A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
Online retailers can reduce the number of transactions they must manually review by comparing key pieces of customer information with records kept by companies that specialize in collecting consumer data.
When it comes to online fraud, most small Internet retailers tend to act like an uninsured motorist: they know something could happen to them, but if they just hope hard enough, perhaps it won't.
In reality, there are some simple "defensive driving" steps retailers can take, regardless of their size or budget. They can learn how consumers can protect themselves from fraud and pass on that information. And they can improve customer authentication using third-party data. That will help online retailers approve transactions with more confidence and avoid the triple whammies of fraud losses, chargebacks and brand damage.
Why are small businesses at such high risk for fraud?
Let’s be clear, all merchants are at risk for fraudulent activity, not just small businesses. In the most recent 2013 CyberSource Online Fraud Report it was estimated that total U.S. online revenue losses reached $3.5 billion dollars. Unfortunately, it’s not hard to see why; criminals have become increasingly clever in their techniques, such as triangulation fraud, which is one of the most complex and difficult to catch.
A triangulation scam involves a thief using an intricate method of purchasing an expensive item from one online retailer using a stolen credit card, and then going to another site like eBay to resell the item to an unsuspecting individual. The transactions happen so fast that neither the original Internet merchant nor the second site purchaser realize the product was bought with a stolen card. There’s just no time to do checks and balances in the merchant’s back end.
This fraud is often perpetrated with an additional twist: the product isn’t purchased by the criminal (with stolen payment credentials) until the legitimate consumer places an order on a fraudulent web site or posting in an online marketplace. Not only does the merchant get a fraud chargeback, but also the legitimate consumer is added to the blacklist as a fraudster because her address and name are associated with that lost product and chargeback.
Small retailers have very little time and resources to adequately prepare for this type of fraud. They are typically spread thin in staffing, with a customer service agent or treasurer bearing the onerous fraud-prevention duty. Until chargebacks become severe, fraud doesn’t get much attention and, even then, the knee-jerk reaction is to reject too many good transactions and leave money on the table.
Educating customers on how to protect themselves
The responsibility for stemming the growth of online fraud does not entirely fall on the merchant; consumers definitely share in this duty.
Online banking, mobile apps, virtual check deposit and paperless statements provide a great convenience to consumers when conducted properly, but there are risks. If consumers provide their payment information or personal identity to a nefarious source they can spend years digging themselves out of a mess of identity theft or account takeover. Consumers need to utilize sufficiently strong and diverse passwords, shop online only with credit cards (avoid using debit cards that might be used to drain your bank account), check their statements regularly, and promptly report irregular activity to their card issuer.
Despite the best efforts from both merchants and consumers, fraud will still happen. When you consider the limited staffing at most smaller businesses, it is so important to automate the consumer authentication processes that flags suspicious orders and reduces the number of costly manual reviews.
Small online businesses can easily implement a third-party API that feeds directly into an existing review platform. Using third-party customer information enables manual review specialists to easily find data and make more accurate decisions about the validity of transactions. The most common and easiest data to pull are phone number type, e-mail address match, and address activity. By matching key data elements to an identity, a retailer can look for variations like an e-mail or phone that does not match back to the consumer’s identity. This is most likely a fraudster who has stolen a consumer’s identity and is trying to get a retailer to verify an order by phone or email to an e-mail that does not belong to the legitimate consumer.
Some third-party data providers offer an identity score, which brings together various credentials and is weighted differently for different types of online businesses. It’s also possible to create a master white list that includes customers whose transactions don’t require any review at all (assuming there are no indications of account takeover, such as a change in shipping address or payment credentials). Utilizing an identity score can greatly expedite manual review, and keep the best customers happy with a seamless and timely shopping experience.
A true data partner will work with a small retailer to build a customizable API that fits the retailer’s needs and budget. Ultimately, the result will be fewer transactions that need to be pushed to manual review, and those that are will be assessed much faster.
Small online retailers should consider proactive fraud-prevention tactics, even if resource allocation might suggest otherwise. Like auto insurance, doing without it can end up costing more in the end.