Bernardo Lustosa, Ph.D.
E-commerce fraud perpetrators know sharing information with fellow criminals makes it easier for all of them to commit fraud. Just as a band of street thieves works together to case businesses and identify marks before a break-in, fraudsters swap tips on which e-commerce merchants are most vulnerable, how and when to attack, and what stolen payment data to use. The smart response to street crime is for targeted merchants to create a neighborhood watch to share safety information, report suspicious behavior, and identify bad activity. However, many online merchants leave themselves vulnerable by not sharing fraud information with others, Bernardo Lustosa discusses how open communication between fellow e-merchants could help to minimize future incidences of fraud.
When fraudsters share information, retailers pay the price
To understand the role of communication in committing and preventing fraud, it helps to think of e-commerce fraud as an arms race. A retailer adopts a credit card fraud detection system (CCFDS) to track and identify good customer behavior and distinguish valid orders from fraud. Fraudsters learn from both their failed and successful attempts to purchase from the retailer and use that information to mimic the behavior of good customers. This can render their future fraudulent orders “invisible” to the detection system. Now the retailer must try another approach, usually at some cost.
This is a challenging enough scenario when it involves a single fraudster or small group of them. Now imagine that digital thieves in multiple locations around the country and abroad are sharing insights about what works to get around this retailer’s fraud controls. The retailer may be overwhelmed with bad orders. This type of sharing is one of the greatest threats to retailers, and it’s increasingly typical. CNP fraud losses are projected to top $7 billion by 2020, among US retailers alone. In our experience, 46% of the fraud patterns we’ve detected were active with more than one retailer, and 13% were active in four or more stores.
When retailers use shared information, fraud rates drop
According to simulations we’ve run, creating merchant trust networks to monitor and report fraud can reduce successful fraud attempts. The types of information shared among trust network members can include suspect billing and shipping addresses, unusual customer behavior patterns, contact information that’s associated with previous instances of fraud, and other relevant data, which we’ll look at below.
Until recently, retailers faced many obstacles to this type of data sharing. Most retailers aren’t set up to share company information with other retailers, particularly their competitors. Even if they have the resources to devote to information sharing–and cooperative fellow retailers to communicate with– there’s the question of how to manage, analyze, protect, and act on what could be a very large volume of data coming in constantly.
Unlike neighborhood watch members in a shopping district, who all make time to share information, e-commerce merchants’ communications needs are too big and too dynamic for small-scale peer-to-peer participation. A more effective solution is a third-party trust network with the capability to handle merchant and customer data in real time and at scale.
Characteristics of an effective trust network
An effective trust network must meet several goals in addition to fraud protection for its member clients. It must also protect each merchant’s proprietary data, protect retailers’ customers from fraud without revealing their personally identifiable information, and reduce fraud without adding friction to the order process.
E-commerce merchants seeking a trust network for fraud reduction should look for a provider that aggregates data from many retailers and includes all order data from each member, to create the clearest possible ongoing picture of customer and fraudster behaviors. The data collected should go beyond the basics of billing and shipping information to include geolocation, account use patterns, device profiles, and other markers that span multiple devices, accounts, and payment methods for each customer. Analysis of that data should be refined enough to reduce the incidence of costly false declines. Finally, the trust network should provide instantaneous guidance to minimize order processing delays and keep good customers happy.
Large-scale, real-time information sharing among trusted allies is a powerful tool in the fight against fraud. As fraudsters grow more sophisticated in sharing information to commit CNP fraud, trust networks will play a larger role in reducing fraud losses.
Proving the theory
Last year I presented a study called ‘A Computational Model for Simulating Fraud Dynamic in E-commerce’ at the Credit Scoring and Credit Control XIV Conference, in Edinburgh. My team and I built an agent-based model (ABM) simulation to study the dynamics of the fraudster by representing the dynamic between fraudsters and online retailers.
At the simplest level, an agent-based model consists of a system of agents and the relationships between them. Even a simple agent-based model can exhibit complex behavior patterns and provide valuable information about the dynamics of the real-world system that it emulates. In agent-based modeling, a system is modeled as a collection of autonomous decision-making entities called agents, in this case, stores and fraudsters. Each agent individually assesses its situation and makes decisions on the basis of a set of rules.
Through the simulation, we showed that when fraudsters share information, stores’ fraud exposure increases. As a defensive measure, the stores should be part of a safety net, sharing information about fraudsters and attack attempts. These results are evidence that fraud prevention requires group communication and cooperation [to read the full article please click here].
