Combating Fraud: A Solutions Tutorial

by Rick Lynch on Dec 8, 2015 7:00:00 PM DRTV, e-Commerce, Support Services

Combating_Fraud_A_Solutions_Tutorial-524551-edited.jpgMobile payments and data vulnerabilities caused fraud to skyrocket in 2014. Merchants also incurred more costs in addition to their fraud losses, with each dollar of fraud costing them $3.08, compared to $2.79 last year.* By 2018, card fraud is expected to more than double, reaching $6.4 billion**. The fact is fraud isn’t going away and EMV will only pose more challenges, making you focus on your biggest vulnerabilities and ensuring you’re using the right tools at the right to the right degree.

So, where do you start? Good question. Here are some examples of solutions that can mitigate fraud risk and decrease losses.

Device-Specific Technology

Digital Fingerprinting - Analyzes a remote device and its characteristics, including installed plugins and software, time zone, and other identifying device features.

  • Used to identify potentially fraudulent devices so you can take preventative measures.
  • Shortcomings include: Relying on JavaScripting or another client-side scripting language to collect digital or device fingerprints. Limited client-side scripting for users on mobile devices or those using privacy software.

Shared Device Reputation - Shares the ability to identify fraudsters that have already attacked sites with peers within a system—both within and across industries.

  • Prevents first-time losses and speeds up ROI.
  • Shortcomings include: Only effective when preventing fraudsters who have attacked before, not emerging threats already stored in shared databases. Additionally, this type of sharing can be seen as aiding competition.

IP-Based Technology

Proxy Databases - Includes known proxies that fraudsters use to hide their IP addresses and true locations. Proxy-piercing information via IP address provides non-invasive insight into the risks involved with accepting transactions from specific IP addresses.

  • Directs malicious traffic.
  • Shortcoming: The database must be current to be effective.

Geolocation - Uses digital information via the Internet to identify the fraudster’s geographical location.

  • Effective and non-invasive for comparing IP location to registered billing addresses to identify and block connections that pose a risk or block specific IP addresses from suspicious locations.
  • Shortcoming: This can be used in court, but some geolocation tools may be limited in the level of detailed data provided.

Data Solutions

Customer Validation - Uses consumer data from various public and private sources to validate the billing information associated with the payment type.

  • Happens at multiple levels, including checking a billing address via an issuer to validate full name, address, phone, and email address.
  • Shortcomings: Provider has limited capabilities. Leveraging additional detailed solutions can be costly.
Identity Verification - Used to verify and validate a person’s identity based on information they enter, including name, address, date of birth, etc.
  • Helps prevent instances of identity fraud for merchants with high-value transactions or those involved in age-restricted industries like alcohol, tobacco, and gaming.
  • Shortcomings: Can hinder the customer experience by slowing transaction speed. Asking for Personally Identifiable Information (PII) can seem probing, and customers may be hesitant to add all this information to simply make a purchase.

Knowledge-based Authentication - Specifically for high-risk CNP transactions, a user must answer a question that can’t be found in a wallet or online (e.g., prior residence, mortgage amounts, etc.)

  • Used in high-dollar amount transactions or age-restricted industries to verify a user’s identity.
  • Shortcomings: Requires a user to remember potentially obscure pieces of personal information. Can extremely impact overall user experience.

3D Secure - Additional authentication step for CNP payments that was developed by Visa as an XML-protocol to improve online payment security.

  • Used as an additional security layer for online credit and debit card transactions.
  • Shortcomings: Inconveniences the consumer by adding an authentication step during the sales process. Merchants may experience higher abandonment rates when customers see the 3D logo.

Mobile-Based Technology

Mobile Secure Location - A data point that confirms a cardholder’s mobile location during post-transaction review. This identifies actual fraud cases and reduces false positive administrative costs.

  • Reduces cardholder service interruptions and results in an optimized customer experience.
  • Shortcoming: The secure location depends on mobile phone availability and is out of band fraud prevention.

Identification and Isolation of Suspect Transactions - Uses radio environment to capture a customer’s mobile device during the transaction so a merchant can gather information about Wi-Fi access, points in the area, verified GPS information, and IP address information.

  • Information is processed on a secure server that examines signals to obtain a location estimation via Wi-Fi access points, cell towers, and geolocated IP addresses.
  • Shortcoming: Doesn’t prevent the fraud from occurring because it completes post-transaction.

Emerging Solutions

Biometrics - Uses keystroke analysis, fingerprinting, voice, iris, and facial recognition technology to identify and validate people.

  • Expanded the ability for business to authenticate a person’s identity using components other than simple data points such as name, address, and location.
  • Shortcoming: It can be bypassed altogether by exploiting vulnerabilities in the hardware or firmware, and cold booting the device itself.
Email Verification - Associates email addresses with individuals. Some technologies leverage algorithmic, linking technology to evaluate an email provided with order information, name address, and phone number. This provides a fraud score to determine how to proceed.
  • Authenticates that an email address being used during a transaction is associated with the name and address provided.
  • Shortcoming: Could go to customers’ spam folder so they don’t receive it.
Social Media Validation - A profile-based solution that can be looked up via SM “token” or email address. Validates an individual’s personal information.
  • Provides a secondary way to validate real customers such as millennials, unbanked persons, non-U.S. customers, and the younger demographic since they can’t necessarily be validated via traditional ways.
  • Shortcomings: Needs to be used in conjunction with another verification method. If a user does not have a social media profile, this method will not work.
As you can see, there are a variety of ways to protect your business from fraud. The key is to find the right method or methods that are right for you and your customers. Striking that balance is crucial to preserving your profits and managing chargebacks.

*http://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2014.pdf
**http://www.pymnts.com/news/2015/outsmarting-the-cnp-fraudsters/#.VVNqNflVikp

Photo by Stuart Miles/FreeDigitalPhotos.net

Rick Lynch is Senior Vice President, Business Development, at Verifi.

Rick Lynch's blog
Get a2bFilfillment's FREE Ultimate Guide to Fulfillment e-Book
 
Subscribe for tips on how to grow your direct response marketing business!
Subscribe Now!

Follow Us

New Call-to-action

Editorial Disclaimer

The statements, opinions, and advertisements expressed on the ERA Blog and other online entities owned by the Electronic Retailing Association are those of individual authors and companies and do not necessarily reflect the views of the Electronic Retailing Association.