Choosing a Fraud Prevention Tool
Table of Contents
- What is a fraud prevention tool?
- What features should my anti-fraud tools offer?
- Address Verification Service (AVS)
- Device fingerprinting
- Velocity checking
- Fraud scoring
- What are some good fraud prevention tools?
- 3-D Secure
- How to use fraud prevention tools effectively
- How can you protect yourself from fraud?
- How do I know if I’m being scammed?
- Who is liable for credit card fraud?
Fraud is an ever-present danger for eCommerce merchants, and true fraud chargebacks can be some of the most frustrating to deal with. Even when you've optimized your business operations to reduce merchant error chargebacks and have a good system in place for fighting friendly fraud chargebacks, true fraud can remain a persistent problem, and there's no way to fight them after the fact.
The best strategy for merchants is to follow best practices for preventing fraud and use effective and up-to-date fraud prevention tools. When merchants are struggling with fraud, how can they select the right tools for the job?
Fraud based on payment card and identity theft just keeps on growing in the card-not-present environment, despite significant efforts from card networks and other stakeholders to get the problem under control. While the development of the EMV chip has reduced fraud for card-present merchants, it has also pushed more fraudsters into the world of eCommerce. Fortunately, online fraud prevention technology continues to advance, and merchants have several tools available.
Chargebacks were invented specifically to protect cardholders from fraud by card thieves (as well as unscrupulous merchants), so there's no legitimate basis for fighting them. When true fraud has actually occurred, there's no argument or evidence that the merchant can provide to get the chargeback reversed.
The only way to fight true fraud is to prevent it from happening in the first place.
Fraudsters are very technologically savvy these days, and to stop them you'll need sophisticated technological solutions. There are many options to choose from out there, and picking the right tools can be overwhelming, especially when you have to balance out stringent protection against the risk of creating too much friction for your customers.
Not every merchant will have the same needs when it comes to anti-fraud tools, but to get you headed in the right direction, here are some of the most essential fraud prevention tools on the market.
What is a fraud prevention tool?
Fraud prevention comes in many shapes and sizes. Because of this, tools typically include several layers of functionality.
Some of the features various fraud prevention tools offer include:
- Identity verification: The most basic step in preventing fraud is to verify that customer is in fact the actual cardholder.
- Data sharing: Some fraud prevention tools share transaction data with card networks or issuing banks to take advantage of their more sophisticated fraud prevention methods.
- Rule-based risk scoring: Merchants can set up rules based on past experiences of fraud to generate a risk score for each incoming transaction. High-risk transactions can be rejected or sent for manual review.
- Automated risk analysis: Software powered by AI and machine learning can automatically analyze past transaction data, learn from it, and generate risk scores for incoming transactions based on that analysis.
What features should my anti-fraud tools offer?
For example, if you find that the majority of your fraud is coming from a specific country, then tools that can determine a customer's location are a must. If you're being targeted for card testing, velocity checking will be an important feature.
If you have reason to believe a significant portion of the fraud you face is coming from experienced criminals, tools like device fingerprinting and automated risk analysis become more important.
Most merchants encounter fraud in a variety of forms and stemming from a variety of sources, so all of the following features can be beneficial to some extent.
Address Verification Service (AVS)
One of the most basic forms of fraud screening is verifying that the address provided matches the card's billing address. While many fraudsters will have ways to obtain this information, AVS can filter out a significant percentage of low-effort fraud attempts.
Geolocation features typically generate location information based on a customer's IP address. This can tell you where your traffic and orders are coming from, and if you experience higher rates of fraud from certain locations, you can scrutinize them more closely or even blacklist orders from that location entirely.
Unfortunately, geolocation based on IP address has a low degree of accuracy. Customers in rural areas will be shown as being in a nearby city, and in some cases IP location information can be out-of-date or just incorrect, indicating a location thousands of miles away from where the customer actually is.
With the proliferation of smartphones that are capable of precisely determining their location, some banks and merchants have begun requesting direct access to location data for customers on mobile. This location data is calculated using information such as GPS and nearby Wi-Fi networks and is usually accurate within 30 meters or so, depending on the strength of the signal.
One thing fraudsters can't avoid is that they need a phone, computer, or similar device to make their fraudulent purchases, and those devices can usually be identified.
For smartphones, the process is simple. Every phone has a unique device ID that identifies it, and this device ID can be read and recorded.
For computers, fingerprinting is more complicated, and most of the details are kept as trade secrets. While device fingerprinting isn't foolproof, the methods fraudsters might use to avoid it are complicated and imperfect.
Identifying a device can help you identify account takeover fraud (when a brand new device suddenly starts trying to log in to a customer account) and blacklist known offenders in a way that's more difficult to circumvent.
When it comes to getting away with fraud, time is of the essence. As soon as the cardholder realizes what's going on, they'll call their bank and get the card shut down.
To maximize their chances of stealing lots of money from their victims, fraudsters often make multiple purchases in a short amount of time. Velocity checking tools will identify this activity by checking the speed and frequency of transaction attempts.
Velocity checking can also be used to spot card testing, where a fraudster with a list of stolen card information attempts a small purchase with each one to check which are still active. Multiple purchase attempts that share certain information, such as IP, device fingerprint, or shipping address, can be flagged and blocked.
There are no rules when it comes to fraudulent transactions, and sometimes you need to step back and look at the bigger picture in order to detect them. Fraud scoring tools examine transaction data for possible indicators of fraud and produce an overall score of how likely it is that the transaction is fraudulent. This score can then be used to approve the transaction, reject it, or flag it for manual review.
These tools vary in their implementation. Some come with basic rules for how fraud indicators are scored that merchants can adjust based on their preferences and experience.
Creating a good ruleset for risk scoring takes time, effort, and frequent re-analysis and adjustment.
More advanced tools use machine learning to generate this ruleset automatically. They analyze a merchant's transaction records, looking at all the data for both the legitimate transactions and the fraudulent ones. Through a process of simulated trial-and-error, they then attempt to generate the ruleset that would best weed out the fraudulent transactions from the real ones without generating false positives.
What are some good fraud prevention tools?
There are more fraud tools out there than we can possibly enumerate here, but here are a few reliable providers to check out:
Sift's digital trust and safety platform offers a wide range of defenses for various types of fraud, powered by machine learning to help keep you one step ahead of the cybercriminals. To avoid rejecting legitimate customers, Sift offers "dynamic friction" that stops fraudsters while minimizing false positives.
A well-established player in the anti-fraud sphere, Kount offers tools powered by AI and machine learning to help merchants block fraudsters, along with case management tools to make manual review of suspicious orders more streamlined.
Bolt focuses on the checkout process, monitoring suspicious user behavior and providing additional layers of protection for customer data. Bolt might not be the right solution if you're looking for something you can easily plug into your existing system via API, but for merchants who need to go the extra mile in fighting fraud, it's worth investigating.
If both the merchant and the cardholder's issuing bank support 3-D Secure, the merchant can transmit any available data to the bank and ask them to verify the transaction. All of the major card networks offer a version of this protocol.
In 2016, EMVCo released 3-D Secure 2.0 to address some of the security and usability limitations of the first iteration. What this means for merchants and customers is a much easier experience in using the technology, especially in mobile transactions. In fact, it allows merchants to launch guest shopping on mobile devices without requiring the shopper to provide a username and password.
How to use fraud prevention tools effectively
The thing to remember about fraud prevention tools is that they really are just tools — they're only effective if you use them correctly. The right fraud solution will address the specific vulnerabilities of your business with software that's easy for you to implement, use, and keep updated.
There aren't any set-it-and-forget-it solutions for a problem as dynamic as online fraud. Fraudsters are constantly innovating their own tools and tactics to exploit new vulnerabilities as the eCommerce landscape grows and changes, and merchants have no choice but to keep pace with them.
Just remember that while these tools can help prevent true fraud, other forms of fraud — like the ever-prevalent friendly fraud chargebacks — will slip right past these defenses, and must be dealt with through the representment process. The good news is that if you minimize your true fraud problems by implementing the best possible tools, you'll have more time to focus on the disputes you can fight and win.
How can you protect yourself from fraud?
How do I know if I’m being scammed?
Who is liable for credit card fraud?
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: firstname.lastname@example.org