Analysts expect card-not-present fraud, mainly committed online, will increase over the next few years in the United States as the introduction of EMV chip cards makes it harder to commit fraud in stores. That’s leading online retailers to think about how to prevent that CNP fraud. It’s easy to be distracted by the complexities of modern fraud prevention tools and lose sight of a simple but important fact: Fraud doesn’t happen when the fraudster gives up.
Predictive analytics is the first step to reducing fraud
Predictive analytics is an umbrella term for a variety of techniques that analyze current and historical statistics to predict outcomes. A predictive model can reduce a business’s exposure to fraud by flagging orders that are likely to be fraud. This flagging happens when the model spots certain relationships and patterns that usually lead to fraud, so the order can be manually reviewed for approval or decline.
Fraud scoring models are based on predictive techniques that capture patterns of fraudulent activity and differentiate these patterns from legitimate purchasing activity, separating then the ‘sheep from the goats,’ so to speak. These scoring models typically assign a numeric value to each order, based on the predicted likelihood that a transaction may be fraudulent.
Well-designed fraud scoring systems enable merchants to assign points for different elements of each CNP transaction. Scored elements typically include the customer’s IP address, email service provider, and shipping and billing addresses as well as the time of day the order is placed, the AVS result code, ticket amount, type of merchandise, and shipment method. The order’s score can also vary based on the customer’s previous orders, the length of the customer relationship, and more.
Taken together, the scores for all the points yield the order’s overall fraud score. Merchants use these scores and benchmarks they choose in advance to sort orders for approval, rejection, or review. Merchants can adjust their sorting thresholds based on trends and time of the year to account for sales peaks and typically fraud-heavy shopping seasons.
Good predictive analytics are not enough
The chart below shows the evolution of a telecom company’s fraud attack rate and the statistical model’s performance over ten months.
With time, the model becomes more precise and refers more fraud attempts to the manual review team. After the likelihood of successful fraud drops and remains consistently low, the fraudster stops trying.
The graph below compares the incidence of fraud from the previous graph to the simulated incidence of fraud if the precision of the statistical model were to remain flat.
The difference between the actual incidence of fraud in the first month and the simulation with flat statistical model precision by month 10 is due only to a reduction in fraud attempts. In other words, the fraudsters gave up and moved on.
What can we learn from all of this?
We all understand, of course, that CNP fraud is an organized, global problem and that fraudsters are persistent and innovative in their attempts to defraud merchants and consumers. However, there are two additional fraud-prevention elements that, when used together, can convince would-be thieves that their fraud attempts are a waste of time.
These two elements are precise fraud models and representative screening of fraudulent orders. Coordinated properly, they can discourage fraud without raising the rate of false declines. Here’s how these tools can work together.
The limits of predictive analytics in fraud prevention
A great statistical model may be the basis of accurate order screening, but it isn’t enough on its own.
A good statistical model will sort the orders and group the majority of suspect orders within a narrow range of scores. Imagine, hypothetically, a statistical model that concentrates 90% of the total fraud in 10% of the transactions, sorted by the fraud score. Based on this model, a merchant may decide, for example, to automatically approve the 90% of the transactions with lower fraud scores and reserve costly and time-consuming manual review for the 10% with unacceptably high fraud scores.
If one percent of the transactions are, in fact, fraud, then the model will block 90% of them and the merchant will face a chargeback rate of just 0.1%. However, if the fraud-attack rate jumps from 1% to 10%, our hypothetical model will still block 90% of the fraud, but the merchant’s chargeback rate rises to 1%. If the fraudsters really swarm in and the attack rate is 30%, the statistical model now allows a chargeback rate of 3%. This rise in chargeback rates based on the percentage of orders that are attempted fraud demonstrates that the statistical model alone cannot fully protect merchants.
Precision and representation increase the reliability of predictions
Precision relates to the predictive model’s capacity or quality. The more accurately the model concentrates fraudulent orders within the proper score range, the less likely fraudsters are to succeed with their attempts. As we saw earlier, though, a higher rate of attacks can “beat” even a highly precise system by slipping a percentage of fraudulent orders into the lower fraud score range.
Beating the fraudster’s numbers game requires proper representation of orders flagged for further screening. Especially when a merchant experiences a high number of attacks, the best fraud prevention system will deviate a proportionally representative number of fraudulent orders for further investigation. This is where the system can make fraudsters give up and move on. Accurate representation allows for efficient decisioning and quick declines of fraudulent orders. Rapid rejection of multiple fraud attempts shows fraudsters that their approach is not working. Given the choice between pursuing a failing strategy and giving up, fraudsters are likely to quit targeting that merchant with that particular fraud approach.
Why not just automatically deny the riskiest transactions? It would definitely reduce fraud, but it could also harm the merchant’s revenue stream and customer retention rates by falsely declining flagged orders from good customers—lumping the sheep and the goats all together. These rejected customers would likely take their business elsewhere going forward.
CNP fraud-prevention strategies are complex and always changing as fraudsters develop new approaches. Regardless of the details and complexity, a good strategy will combine prediction, precision, and representation to prove to would-be thieves that their attempts aren’t worth the effort.
ClearSale specializes in preventing fraud in card-not-present environments.Favorite