23% of e-retail transactions on Thanksgiving and Black Friday came from mobile devices, according to payments security firm ThreatMetrix. However, 15.5% of retailers say ...
There’s a cost to keeping the criminals out—and it’s not always obvious
(Page 2 of 3)
In order to avoid such extensive manual review, many online retailers are looking at decision-making software solutions, such as those provided by Cybersource, Retail Decisions, ClearCommerce Corp. and others. In its simplest form, this software has rules written into it that tell the online retailer to accept or reject an order based on experience. More complex systems use neural networks to score each order on the likelihood that it will be fraudulent. Such systems look at where the order came from, what the e-mail address is, which items are being purchased, the size of the order and other factors.
In evaluating the cost of implementing such software, the easiest thing to measure is the upfront purchase or licensing cost. Even then, prices can vary widely-typically between $25,000 and $250,000, depending upon the features and sophistication desired and size of the customer, according to Cybersource.
While Karim declines to reveal how much uBid.com paid for the neural network-based program it purchased from Cybersource, he notes that in a previous position as a consultant, he worked with a large online retailer that paid $500,000 for a neural network and spent four months preparing for the implementation with three or four developers working on the project at all times.
Others also have found that most decision-making systems require extensive upfront data analysis before they turn on the switch. “Before we pitch a solution to any merchant, we need to take a good look at that merchant’s business and what its fraud problems really are,” says Renzulli of First National Merchant Solutions, which also offers a neural network-based solution.
As basic as that sounds, many retailers don’t understand the source of their fraud problems. “You’d be surprised at how many companies never even look at their chargebacks,” says Cybersource’s King. “You have to analyze all your existing sales so that you know what a good order looks like and what a bad one looks like.”
Once the software is in place, the system typically does not run itself. Most require constant monitoring and updating. “Fraud is a moving target,” King says. “You have to keep an on-going review and analysis of your fraud situation and make changes and adjustments to your software as you go.”
Whether it is upfront analysis or on-going monitoring, Avivah Litan, Gartner vice president of financial services, says most large online retailers have 10 to 20 employees dedicated to fraud prevention, including database and software experts, manual reviewers and chargeback recovery staff.
But a retailer need not purchase an entire decision-making service to take advantage of certain elements of such services. For example, some retailers pay a few cents per transaction for an address verification service that matches the address supplied by the customer against the address reported by the customer’s bank or credit card issuer, says Dave Karlin, president of Portland, Ore.-based AmeriNet Inc., a provider of online debit payment solutions. Others, he says, purchase negative card and checking account files from outside firms that supplement the retailer’s own negative files.
Additionally, some smaller companies can avoid purchasing or licensing decision-making software and the need to maintain their own databases by paying a per-transaction fee to a payments processor to provide such a service for them. Dallas-based Paymentech, a leading payments processor, for example, offers a neural network-based service for 5 cents to $1 per transaction, depending on complexity and transaction volume, according to John Shirey, manager of product development.
One advantage of using a service to provide the decision-making is that retailers don’t have to worry about interpreting the data. Most scoring systems, for example, only give a retailer a score as to the likelihood that a transaction is fraudulent with a short explanation of factors that make it risky. But even those automated systems still require some human brainpower to function. “Merchants still have to figure out if they’re going to approve a transaction,” Shirey says. “We extract the merchant from the headache. But they have to give us a threshold as to how much risk they’re willing to assume and we can tell them whether to approve or not.”
One of the most important costs associated with stopping Internet fraud, however, is a cost that few retailers are willing to bear-prosecuting criminals. Most retail systems are geared toward rejecting fraudulent claims, but they stop after rejecting the orders. “People know it is easy to commit Internet fraud because they won’t get caught,” says AmeriNet’s Karlin. “The worst that can happen to them is the order won’t go through. Retailers to date have not been willing to prosecute because it is cheaper and easier to let it go, especially if it is a small amount. But retailers need to start somewhere if they really want to stop the fraud.”
Lauri Giesen is a Chicago-based freelance business writer.
A password-based process that may reduce fraud
One of the most talked about fraud prevention programs today is one that appears to be the least expensive-at least upfront. That program is Verified by Visa, sponsored by the credit card association. A similar effort is being tested by MasterCard and is expected to be rolled out early this year.
Merchants who participate in the Verified by Visa program say they like its simplicity compared to other security programs. Earlier fraud-prevention programs advocated by the credit card associations, such as Secure Electronic Transactions, were costly and burdensome for merchants to implement. These often required the use of digital certificates, applets or smart cards that most consumers were not familiar with.
Verified by Visa requires only the use of a password that consumers select when they sign up for the program with their card issuers. And then merchants are given the option to participate. When a customer participating in the program makes a purchase at a participating retail site, the customer gets a pop-up template that prompts for the password. The payments processor checks the password with the card issuer.
Beginning in April, merchants will be protected from chargeback liability when both they and the customer participate in the program. Currently, merchants are responsible for all chargebacks.