Rotem Gal: First, should online retailers expect a rise in fraudulent purchases during holidays?
Eido Gal: Online retailers should always take measures to detect and prevent fraud, and the holiday season is no exception. However, contrary to what many merchants may believe, the rate of e-commerce fraud is actually 55% lower during the holiday season compared to the rest of the year. This is because, relatively speaking, the increase in the number of legitimate online shoppers during the holidays is much more substantial than the increase in fraud attempts during this period. While regular consumers often wait for holiday sales to enjoy the best prices, fraudsters have no reason to time their attacks to coincide with promotions. The result is that the overall rate of fraud out of all online sales actually drops.
When it comes to CNP [card not present] fraud and the holiday sales season, online retailers should focus their efforts on scaling fraud prevention processes to successfully handle the spike in order volumes while maintaining a great online customer experience. Our numbers indicate that the overall cost of an inefficient fraud screening process (delays in fulfillment, false declines of legitimate customers) is often higher than fraud-related chargebacks.
RG: Given that the rollout of chip-based card has made it harder—if not impossible—to carry out in-store fraud, what does this mean for the online retail landscape? How will this affect card-not-present (CNP) fraud rates?
EG: Card-not-present (CNP) fraud has been steadily growing in in tandem with the overall growth in e-commerce sales, and does not stem from the rollout of EMV (chip-based) credit cards in the U.S. In fact, research shows that CNP fraud would increase independently of the adoption of EMV, showing there is little correlation between EMV cards and higher CNP fraud rates.
The notion that EMV cards are responsible for increased CNP fraud rates is based on the assumption that the same criminal minds are behind both CNP and in-store fraud—and that as it becomes more difficult to carry out in-store fraud, these criminals will shift their focus to targeting online merchants.
However, effectively carrying out large-scale CNP fraud attacks requires a level of tech-savviness that many criminals involved in in-store fraud do not possess.
In others words, CNP fraud will continue to rise and retailers selling online should definitely invest in an accurate and effective fraud prevention process, but EMV cards are not to blame.
RG: What are the traits to look out for? Are there any category of products that are more likely to be targeted by online fraud, such as electronics and small, high-priced items that are easier to carry and sell? Any shipping preferences to look out for, such as the tendency to pay for faster shipping options?
EG: Overall, cybercriminals are looking to steal items that can be quickly resold for a high profit. For this reason, popular, lightweight, and high-priced items are often targeted by fraudsters. This includes gadgets such as GoPro cameras and iPads, luxury bags and accessories, watches, and even popular sneakers, such as Nike Airs. Digital goods, such as e-gift cards and e-tickets, are also likely to be targeted by fraudsters. Most online retailers know which of the products and brands they carry are targeted by fraudsters.
Any attempt by customers to hide their location and conceal their true identity may indicate fraud. This includes a fake or brand-new email address, use of fake names in the billing or shipping details, shipping to a drop point or reshipping service, and use of a proxy server (trying to conceal the true location of the device used to place the order). That being said, it’s important to remember that there are still many legitimate reasons to use a reshipping service or even a proxy server, especially in cross-border e-commerce.
Retailers looking to maximize online revenue this holiday season might be interested to learn that many order characteristics that they may regard as suspicious, including mismatches between the billing and shipping address, using an international card for domestic shipping, and last-minute express shipping, are actually more common during holidays. In fact, 1 in 5 orders made during the holiday season is likely to include some data mismatch, and U.S. merchants will see twice as many orders made with a foreign credit card during November.
RG: How will the increasing demand for same-day delivery affect online fraud? Can it be taken advantage of by fraudsters?
EG: Speed becomes the main challenge as demand for same-day delivery grows. Online merchants must fulfill orders faster, which means they need to conduct the fraud review process quickly as well, making practices such as lengthy manual fraud review obsolete. Some retailers may try to cut corners to avoid making significant changes to fraud management operations—either continuing with the same fraud review process (resulting in shipping delays) or using fraud filters to block orders previously routed to manual review—resulting in the rejection of many good orders along with costly chargebacks.
To avoid this poor outcome, retailers are increasingly adopting more advanced fraud management solutions that allow them to both prevent fraud and meet shipping deadlines. Today’s fraud management systems can detect fraud in near real-time, and allow retailers to automate the entire flow from online purchase to fulfilment when necessary.
RG: We’re seeing a move toward omnichannel integration among retailers, and the merging of online and brick-and-mortar retail, which include trends such as “buy online, pickup in-store.” Do omnichannel offerings present new opportunities for online fraudsters? If so, how? And what can retailers do to prevent fraud?
EG: Omnichannel offerings present new opportunities for online fraudsters. With retailers eager to offer the newest omnichannel services, they don’t always adjust their fraud prevention systems to effectively handle fraud across various channels. However, the good news is that mobile shopping, phone orders, and in-store pickup are not more dangerous than regular online shopping. In fact, orders placed via mobile devices carry 50% less risk compared to desktop purchases.
By collecting and analyzing data about every CNP order, including “normal” online orders, mobile purchases, and ‘click and collect’ orders (buy online, pickup in store), retailers can effectively identify and prevent fraud across channels. This includes analyzing the customer’s browsing behavior on your site or mobile shopping app, cross-referencing new purchases with all previous orders in your system, and identifying the same customer across devices. We recently put together some actionable tips for identifying and preventing fraud in ‘buy online, pickup in store’ orders.
RG: What does the rising trend of m-commerce mean for online retailers in terms of fraud? What should they watch out for? What are the precautionary measures to be taken?
EG: M-commerce is driving e-commerce growth across markets and verticals. In the U.S., mobile sales already account for nearly 25% of e-commerce, while in China over 50% of online sales are via mobile devices. Smartphones and other mobile devices are an integral part of daily life for many around the world, and consumers are increasingly taking advantage of the ability to make purchases while on-the-go. But mobile shopping is not only good for consumers, it’s good news for retailers as well.
Riskified’s data shows that desktop orders carry 1.5 times more risk of fraud compared to mobile orders. This may be because many of the ‘tools’ used by fraudsters to carry out online fraud attacks were developed for use on computers, and aren’t as convenient and effective when used via mobile devices. This situation can change, of course, as fraudsters adapt to the new reality and develop new methods and tools for carrying out fraud attempts from mobile devices.
Meanwhile, many retailers believe mobile orders are riskier, and end up wrongly rejecting many good orders placed via this channel. These mistakes can be costly. Research shows that 75% of young adult cardholders, who are more likely to shop via mobile devices, reported changing their shopping habits and stopping their patronage of a retailer after experiencing a false positive decline
In terms of best practices for retailers looking to safely expand mobile sales:
- Be sure to collect the unique information available in mobile purchases and incorporate it into your fraud management systems. Data such as GPS location, mobile carrier info, and behavioral analysts, can all be used to enhance fraud detection accuracy.
- Collect data across desktop and mobile devices and match it to a specific consumer. This can help retailers both identify fraud and prevent false positive declines (good customers rejected due to fear of fraud).
- Track performance stats, such as chargeback and approval rates, by channel (mobile vs desktop). This will allow you to identify areas for improvement going forward.
RG: We all know that many online fraud prevention practices come with a customer experience tradeoff. What can we do to reduce the effects? What does Riskified do in this regard? How can Riskified help clients improve security and prevent fraud while also reducing false declines and avoiding the risk to turn down online customers?
EG: Retailers are increasingly aware of how important the online customer experience is to revenue growth and brand reputation. But in the quest to prevent fraud, too many retailers spoil the customer experience by adding friction to the checkout process or even rejecting good customers due to suspected fraud.
The worst customer experience is probably having one’s order wrongly identified as fraud and rejected. Legacy fraud prevention systems were built to flag any data mismatches and highlight every statistically risky indicator within a purchase. As cross-border commerce grows and shoppers travel more than ever, data mismatches such as billing-shipping or IP-billing address mismatches are becoming more common and often have no connection to fraud.
Riskified’s approach is that the entire fraud detection and prevention process should be conducted behind the scenes—in a way that is completely invisible to the end customer. Our machine learning models are designed to uncover the legitimate “story” behind every purchase—so that we can approve good orders despite data mismatches and high-risk indicators, allowing us to immediately and accurately detect fraud without ever contacting the consumer. This ensures that retailers can provide same-day shipping, any omnichannel offering, and real-time digital purchases, without impacting the customer experience.
Rotem Gal and Eido Gal are not related—editor.
Favorite