"Roadmap to Successful Fraud Mitigation"
Alexander Hall
Trust and Safety Architect - Sift | Fraud Strategy Expert | Consultant | Fraud Team Trainer | Public Speaker
This week I will be covering the road map to building the best defense. Whether you are a dropshipper, a hot dog stand on the corner, a national chained franchise, or a quadrillion-dollar corporation, you will see information that pertains to your operation.
Identify your "As-is".
"How dramatic has the impact of fraud been on your operations?"
We ask this question to all of our clients. The spectrum of responses ranges from "None" to "fraud is a hellhound, hunting my soul" (true response).
When addressing your development of a defense against fraud, it is important to understand where you stand. List the ways that dishonest tactics negatively impact your company. From fraudulent transactions to policy exploits, friendly fraud disputes to dishonest B2B interactions. Track them in an easy to digest fashion that can be reflected in percentages over time against the total revenue of the company.
Quantify your findings in dollars, not percentages:
A company with an annual revenue of $200m losing 0.5% to fraud and exploits is often interpreted as a acceptable operational cost. But take into consideration that the 0.5% is AT LEAST $1,000,000 being stolen from from your company.
This amount is not an investment in marketing, nor a warehouse expansion. There is NO ROI on this expense and it is more likely that if you see an amount in this way, your losses are 2 or 3x more than that number, when you consider the lost transaction amount, loss of products or services rendered, processing, fulfillment, and more.
Identify Fraud at the Point of Sale
Whether your company is a brick-and-mortar operation with in-person cash/ check /credit card payments, or an E-Commerce powerhouse, transacting in credit / debit payments solely, your team must be able to confidently identify counterfeit materials / fraudulent transactions.
It has been reported that the amount of counterfeit bills in circulation ranges from $70m to $200m at any given time. The American Bankers Association calculated $25.1b in check fraud for 2018. Credit card fraud estimates vary greatly, with a top-end estimate of $140b.
It is well-known the point of sale (or online checkout) is the primary way that fraud gains entry to a company, and the affects of the accepting "bad" forms of payment do not end there.
Successful fraud attempts result cost not only the transaction, but also the product / service sold, chargeback processing fees, processor and issuer reputations, and many others.
A successful defense against fraud is 30% responsive and 70% preventative.
Give your team the tools and information they need to to confidently identify counterfeit materials and discern fraudulent transactions in your e-commerce business.
Understand the E-Commerce Environment
What it is:
Brick and Mortar establishments face a specific list of challenges when it comes to fraud mitigation. When making the move to E-commerce, the world changes, due to the company's introduction into a CNP (Or "Card Not Present") environment. As the name implies, CNP Environments exist wherever a payment method, such as credit/debit cards, bank transfers, gift cards, etc. are processed without being physically presented. This applies to online stores, telephone orders and mail-in orders.
When operating in this space is it absolutely necessary to understand what data is available to the merchant, how the information is provided, the process each transaction undergoes, what roles are in play and any given point, and (most overlooked) where your systems' weak spots are, leading to dishonest user exploits.
The Checkout Process:
When the final checkout button is clicked by a customer on a sales platform, such as Shopify, the information is bundled up and sent to the issuing bank via the processor, requesting a response code regarding the validity of the billing address (resulting in an AVS-Response Code) and the CVV Code (Resulting in a card code response code). These are 2 of several data points a merchant can utilize as they perform their transaction analyses while using a bare-bones platform.
Some of the other data points available are:
1. Whether or not the Billing and Shipping addresses match
2. The history of the account in your system
3. The behavior of the account
4. How many different payment methods this account uses
5. Names used on the account
6. Email address history in your systems.
Combined, the number of data points that a bare-bones system uses is typically less than ten.
This is where the automated platforms step into the game.
A bare-bones system has no more than 10 data points available to for the merchant to use when determining the validity of the transaction. The platforms that we have partnered with tout anywhere up to 450 data points, spanning public information, social media, and more!
These system use the aggregated information to offer the merchant a risk assessment, resulting in a score. Each with their own strengths and custom features, you can imagine how effective these platforms are at helping the merchant identify fraudulent transactions.
Chargebacks:
The next milestone in the journey of a CNP Transaction is reached when the account holder disputes a transaction. This can happen for any reason across a wide spectrum of causes. For this to happen, the account holder reports to the issuer that a transaction was not recognized or the transaction was unsatisfactory based for just about any reason. Additionally, there are dispute charges that have no classification, and, due to this, are categorized as "Cardholder Disputes".
After the account holder files the dispute with the issuer, the issuer send the dispute to the merchant's processor in the form of a Chargeback. The processor then notifies the merchant. At this point, the funds for the transaction in question have been reversed and frozen, and the merchant has the opportunity to defend themselves, accept the dispute, or notify the issuer that credit has already been issued.
When dealing with chargeback representments, it is important to understand the reason codes associated with the disputes, the information that is needed to defend the merchant's position, and how to accurately outline the relevant course of events regarding the transaction.
Once the chargeback has been closed and the issuer has reached a determination regarding the disputed transaction, the process is now complete and, with very few exceptions, will not be re-opened for any reason in the future.
Build Data - Analyze Data
Overview:
Developing a thorough understanding of your company's susceptibility to dishonest tactics is necessary to help you determine what information is relevant when it comes to data management and analysis.
Of course you and your team have worked diligently to create solid policies and employ secure processing procedures and software, but a company's weaknesses aren't directly correlated to the amount of work they put in. Fraudsters and other dishonest people prey on exploiting your hard work, and typically do so in very creative ways.
Build Data
As you operate and grow, your company will inevitably encounter losses that exceed your expectations. Maybe by a couple dollars, or maybe by a million dollars, but it will happen, and it absolutely will not be found exclusively reflected in a bank statement.
The relevant data points needed to properly track your company's weaknesses will differ based on many different factors, such as:
- Customer type (consumer, business, government, etc.)
- Industry
- Processing components
- Payment Methods
- Policies
- Marketing
- Loyalty Programs
...and many, many more
In order to determine which information is relevant, consider that most companies have the following items:
A - Something to sell / a service to provide
B - Money
As your company operates, take the time to ensure that your accounting has all of the answers regarding loss of money and loss of inventory. Easy enough, right?
Not always.
For a retail company that deals only in cash transactions, they may only need to ensure that their staff can identify counterfeit materials and that their supply chain is accurate and honest. However, a company like Walmart requires alot more attention to a wide array of details. Think of all of the moving parts of a single Walmart, and how much potential for exploits exist. The amount of energy and time it takes to identify weaknesses in every part of the operation eclipses the work necessary for a privately-owned, mom-n-pop shop selling home made birdhouses, accepting cash as their only form of payment.
Analyze Data
Understanding where the holes are in your operation gives you an idea of the "What" that is causing losses. To determine the "How", you need to analyze your findings and see what continuous operations are producing these losses.
The reasons that you will discover can range anywhere from marketing exploits, weak security checks at checkout, policy exploits and dishonest B2B relationships. Whatever the reason, it is important to discover the tactics that are employed.
Once you know "What" losses your company is facing, and "How" they these dishonest tactics are applied against your company, you can begin to develop your defense.