What price range sees the most CNP fraud? It depends

Data on the price ranges that online fraudsters target most are effective in helping retailers be more aware of fraud tendencies. However, any price point can be a target to some criminals, and it’s important to leverage this data to build a more effective approach to fraud reduction without sacrificing revenue or customer experience. Here are some ways to go about it.

security threats and vulnerabilities

As CNP fraud continues to increase, we often see reports about the price ranges fraudsters are targeting most heavily in different industries. For example, the $100 to $500 range was the sweet spot for many fraudsters looking to steal furniture, appliances, and power tools online, according to the October 2017 PYMNTS Global Fraud Index. A 2017 Juniper Research white paper put 2015 average fraud order values around $1900 for airline tickets, about $1700 for automotive purchases, and around $600 for pharmacy orders. Figures like these can help businesses protect themselves from fraud, but only if they’re used correctly. Simply adding a rule to an automated fraud-screening program is not enough, and it can even lead to more losses.

What does fraud price-range data tell us?

Reports and updates on commonly targeted price ranges are snapshots in time that show what CNP fraud looks like at that particular moment. They serve as cues to look more closely at your own fraud rates in those ranges and to review your fraud protection practices. Over time, these snapshots can show how fraud is trending in a particular price range within a specific vertical. That information can have an impact on the overall risk profile and processing costs for merchants in those verticals.

However, any price point can be a target to some criminals. Because stolen payment data is so cheap now, some fraudsters use it to buy takeout meals and transportation instead of reserving that data for the theft of expensive goods for resale. And some verticals always seem to deal with more fraud attempts than others, such as apparel, jewelry, electronics, beauty, travel, and health and wellness.

Some things can’t be extrapolated from price-range data alone, even within a specific vertical. One is whether that range represents where fraudsters target most often or only the one where they most often succeed. For example, a luxury handbag retailer may see the highest number of fraud attempts on orders above $15,000, but its stringent fraud controls in that range are successful at keeping the completed fraud rate low.

Meanwhile, the merchant may see fewer fraud attempts but more losses and chargebacks in the $1,000 to $3,000 range because the fraud controls need refinement, not because fraudsters aren’t after the more expensive goods. If thieves are succeeding in that lower price range, they’ll be back for more and more of those items. This skews the price-range data and the store owner’s attention toward items that are actually less appealing to thieves. All the while, the fraudsters are working on new ways to get those higher-end items, too. Another factor is the size of the resale market for stolen merchandise. Thieves may target mid-range items because there are more buyers, for example, for deeply discounted $3,000 handbags than for those originally priced at $15,000.

You can’t necessarily tell from general price-range data how well it applies to your own business. That’s because each business has a unique risk profile based on its vertical, products, customer base, fraud prevention practices and other factors. However, there’s one price-range data point that Juniper found to hold true across verticals: an order value that’s markedly higher than a merchant’s average good order is more likely to be fraudulent. But that doesn’t mean merchants should automatically reject that type of order. Instead, they can leverage the data they already collect to build a more effective approach to fraud reduction without sacrificing revenue or customer experience.

How to use fraud price-range data to improve your security

When you see news about a price range that’s vulnerable to fraud, there’s a natural impulse to establish new automatic rules to screen more stringently within that price range. However, using a rules-based approach alone can have unintended consequences. Automatically flagging more orders for review regardless of risk score can overwhelm a company’s manual screening capabilities. And automatically rejecting more orders is almost certainly going to raise the number of false declines, which cost revenue and long-term customer relationships. What’s more, shoring up defenses in one price range will move fraudsters to try a different price range or different fraud tactics within that price range. Fraud prevention is simply too dynamic for a one-time static fix to last.

A more effective approach is to compare price ranges in the news with your own fraud data to see if the trend holds true for your store—a spot check for possible problems. The ideal, though, is to identify your store’s most vulnerable price ranges by analyzing all of your orders. This allows you to see which price ranges are targeted most often and which price ranges see the most completed fraud. (As with the handbag example above, those ranges may not be the same).

Once you identify the range where you have the most fraud losses, you can also analyze the behavior and scores of good customers within that price range to better separate them from the bad actors. This can help to flag the fraudsters and reduce your fraud rates without alienating your real customers by declining their orders.

Knowing your data is the key to fraud reduction

Only when you comprehensively analyze your order data can you see a clear and current picture of which fraud attempts are being stopped by your fraud screening program, which are getting through, and how you can improve your program’s performance. This is an ongoing, multifaceted task because fraud methods always evolve, new items become desirable targets of theft, and new consumer data is stolen and sold on the dark web all the time. Ongoing analysis, tracking valid and false declines, and constant updating of internal files as new information becomes available are all necessary for a fraud protection program that fights fraud while delivering a positive experience for legitimate customers, no matter what price range fraudsters are focused on at any given time.

This article is published as part of the IDG Contributor Network. Want to Join?


Copyright © 2018 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!