Retailers have three choices when it comes to managing the risk on card-not-present transactions: handling the task internally, outsourcing it or a hybrid approach. In this article an ecommerce director for a major company offers insights into the pros and cons of each strategy.

Vishal Sagar, Director of eCommerce, Americas, Harman International Industries, a Samsung company

In 2017, worldwide fraud linked to payment cards triggered an estimated $24.26 billion in losses, according to the Nilson Report. And Nilson projects that number will rise to $34.66 billion by the year 2022.

Add to that a study released in 2018 by Javelin Strategy & Research showing that card-not-present fraud is 81% more likely to occur than in-store or card-present fraud, as well as the 3,813 U.S. publicly disclosed breaches that occurred in the first six months of 2019. These numbers are far from small, and seem to be continuously growing. Crimes of this type that happen behind closed doors are killing businesses, as well as the customer shopping experience.

Online fraud is a major issue for all types of businesses, as it has the potential to wipe out an entire company. However, there are ways to avoid learning things the hard way and instead get tips ahead of time on how to protect your business from online fraud before it happens.

Keep your goal of chargeback rate at under 1% of your overall ecommerce sales and your transaction approval rate at a minimum of 95%.

How? Below are my recommendations on how to reduce online credit card fraud chargebacks and optimize fraud risk management.


However, before we jump into that, it is important that we cover the subject of the responsibility/accountability when it comes to online fraud risk. This typically starts within an organization as the “blame game.”

The Blame Game

One of the first things that will pop into your mind when you discover there has been a fraud in your company is: who should own the fraud responsibility and accountability?

In some companies, it is the finance department, while in others is the ecommerce leaders; it can be the customer service department, or a combination of all of the above.

The bottom line is this: it is not anyone’s fault so don’t waste your time attempting to play the blame game. Credit card-not-present fraud is here to stay, and it is a constantly evolving landscape.

Rather, focus your energy on taking the necessary steps to mitigate the problem. Make sure there is company-wide alignment on the involvement it will take from all departments to ensure your business is able to stand up against fraud rings.


It is important to note that it is nearly impossible (if even at all possible) to avoid fraud. So, while you should be working to avoid as much fraud as possible, remain realistic that some will still slip through.

How to Reduce Fraud

There are three different paths you can take when looking at mitigating the risk of card-not-present fraud, while also helping to increase your sales with no extra effort on your part.

1. Managing risk internally

Most companies prefer this route, as it gives them more control over the situation. In order to keep fraud-related issues within your company, here are the steps you should take:

  • Assemble a team that includes an ecommerce leader, vendor relationship manager, customer service manager, finance leader, and data analytics member.
  • Determine which risk management tool to use and have the payment provider give initial recommendation on industry-standard fraud rules that can be set up via the tool. The provider will help with initial setup, but following that, the accountability and continual optimization responsibility that follows is on your company’s shoulders.
  • Configure your own additional fraud rules and scoring system to determine which potential threats require a second opinion (additional manual review) and which scores/rules would approve a transaction. Typically, the number of transactions hitting a manual fraud review and the number of team members available to review each transaction will determine how your fraud rules must be set up.
  • Analytics manager needs to utilize past disputes/chargebacks/approval data from the risk management tool to create data models to optimize rules in the future.
  • Continually optimizing fraud rules and tracking key metrics related to fraud is paramount to the optimal management of internal fraud risk.
  • Keep your goal of chargeback rate at under 1% of your overall ecommerce sales and your transaction approval rate at a minimum of 95%, based on de-duplicated transaction records. However, I have noticed it’s not impossible but quite tough to achieve those metrics with in-house management. You will realize that your false-positive transactions are quite high and your transaction approval rates are not so great, which eats into your business. Hence option number 2 . . .

2. Outsource fraud prevention entirely to a third party

This is the top choice in my opinion due to it requiring the least amount of time and resources to manage and optimize fraud internally. Fraud chargebacks that are reported become the partners’ liability so this route means they have “skin in the game.”

I have watched this method work wonders. Upwards of 15-20% YOY sales growth is possible when you outsource fraud prevention because fraud-prevention companies have the necessary technology, resources, and expertise to mitigate fraud and improve transaction approval rates, thus allowing you to focus your attention on your business and increasing your sales.


Here is what you want to look for in a fraud prevention partner:

  • Full credit card chargeback liability coverage
  • Experience managing large accounts
  • In business for a minimum of 5 years
  • Employs machine learning and AI to approve/decline transactions
  • The turnaround time to approve transactions should be less than 5 seconds
  • Complete transparency regarding scheduled maintenance and outages
  • Ability to achieve 95% approval rates (based on de-duplicated data)
  • Fees are charged as a percentage of approved transactions, rather than declined transactions. This gives the vendor incentive to approve more.
  • Not enforcing such strict fraud rules that you end up declining good orders out of worry that they display some attributes of a fraud order, but may not be.
  • Ensure chargeback rate is low by signing an SLA. Even though the liability is covered by the vendor, you may still get hit by fees from card networks due to high chargebacks and you stand to lose a card payment type.
  • Reasonable fees — determined by present chargeback rate and the cost of maintaining fraud risk management.

Selecting the right partner is paramount to the success of this option, so choose wisely.

3. A hybrid approach that combines in-house and third-party prevention

Many companies prefer to mix both in-house risk management and third-party fraud prevention. This allows for some internal control but also alleviates some of the stress of dealing with it all on your own.

Here is the best way to do this:

  • Handle initial transactions in-house via your risk management tool. Approve what you are comfortable with and send the rest to your third-party partner for review and approval.
  • You may opt for another level where once the third-party partner approves or declines transactions, your team reviews the declined transactions manually to ensure they are clear of false-positives.

Determine which route is best for your company to optimize fraud risk management and increase sales, and put it into effect ASAP. You will be surprised how much money you will save not just on costly chargebacks, but also how much you’ll now save from the lack of false positives.


As director of ecommerce for the Americas at Harman International Industries, Vishal Sagar manages the direct-to-consumer business on,,,, and online marketplaces.