Protecting your e-commerce business against fraud is no easy task.
As fast as technology evolves, fraudsters seem to adapt even faster. And if retailers aren’t keeping pace, they might find themselves especially vulnerable.
Retailers often start their fraud prevention strategy with fraud filters. These filters are built into the retailer’s e-commerce platform and use carefully designed fraud detection rules to identify fraudulent transactions so they can be declined straightaway.
Fraud filters are a great first step to prevent e-commerce fraud. But as your business grows, these filters can potentially hinder your growth if they aren’t used correctly.
We asked ClearSale Vice President Rafael Lourenco for his thoughts on what every merchant should know about fraud detection rules. Here’s what he shared.
Q: How should merchants use fraud filters when approving or declining orders?
A: These powerful decision platforms are primarily used for declining orders. To catch as many fraudulent orders as possible, merchants can be creative when they set up these filters. For example, online retailers can set their fraud detection rules to analyze multiple aspects of an order — such as region, ZIP code, item category or even the time of day the order was placed.
If you set up your filters properly, they will generally do a good job of identifying your riskiest orders.
Q: What kinds of fraud detection rules can be helpful?
A: A good place to start with fraud rules is to identify certain baseline indicators that an order might be fraudulent. For example, you might want to flag transactions that include:
- Orders above a certain dollar threshold (e.g., orders more than $5,000)
- Orders where the shipping address differs from the billing address
- Orders in which the customer’s credit card or email address was previously used in a suspicious order or a transaction that resulted in a chargeback
Q: Is just one fraud rule enough to catch fraudulent orders?
Fraud is complex, and merchants usually must combine multiple rules to accurately screen for fraud.
However, that doesn’t mean that the more fraud rules you have the more fraud you will catch. Because filters can cover a wide variety of fraud attributes, managing multiple rules can be a challenge.
Consider this: One of your fraud detection rules says that when the IP address on an order is a proxy, the order must be either declined or manually reviewed. Another of your fraud rules says that when a customer places an order with a credit card and uses an email that isn’t associated with a previous chargeback, the order should be approved.
What happens if an order comes in that triggers both rules – the order is placed with a credit card and a good email address, but also via a proxy IP address? Should the order be approved or declined?
As you can see, the order in which fraud rules are applied can make a big difference in the outcome of the fraud assessment. In our example, if the IP proxy rule is applied first, the order will be declined or flagged for review. But if the email address rule is applied first, the order will be approved.
When you consider that some merchants may use hundreds of fraud rules, you can see how quickly e-commerce fraud prevention becomes complex.
Q: Is this complexity the biggest downside of using fraud filters?
A: The biggest problem with relying on filters is there’s no way to be 100% sure whether a transaction is fraudulent based solely on an automated assessment. Even with the most precise fraud rule setup, the chances are that some portion of your approved orders are likely to become chargebacks.
It’s important to understand that fraudsters are smart, and they’re getting more and more creative in their approaches. In one of the craziest fraud cases we’ve seen, the fraudster hijacked a UPS address, so that shipments in transit were being rerouted to the fraudster’s home.
Additionally, the demands of the market are constantly changing. For example, when GPS systems first came on out a few years ago, they were a hot item for fraudsters and one of the riskiest products to sell online. But now that so many people have navigation systems on their smartphones, standalone GPS systems are nowhere near as risky as they were before. So, fraudsters have had to move on from targeting these products to something else that’s new and desirable.
These types of challenge play out every day, in every industry. The constantly evolving nature of fraud therefore makes it very difficult for automated fraud rules to keep up with the changes.
Q: Are fraud filters better for larger or smaller companies to use?
A: Small merchants tend to different types of fraud prevention struggles than larger retailers. For instance, hiring a fraud specialist can dramatically improve fraud prevention success – but smaller merchants might lack the budget to hire these specialists. Also, smaller merchants may struggle to test the accuracy of their fraud detection rules if they don’t have a high volume of orders coming in. In this case, it could take months before a small merchant has enough orders that fall into a certain rule bucket to run a valid test as to whether that rule accurately identified fraudulent transactions.
Meanwhile, enterprise-level businesses have their own sets of problems. Larger businesses might have enough revenue to support both a large customer service team and a fraud team to manually review incoming orders and contact customers to validate questionable transactions. But enterprise-level businesses also tend to have lower margins and sell riskier products, so they may be targeted more often by fraudsters more than small- to medium-sized businesses.
Q: Then what’s the benefit to using fraud filters?
A: Fraud filters are a flexible, easy-to-implement solution, and merchants can enable and disable them as many times as they want, in as many ways as they want. It’s a great way to target specific types of transactions and generally gain control over which transactions the merchant declines.
That said, merchants will be most successful with fraud prevention if they don’t rely exclusively on fraud filters. Some sort of manual review process is almost always necessary to ensure that all of the fraudulent orders are declined and all of the good orders are approved.
Q: If merchants are currently using fraud filters as their first line of defense, how can they tell when it’s time to update their strategy?
A: If you’re keeping a close eye on a few critical KPIs, you’ll be better able to tell when it’s time to update your strategy. Here are the KPIs I suggest you watch:
- Chargeback rate. This is the dollar amount of chargebacks divided by total sales dollars for a given month. This lets you see how much of your monthly revenue you’re losing to chargebacks. If your chargeback rate is above 0.25%, it’s time to re-evaluate your fraud prevention strategy.
- Approval rate. This measures how many incoming orders are approved and result in revenue for your company. This is perhaps one of the most underrated e-commerce KPIs. Approval rates can vary dramatically, depending on segments, regions and seasonality, among other factors. In my opinion, if you’re blocking or declining more than 2% of your orders for any reason, it’s possible you’re declining more orders than you should be. And that means it’s time for a closer look at your fraud prevention approach.
- Cost of fraud prevention. Here, we’re talking about both money and time. Every e-commerce merchant wants to increase their sales and their number of customers. If you find that your current strategy is costing a lot and you’re not getting the results you expect for that investment, it might mean it’s time for a change.
Q: What suggestions do you have for companies who are rethinking their fraud prevention approach?
A: Companies who specialize in fraud prevention, like we do at ClearSale, are working on fraud 24/7/365. We’re always looking for new patterns in chargebacks and false declines, so we can ensure our customers are protected. We often find that, upon closer inspection, orders that look okay on the surface are in fact fraudulent – and vice versa as well: Orders that look fraudulent can be legitimate.
Therefore, conducting a detailed analysis of every order is paramount. At ClearSale, we use a multilayered approach that includes automated scanning of orders using fraud rules created by machine learning algorithms, plus a manual review of every suspicious order to validate whether the order is fraudulent or legitimate.
If that sounds like more than your in-house team can handle on their own, I encourage you to contact one of our fraud analysts to learn more about how we work. We’d be happy to explain the ways a managed services solution like ours can help online retailers of all sizes meet their KPI targets and grow their e-commerce revenue.