Fraud is a constantly-changing area of focus for merchants –every day there’s a new way of committing fraud that merchants must tackle. Friendly fraud, for example – where customers falsely claim they haven’t received goods – became increasingly prevalent in the pandemic. We’re also seeing more sophisticated types of account takeover (ATO) fraud in Europe, where a fraudster uses the customer’s details to make payments.
These evolving types of fraud represent a huge concern for merchants because they’re hard to detect. Fraud methods are constantly shifting, so merchants need to be proactively searching for solutions to protect them from every angle.
Whilst SCA was intended to reduce fraud, we haven’t seen significant evidence of SCA helping to limit fraud rates for our merchants.
Merchants who enforce 3D Secure on all transactions might have seen a low level of chargebacks, but that came at a price – often enough in the form of a hit to conversion rates and higher abandonment rates. Most merchants don’t want to affect their customers during the checkout process, so they may have developed an exemption strategy that means assuming additional liability for chargebacks. So, regardless of SCA, there’s always a balance between conversions, approvals, and fraud.
There are many things merchants can do. First, to stay ahead of the curve, they need the best data possible about their customers. Merchants who have done that in-house might be limiting themselves to historic data on their own website, which may not even have flagged fraudulent transactions correctly. With newer types of fraud, being able to analyse a customer’s recent behaviour with other retailers – biometrics, shopping patterns, and customer device information - can be very powerful.
We have also experienced a change in how merchants approach fraud screening. Now, we are seeing more and more merchants moving from post-authorisation to pre-authorisation screening. Previously, you would have someone manually reviewing a transaction before the goods were shipped. Now, you can obtain a decision in milliseconds, which you can later use to determine the best route for a transaction early in the process.
The best option – post-auth or pre-auth, in-house or third-party – is going to depend on the merchant. For example, post-auth might make sense for verticals with a relatively long lead time between the transaction and the receipt of goods, like travel.
On the other hand, merchants with very short lead times, such as food delivery companies, might not be able to afford that delay and might prioritise having that fraud assessment conducted earlier on in the process.
The same goes for outsourcing - even if a merchant decides to use a third party, there are nuances. Ultimately, it comes down to the benefits of specialisation versus consolidation – acquirer-owned fraud rules can deliver some value, but dedicated fraud providers are now leveraging data from lots of merchants and have developed sophisticated machine learning algorithms to improve the accuracy and speed of their decisions.
It’s an area where we are seeing innovation, and merchants at the top of their game are looking to utilise these useful insights. There are also optimisation opportunities regardless of which strategy you choose - in-house, acquirer, or third-party rulesets need to be constantly assessed based on the data you’re seeing.
It’s important to look at the impact of fraud holistically. It can be very easy to just focus on chargebacks as the only KPI relating to fraud. Even though it is one of the main KPIs, there are many other stages throughout the transaction process when fraud could be happening.
Looking at it from a different perspective, merchants might have a great fraud rate, but they are likely rejecting too many good transactions. Both being a victim of fraud and being repeatedly turned away when you have sufficient funds are negative experiences, and either one could mean losing a lifelong customer. Generally, we look at fraud from that authorisation perspective – are you getting too many declines through your fraud provider or legacy acquirer? Are your rulesets out-of-date? And how do you balance conversions and risk?
The main reason merchants need to act now is the customer experience. Imagine your credentials being used to make a fraudulent payment – the need to go and resolve that with your bank would likely make you never want to shop with that merchant again.
This could prove a concern, especially with the newer types of fraud, which require a holistic view of customer behaviour, such as login attempts and similar transactions with different merchants. But it’s also about your top line: roughly, CMSPI estimates that European merchants lost EUR 40 billion to falsely declined transactions in 2021 alone. Whatever their anti-fraud strategy, merchants need to be in a strong position to challenge their partners – from cost terms to fraud rulesets, to data accuracy – and use those insights to build a more productive setup for the long run.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2022-2023, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
Domingo Orihuela is a consultant at CMSPI. He is specialised in ecommerce and works with merchants globally to drive additional revenue through optimisation of approval rates, the development of efficient SCA strategies, and balancing fraud through the optimisation of current fraud prevention mechanisms and the selection of the best solutions to fit each merchant’s needs.
At CMSPI, our payments experts provide advisory services and powerful analytics. Our ultimate goal? Supporting a more innovative and productive payments ecosystem. For hundreds of clients across the globe, our insights help improve performance and create positive change.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now