Protection in a Growing Market
Catherine Tong (FCA)
Partner at Allyiz - Providing independent services to the Fraud and Payment industries
As the physical retailing world merges with the online world to become omni-channel, new risks to doing business emerge: social engineering, data breaches, account takeovers, identity theft and friendly fraud, just to name a few. All of these threats not only have security implications, but financial implications as well. The key to protecting your omni-channel business from fraud, is ensuring you can manage these risks in a way that does not prevent growth and expansion.
Having no fraud is a bad thing.
Many businesses monitor their fraud losses, but do you have a metric to monitor how much business is turned away because of the fear of fraud?
A home can be made secure with locks on all the doors and windows. Leaving them locked 24/7 would mean you would not be able to get in and out. The same is true in omni-channel retailing. Prevent all the bad things that could happen and you could also prevent your genuine customers from buying anything from you. Having excessive controls or treating customers too suspiciously can result in a more complex customer journey or at worst unfulfilled orders.
Striking the right balance.
It is important to know what balance you are willing to strike between minimising fraud and maximising sales, whilst allocating the right level of resources to achieve this balance is also essential, especially in a growing business where many customers are first time shoppers (to a fraud team these inherently appear a higher risk).
Common KPIs include:
- Chargeback £ and % by channel
- Order fraud cancellations £ and % by channel
- Cost of fraud process (technology and people)
- Supply chain leakage £ and %
Protecting a business is critical, but having a balanced set of metrics will help ensure a fraud team does not become over-zealous at the expense of lost sales. This balanced view can turn them into a profit centre as they are focused on maintaining sales whilst eliminating the risky orders placed.
What does fraud look like?
If it was easy to spot, the problem would have gone away. For many merchants, fraud prevention has evolved into profit protection, as more than payment fraud needs to be monitored, for example:
- Payment fraud chargebacks
- Customer service chargebacks
- Missing or incomplete parcels
- Return of used items
- Coupon and voucher abuse
- Loyalty scheme abuse
- Staff fraud or collusion with customers
For any of these areas of loss, there is a common theme. Fraudsters need three fuels to keep their fire burning: rationalisation, opportunity and pressure.
The rationalisation generally comes as a financial reward from a large organisation "who can afford it". Easily re-saleable goods are the highest risk, and not just electrical products; clothing, nappies, alcohol and cigarettes still earn a fraudster a good return.
The opportunity means that you are the weakest link. If you are the easiest retailer to enable the fraudster to obtain their products then why would they go anywhere else? After all, they don’t care about price.
The pressure is more personal. It may be that someone sees this as an income stream, whether for personal or a more sinister gain, or simply greed. For some fraudsters, they stumble across a control weakness and then continue to exploit it and it is only when they become too greedy that they are spotted.
Addressing one of these (opportunity usually for retailers) will reduce the fraudulent behaviour. Understanding a customer is a key part of this, with merchants often collecting and analysing 200 or more data points to pinpoint good and bad behaviour. In the same way a security guard will observe customers and detect suspicious behaviour in stores, in the online world, process automation needs to take their place, as the retailer may never actually come in contact with the customer.
So what can be done to optimise loss prevention activities?
There is no silver bullet. However, being agile is key. Fraud never sleeps and so having a static process that does not evolve, where your people are not aware of current industry trends, can make you fall behind. Managing multiple risks in one place is beneficial, as often fraudsters migrate to new methods - their previous methods become harder as retailers notice and increase controls.
Techniques used may include tracking customer behaviour on a website, in-depth interrogation of the device used to place an order, data entered by the customer or other third party services, all of which help to distinguish good from bad. Continually monitoring changing patterns and putting new strategies in place is essential. Even "big data" techniques are only as good as what happened in the past and so having multiple tools to deal with emerging trends enables stronger performance.
Who can deliver this?
The threat of fraud continues to get larger and more sophisticated. There are many companies in the fraud industry - some who have been helping merchants protect their eCommerce business for years, and others who are new to the market. In today’s changing technology environment, it can be confusing to find the right hero.
There are many factors to consider when searching for a fraud prevention provider. What is the company’s track record of success across industries and markets? How fast does the company adapt their technology with innovative features? Do they have in-house experts? Do they have a collaborative community of merchants and vendors to draw insight from regarding screening for fraud and using the provider’s technology?
With the right mix of technology and people, you can be assured that you have the tools to make you successful, enabling sales to continue to grow whilst managing risk.