Without the right data, CNP fraud protection could be out of reach

Capturing and analyzing your sales and fraud data gives your ecommerce business real-time, dynamic information that helps you keep pace with rapid changes in the way fraudsters operate. Without this information, your fraud prevention strategies will fall behind. Here’s how to build an effective fraud management solution that is customized for your business needs.

credit card fraud
Thinkstock

For ecommerce players, preventing card-not-present (CNP) fraud is an ongoing challenge. But many of these businesses are leaving their most valuable fraud-fighting tools untouched. According to the 2017 True Cost of Fraud Study by Lexis Nexis, fewer than half of small ecommerce businesses track their fraud costs by transaction type. Even fewer track their fraud costs by channel. But that data can give businesses the real-time, dynamic information they need to fight fraud and keep pace with rapid changes in the way fraudsters operate.

The rising tide of CNP fraud affects the entire ecommerce industry, and certain verticals are more frequent fraudster targets. But each business has a unique risk profile based on its vertical, niche, markets, specific products, payment security practices, and other factors. The only way to build a truly effective fraud prevention system is to customize it—and the only way to do that is by thoroughly analyzing your sales and fraud data, particularly by channel and by transaction type.

For example, peak spending seasons vary by region. Europeans on holiday typically spend more in the summer, while in the US the peak season is November and December. Businesses can tune their models to expect higher transaction volumes during the typical peak season for the regions they sell into, and that can help control false positive rates. Tracking the data is critical to doing this effectively.

Data ecommerce sellers can track for fraud prevention

Small ecommerce firms—those with annual revenues less than $10 million—lag far behind larger players in tracking fraud data. This raises their CNP fraud risk because, as the True Cost of Fraud authors noted, fraudsters will go where they can succeed. If larger ecommerce sellers are fending them off, they'll move on to smaller sellers who aren't focused on their fraud metrics. Here's a brief rundown of some of the numbers mentioned in the Lexis Nexis report that ecommerce merchants of all sizes should monitor and analyze.

  • Prevented and successful fraud by transaction type. Only 39% of small ecommerce companies track instances of prevented fraud, while 52% of larger companies do. This data allows sellers to see which payment types lend themselves best to stopping fraud. Fewer ecommerce companies of all sizes track completed fraud by payment type, even though this information can identify the payment methods that entail the most risk.
  • Prevented and successful fraud by channel. A mere 17% of small ecommerce companies track prevented fraud by channel, and just 26% track completed fraud by channel. Compare that to larger ecommerce businesses. Forty-two percent of them monitor prevented fraud by channel, and 76% track completed fraud by channel. This information matters because different channels carry different fraud risks and require different practices.

The right fraud prevention analyses for ecommerce data

Most merchants keep tabs on their chargeback ratio, which is a de facto measure of completed fraud, but many stop there. However, there's a lot of information a seller can pull from that data. Which channels have the highest chargeback rates? Which products are most likely to be charged back? If there are phone sales in addition to online sales, is that channel getting hit harder than the online channel? Where are these charged back orders originating, and where are they being shipped?

Beyond chargeback-related data, merchants are leaving a lot of information on the table. How many fraud attempts does the system stop in each channel and by each payment type? E-retailers need to know this to see what's working and adapt that approach to other channels or payment types to reduce fraud rates there.

Merchants should also know many false declines their anti-fraud system generates. False declines cost retailers more money than completed fraud does, and false declines can damage or destroy relationships with good customers that companies have spent money and effort to win. Sellers that don’t analyze their fraud data for false declines could be unknowingly losing customers while believing their fraud practices are effective. And sellers who try to save on manual screening by outsourcing it to temporary workers or third-party call centers may lose customers to one-size-fits all attempts at service and screening. Good false-decline reduction provides up-to-date data to qualified and savvy fraud prevention team members, so they can screen orders and contact customers in a way that builds trust rather than erodes it.

How to use feedback from fraud prevention data

Tracking false declines and fraud attempts by completion or failure, payment type and channel can help retailers adjust their program's parameters in each channel and for each payment method. Expanded tracking and analysis can also alert merchants to spikes in fraud attempts by payment type of channel, such as fraud bot attacks, so they can allocate more resources in real time to prevent their systems from being overwhelmed and letting fraud through. These are basic applications for transaction fraud data, but there are other ways to use that data to cut fraud and false declines.

One example of how to use analytics to improve a fraud program is by converting static positive and negative files into dynamic datasets that are updated with a constant feed of transaction data. Having dynamic data is especially important now, because years of consumer data breaches have compromised so much private information, and because fraudsters have become so sophisticated about associating stolen card data with valid email addresses, phone numbers, and mailing addresses to work around fraud prevention strategies.

Because of this blending of stolen and valid data, combined with the continuing problem of data breaches, a static negative file could eventually contain data on every customer who tries to place an order. A better solution is to use transaction data to maintain an up-to-date database that allows good customers to buy even if some of their data was compromised at some point in the past.

Each company's fraud data already exists and grows more valuable with every transaction. It's up to merchants to extract the value from that data to improve their fraud prevention practices, reduce fraud losses, and maintain strong relationships with their good customers.

This article is published as part of the IDG Contributor Network. Want to Join?

Security Smart: 4 Common Password Myths ... Debunked!