Fighting Holiday eCommerce Fraud by Watching “Home Alone”
The 1990 comedy movie “Home Alone” is more than a light-hearted farce about 8-year old Kevin defeating a couple of crooks. Hard to believe, but it’s actually a primer on how online businesses can recognize and fight card-not-present (CNP) fraudsters.
For example, early in the movie, thief Harry Lime (played by Joe Pesci) exhibits classic fraudster behavior by pretending to be a legitimate visitor (a police officer, no less) as he cases the McCallister home.
Similarly, fraudsters will case your eCommerce site by attempting multiple purchases to identify vulnerabilities, how you’re screening for fraud, and what tactics will or will not work.
You can guard against this type of behavior by collecting and analyzing as much data as possible about every visit and order so you can build profiles of both legitimate and nefarious behavior. This will help you recognize orders from good customers more quickly so you can avoid false positives. At the same time, orders from fraudsters will become easier to spot and block.
Returning to the movie, young Kevin overhears the robbers discussing their plans…
In the same vein, it’s important for you to stay current with the latest fraud schemes. Reading blog posts like this one, subscribing to eNewsletters, and attending industry events like CNP Expo or Kount Summit ’18 are great ways to anticipate what kinds of trouble may be headed your way.
Aware of the coming attack, Kevin puts together a plan to deal with the crooks, assessing his vulnerabilities:
- Front and back doors
- Dog door
- Windows on first floor
- Stairs to second floor
- Upstairs bedroom
He then develops strategies and tactics to protect those areas of exposure:
- Ice on stairs leading up to front door
- Blowtorch at back door to burn intruder
- BB gun to shoot out of the dog door
- Glass ornaments under windows
- Swinging paint cans on the stairs
- Escape zip line from upstairs bedroom to tree house
You too should take time to look at all the ways your eCommerce site might be vulnerable to fraud attacks and plan your responses. For example, are you verifying user information when a new account is created? Are there ways to confirm that a user on a mobile device is really who they say they are? Are you deploying multiple screening technologies to confuse fraudsters and make it impossible for them to figure out how you’re tripping them up?
Here is our favorite part of this analogy (and the movie): many of Kevin’s techniques are automated! For example, Harry slips and falls on the icy stairs without Kevin having to lift a finger. And when Harry tries to enter the back door, a pull string automatically activates a blowtorch that burns his head. Marv Merchants, the other crook (played by Daniel Stern) pulls a cord to turn on a light in the basement and that triggers an iron to come crashing down on his face. Because these and many other traps are automated, Kevin can be prepared for the big confrontations. BOING! Kevin releases paint cans to the face! SNIP! Kevin cuts the zip line to the tree house and the criminals crash into the frozen backyard pool below.
Likewise, everything you can do to automate your fraud prevention responses allows you to focus only on those cases worthy of your time. Use manual reviews only as a rare and last resort. The result will be better outcomes and lower operational costs.
To recap, if you want a 4-star holiday experience, remember Kevin’s tricks from “Home Alone”:
- Know the difference between good and bad guys
- Assess your vulnerabilities
- Plan how you’ll respond to attacks
- Use a multi-layered approach that erects numerous obstacles
- Automate as much as possible
- Limit manual interventions
To prepare for the holidays and learn more about what could potentially be killing your sales, check out our latest eBook "The Silent Sales Killer: False Positives".