participants “How have fraud attempts changed over the last 12 months for your business?” Nearly 2 out of 3 participants reported increased fraud attempts:
Elie Chemaly, Sr. Manager of Global Fraud and Investigations at Staples, agreed that his company has also seen significant increases in fraud attempts, particularly since the transition to EMV in October 2015 (Europay, MasterCard and Visa (EMV)—also called Chip and PIN—uses computer chips at retail POS to authenticate chip-card transactions). Elie also commented that he does not believe the impact from EMV has peaked yet. While a majority of large retailers have adopted EMV, there’s still a significant percentage of smaller retailers who have yet to comply with the mandate. He foresees fraud attempts continuing to shift to the e-commerce space as more and more retail outlets adopt EMV.
The Fraud Landscape
The presentation next looked at the habits and tactics of today’s fraudsters. Melayna shared Kount’s research from notorious dark web sites, including:
- ALPHABAY: Where compromised Go Daddy email accounts and associated passwords can be bought for $4.99.
- Wickybay: Where “Starter Pack” educational materials for fraudsters are being sold, including techniques and tools to defeat device fingerprinting. Wickybay also sells templates for user IDs, software programs. In one instance, 37,000 items designed to facilitate and train a fraudster were available for $6.99.
Next, the panel weighed in on the question “What are some examples you’ve seen regarding fraudsters changing their tactics or using new tools?”
Kelly Reynolds, VP of Client Success at Kount, led off by observing that fraudsters are increasingly taking steps to hide their identities, such as using Tor networks or VPNs, which makes it more difficult to trace back to the original device location and device fingerprint. This “cloak of invisibility” makes it harder for screening techniques used by merchants to detect fraud.
Sam Hartung, Risk Partnership Manager at Whitepages Pro, agreed with Kelly, noting that fraudsters are doing a better job of looking like good customers. He’s also observed fraudsters trying to reverse engineer the logic being used to detect and defeat them. For example, if there is a $200 threshold that triggers a manual review, fraudsters will figure that out and then come back and repeatedly buy $185 items. For this reason, Sam thinks it’s critical to have multiple layers built into fraud prevention, not merely a few overarching rules.
Elie remarked that the most compelling trend that Staples has seen is the use of automation, capitalizing on all the weaponized data available to fraudsters. He has spotted high volumes of fraudulent attempts, with fraudsters firing out hundreds of orders at a time or even thousands of orders across multiple merchants. For fraudsters, it’s a numbers game. They know the bulk of the fraud attempts will be defeated, but may consider a 10% to 15% success rate worthwhile.
A member of the audience asked “What is the best way to handle orders with an international credit card, a US billing address, and shipping to a freight forwarder?” Kelly answered that if this is not a typical scenario for your particular business, additional verification via automated means or agent review would be advisable. Elie added that Staples does not fulfill orders outside the US, so transactions with an international credit card and shipping to a freight forwarder are somewhat common for them. They have established policies and procedures for following up to confirm that the order is legitimate. Sam agreed that this particular situation is a challenging scenario, and additional data points like address and phone confirmation can be helpful. He also noted that an additional strategy is for merchants to partner with freight forwarders, and work collaboratively to avoid shipping potentially fraudulent orders to high-risk geographies or locations.
This scenario dovetailed with the next portion of the presentation, which documented how fraud is getting increasingly complex and growing at a proportionally faster rate than eCommerce. What’s more, with the increase in data breaches and the growth of online shopping, there is no indication this trend will change or slow down. Here are some industry data points to support this:
- Card-not-present fraud increased 40% in 2016
- 27% increase related to EMV, pushing fraudsters online
- More than 14 billion mobile devices
- International expansion means more fraud concerns
- More than 18 new payment types introduced in 2016
- Over 1,000 data breaches reported in 2016, a 48% increase over 2015
Expanding Into New Markets
The discussion turned to how merchants can maintain or even increase sales in the face of this increasing fraud. The panelists address the question “What challenges, experiences or recommendations do you have for expanding into new markets?”
Sam confirmed that international and selling cross-border is a hot topic. He cautioned, however, about taking models and algorithms that work in the US and applying them in exactly the same way in other countries. For example, orders from prepaid mobile phones in the US tend to exhibit higher fraud. But in testing that Whitepages Pro conducted in Mexico, it became apparent that shoppers were more likely to use prepaid mobile phones to buy online and that those orders tended to be less fraudulent.
Elie agreed with the need to understand the unique characteristics when entering new markets and channels, for example, how shoppers exhibit differences when it comes to payment types, phone or device types, email domains, etc. Building this understanding can begin by talking with industry peers familiar with that market, and augmented by a plan to do deep gap analysis as you start to process transactions. It’s important that your solution is agile enough so that you can quickly adjust as you model the data and respond to threats.
A question came in from the audience: “There are international markets that are just not technologically savvy, so what is your approach for overcoming that?” Kelly answered that if the question referred to the lack of technology savvy on the part of end-users, Elie and Sam’s advice about doing research to understand the market is critical to being successful. If the question referred to the lack of technology savvy on the part of the merchant, online businesses can turn to third-party anti-fraud service providers for expertise. It’s a good way to refine rule sets, use cases, and fraud prevention strategies for that particular channel or market and to be more successful.
The next polling question asked audience members: “What is your biggest challenge related to the mobile channel?” The results showed that nearly half of webinar attendees consider detecting fraudulent orders as their biggest challenge:
Detecting Mobile Devices
This led to a discussion about findings from the recently-released Mobile Payments and Fraud Survey: Report 2017, which showed more and more merchants being able to detect mobile devices in eCommerce transactions. Thus in 2017, 36.9% of respondents said they could tell what type of mobile device was being used in a transaction, another 48.7% could detect if a mobile device was being used, and 14.4% were unable to detect if a mobile device was being used. Kelly discussed how important detecting mobile devices is to fraud prevention. For example, correlating the location of the mobile device in relation to the profile of the consumer, such as home address and origin country of the credit card account, can be vital to quantifying the risk involved in a mobile transaction. Further, knowing what mobile device is being used is key to tracking velocity of transactions, which is vital in light of Elie’s earlier comment about seeing hundreds or even thousands of transactions coming in a short period of time by sophisticated fraudsters using automation.
False Positives and Decline Rates
The discussion moved on to growing concerns about false positives or declines. Melayna pointed out that the dollars lost to false positive declines can be more detrimental than direct fraud losses. A study released at the end of last year by Javelin stated that dollars lost to false positives equal 19% of the total cost of fraud. So, denying a transaction can be quantified but what’s harder to measure is the cost of losing a customer. If consumers aren’t approved they can just as easily move on to another retailer offering the same goods and services. You could then be losing revenue associated with the potential lifetime value of that customer. Melayna shared industry data in support of these observations:
- Average Fraud Rate: 0.8% to 1.3%
- Average Decline Rate (Domestic): 2.8%
- Average Decline Rate (International): 7.6%
The panel discussed strategies that can help minimize false positives and reduce decline rates. Sam noted how difficult it is to know your false positive rate, unless you conduct post-transaction research. He explained that Kount and Whitepages Pro work to improve automated resolution of transactions in order to reduce the number of manual reviews required. This frees up agents so they have the time to conduct this type of post-transaction research.
Elie emphasized the importance of having a defined process and knowing that decline rates are aligning with that defined process. To that end, he reiterated using gap analysis and having benchmark approval rates and decline rates so that you can tell if your team is hitting the correct targets. He added that the lifetime value of a customer in retail can be thousands of dollars. Therefore, it may be better to risk losing a couple hundred dollars on one fraudulent order versus losing of thousands of dollars in potential lifetime revenue by rejecting a borderline transaction.
Kelly advised the low-tech—but essential—practice of listening to customers and to your customer service team. If decline rates or false positives are too high, you will hear about it from your clientele. In addition, their feedback will direct you to points of investigation so you can identify what’s causing the unwanted declines. There are many different factors that affect decline rates, including corporate policy, agent training, etc., and it’s necessary to understand which ones are affecting decline rates so you can address them properly.
In addition to these topics, the “Ask the Experts” panel also discussed trends in the mobile channel, the types of data most valuable to fighting fraud, best practices, and more. Click here to watch a recording of the entire webinar “Ask the Experts: Live Q&A with Fraud Professionals.”