By Ronen Shnidman
By 2021, there will be 378 million online shoppers in Europe and the global e-commerce market is expected to grow on average 21% per year until it reaches $4 trillion by 2020. In recent years, the cost of fraud for merchants grew as well, tripling to 1.5% in 2016 from 0.5% of revenue in 2013, according to LexisNexis’ Cost of Fraud report.
Meanwhile, secure payments are becoming a significant differentiator among merchants for consumers. Some 58% of merchants who experienced growth in online and mobile sales in the past year said that enhanced security features had “a very significant impact” on their sales according to an American Express survey published two weeks ago. By way of contrast, free shipping (55%) and an improved customer checkout process (54%) ranked lower for the 401 merchants surveyed. E-commerce fraud prevention is becoming more important to merchants both in terms of generating more revenue and reducing costs.
That is why e-commerce fraud prevention trends and solutions for payments companies and merchants featured heavily at Money 20/20 Europe. Luckily, About-Fraud.com, along with identity data provider PIPL, were there to capture some of the fraud discussion highlights to share them will all ecosystem stakeholders who weren’t able to attend the conference or hold down their liquor at the many networking events. Below are some important highlights from the conference regarding trends in fraud attacks, innovative fraud prevention technologies and widening issues in product-client fit for different stakeholders.
About-Fraud.com also interviewed some newer entrants into the fraud solutions space at the conference, both companies (Seon and Kaspersky) interviewed are addressing existing issues with fraud solutions in innovative ways. Each company is featured in a sidebar-like article that is accessible via link in the relevant parts of the article below as well as from the Interviews page. Be sure to click through on the links for the topics that interest you.
Fraudsters break thru rules-based systems
One of the newest fraud trends mentioned at the conference was the use of registered mobile phone numbers tied to stolen credit card details.
The fraudsters then use these phones to pass through many merchants’ rule-based fraud prevention systems and order goods on the victim’s account, says Cristina Soviany, founder of the machine learning fraud startup Feature Analytics. Goods are typically stolen from airline ticket, gaming and digital goods merchant sites and then fenced to third parties for cash.
Soviany points to this type of fraud as a real-world example of why merchants cannot rely on rules-based decisions alone. She advises that the e-commerce protections must include either machine learning or artificial intelligence algorithms than can be more easily adopted to changing forms of fraud over time and by industry.
“Merchants are trying to chase fast changing fraud scenarios with a rules-based approach and are hitting a lot of good sales,” says Soviany. “One way to address this is with machine learning algorithms, which if created the right way will evolve with your data.” According to Soviany, decline and acceptance rules shouldn’t be abandoned entirely but should be kept relatively basic and static while another of layer machine learning algorithms can be altered rapidly to deal with changing fraud trends visible in the merchants’ transaction data. These adjustments should help keep fraud levels in check as fraudsters seek to switch up or develop new techniques to defraud merchants.
To learn about one agile fraud solution startup that has implemented much of the latest data and technology into their solution read our interview with Seon here.
Mobile: The future of fraud?
M-commerce is also an area that is booming for both fraudsters and merchants. “More fraud is going to mobile,” says Mélisande Mual, managing director of The Paypers, a fintech and payments industry news site. Part of this increase in mobile channel fraud is a natural effect of the growth in m-commerce overall across Europe and globally. However, preventing m-commerce fraud from becoming a welcoming channel for fraudsters is also a technical issue.
“Mobile is challenging because it is a new channel with over 2,000 data points,” points out Mike Matan, VP for Industry Engagement and Product Management at American Express. He qualified that by adding, “If you keep on investing in fraud prevention you can keep your fraud level constant even as online commerce grows.”
To learn more about new solutions for preventing mobile-based fraud, check out our interview with Kaspersky here.
An ounce of prevention
Panel discussion members emphasize the importance that merchants and the rest of the ecosystem must place on preventative measures and gathering fraud threat intelligence instead of relying on reactive procedures.
Bas Winkel, Sr. Director of Performance Management & Financial Operations at bol.com, gives the example of a popular phishing technique detected by the Netherlands’ largest online marketplace in 2012. In that case, a ring of local Dutch fraudsters creating fake pages and emails to phish account information and passwords from bol.com’s customers – most of whom pay for goods cash on receipt. Using the hijacked account credentials, the fraudsters would then use existing customers’ credit lines to order goods cash on receipt for delivery in the Netherlands. A postal worker who was a member of the ring would then ensure that the goods were never delivered to their final address and instead were fenced to third parties.
Winkel briefly recounts for the audience how the fraudsters were identified and caught, but as a cautionary note also relayed the fraudsters’ case is still working its way through the Dutch court system as of June 2017.
The Second Coming of 3-D Secure
All the panel discussion members agreed that there is no one-size-fits-all fraud solution and that there is unlikely to be one in the near future. The key is for every player in the e-commerce ecosystem, including merchants, payment service providers (PSPs) and acquirers is to find the right combination of fraud prevention tools that suits their business.
Once upon a time, many years ago, some merchants believed 3-D Secure and its counterparts at the major card networks might be a cure-all for their e-commerce fraud worries by shifting chargeback liability for transactions from the merchants to the banks. That never happened as merchants quickly discovered that customers neither entirely trusted nor liked something that interrupted the payment flow by directing them to either a new window or off-site, hurting sales.
The rollout of 3-D Secure 2.0 is supposed to include some changes that address some of the issues with the original solution. According to Matan, with version 2.0 merchants will be able to determine when to activate 3-D Secure and demand additional authentication in the checkout flow based on the customer’s risk profile. For low risk profile customers, the merchant can keep 3-D Secure 2.0 out of the checkout flow to prevent unnecessary increased friction and lost sales.
Nevertheless, Matan says, “It [3-D Secure 2.0] is definitely an important tool, but when you’re fighting fraud it’s never about one tool. You have to have a layered approach.”
Finding the Shoe that Fits
For small and medium-size merchants the technical complexity of some solutions and their costs might be difficult to bear. Several panel members suggest that these businesses seek out the services of a fraud management company, including American Express’ Matan and Feature Analytics’ Soviany.
The amount of data needed to power effective fraud prevention algorithms based on machine learning and artificial intelligence in particular is beyond small and medium-size merchants’ capabilities to provide. Soviany recommended that smaller merchants make sure to work both with a fraud management company and PSPs and acquirers that use machine learning-based fraud solutions themselves.
Despite the increasing complexity and variety of fraud prevention solutions, the marketplace for these products doesn’t appear headed toward consolidation. “There will be quite a few fraud companies for the foreseeable future because the pace of change is so fast in this space,” say Matan. That means do your homework merchants, PSPs and acquirers, a cure-all off-the-shelf solution is a long way off.
About-Fraud.com’s Money 20/20 Europe insights feature is sponsored by identity information provider PIPL. To learn more about the data and identity resolution tools supplied by PIPL go to https://pipl.com/corp/