Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
(Page 2 of 2)
A holistic approach
Improved fraud-prevention tools are needed for retailers to stay a step ahead of the bad guys. "There is an ever-increasing amount of customer data that is available to fraudsters and they have organized networks working throughout the country," a loss-prevention manager at a consumer electronics retailer in the United Kingdom says privately. "The amount of data available makes the traditional prevention methods alone, such as checking transaction velocity on payment cards and customer addresses, worthless."
A criminal, for example, could gather enough information from a legitimate consumer's credit card account, including the consumer's name, card number, and billing address, to avoid tripping a fraud alert. But additional information, such as data that identifies the computer the criminal uses, could alert the merchant of a suspicious transaction, he says.
By integrating device identification technology from Iovation Inc. with its fraud-prevention platform from Accertify, he says, the retailer has significantly cut back on chargebacks even as its average order value increased. Banks that issue credit cards will charge back to a merchant the value of transactions that turn out to be fraudulent, and merchants hit with many chargebacks can also face fines.
The Iovation device I.D. technology, which the U.K. retailer deploys as part of Iovation's ReputationManager application, scores the risk of a transaction based on the fraudulent and suspicious activity associated with the computing device being used to place an order. Devices can be uniquely identified by combinations of information such as name and type of device, IP address, operating system and the protocol used to transmit data.
When orders come from devices deemed suspect, Iovation clients can automatically block those transactions or send them into manual review. The cost of deploying Reputation Manager starts at about $2,500 for set-up, plus per-transaction fees ranging from 10 cents to less than one cent, depending on volume, says Jon Karl, vice president of corporate development for Iovation.
Beating back chargebacks
As with Gilt, growing web sales have posed a risk management challenge for BodyBuilding.com, a retailer of nutritional supplements that experienced a surge in chargebacks as it grew in popularity after a decade in business. "Over the course of a year, our chargebacks started rocketing, doubling month over month," says Ryan Vestal, corporate controller of BodyBuilding.com, a unit of Liberty Media Corp. "By December 2009, our chargebacks were 1% of sales."
The e-retailer realized that the higher chargeback rate would require more sophisticated antifraud technology to replace its home-grown system. Last year it deployed Kount Complete from Kount Inc.
With several fraud-prevention applications, including device fingerprinting and risk-scoring tools, Kount Complete has enabled BodyBuilding.com to more accurately identify which orders should be accepted, blocked or temporarily held for manual review.
The new system, which is hosted by Kount in a software-as-a-service environment, has resulted in an 85% drop in the retailer's chargeback rate, to 0.15% from 1%, says Troy St. Pierre, the retailer's vice president of global business development and customer service. That drop saves BodyBuilding at least $85,000 per monthÑenough to cover the annual cost of the system within a two-month period, he says.
"If we can't get your chargebacks under 1% of transactions in less than 60 days, we'll give you your money back," says Steve Rouse, chief operating officer of Kount.
The challenge of fending off fraud can be even more difficult at Gilt Groupe, where criminals have tried to game its constant offerings of timed promotions.
A typical promotion might offer one expensive designer dress per customer, for example. But some criminals may try to disguise their IP addresses or change domain names to place multiple orders for products while making it appear the requests are coming from different people. The illegitimate buyers either keep the extra garments or try to sell them.
In other cases, an unethical shopper may try to sign up as a site member with multiple accounts in an effort to trick the promotional system into granting multiple awards, such as free-shipping credits for referring new customers. "Promotions are an area where the fraud community has identified flaws to exploit," says Severance, the retailer's financial controller.
The Accertify Interceptas system alerts the retailer if such attempts occur, and it also enables Gilt to modify its business rules, the retailer says. For example, Gilt can automatically block or send to manual review orders for promoted designer dresses whenever more then one order appears to come from the same IP address. Likewise, it could block the issuance of multiple referral credits going to the same customer within a short time period.
Setting up such rules takes minutes in the Interceptas system, compared to a day or longer when Gilt had to rely on its own I.T. department to modify its in-house system, Severance says.
The new system not only is effective at blocking fraud, but also helps Gilt avoid adding phony names to its customer file, he adds.
"We're looking not just for fraud, but any unusual behavior," says Eric Fishman, Gilt's manager of business process and internal controls. "We're taking proactive steps to protect the quality of our member file."
For online merchants facing increasingly sophisticated fraud rings, taking comprehensive steps to manage risk is the only real way to block out the criminals while keeping the door open to legitimate customers.