How Fraud Prevention Changes as Businesses Grow

Growing a business is like parenting – just when you think you have the hang of it, a new growth milestone is hit … and you have a new set of issues to handle.

Small and medium ecommerce businesses want to hit these milestones, expand into new markets and increase sales. But that growth comes with a different set of fraud challenges … which must inform how your business approaches fraud prevention.

Like most SMBs, your main priorities may have been preventing fraudsters from hurting your business and avoiding chargebacks.

As your business grows, however, the focus shifts to understanding customer patterns and expectations, keeping up with trends, and managing through layers.

To light your way through the process, we’ve created this short guide.

Drawing on our expertise in ecommerce fraud at all stages of business growth, we’ll share with you:

• The different types of fraud you’ll face as your business grows
• Why so many enterprise ecommerce retailers lose more to fighting fraud than they do to fraud itself
• The traps SMBs need to watch for as they evolve their fraud prevention strategy (with plenty of tactical advice on what to do instead)

Let’s get started by looking at how fraud changes as businesses evolve from small to midsize business (SMB) all the way up to enterprise-sized.

Small Business & Enterprise Ecommerce Fraud Are Different

Ecommerce fraud schemes morph and change as fraudsters become more experienced and better at their craft. Regardless of business size, one of the most common fraud concerns is account takeover (ATO) fraud.

Account takeover (ATO) fraud impacts all businesses

ATO fraud happens when a fraudster uses a victim’s Social Security number, email address, or login credentials to take over their account. That includes checking and savings accounts, brokerage, and even loyalty accounts.

It’s no wonder that ATO fraud is rampant in the ecommerce space, accounting for every fifth login attempt and 13% of U.S. ecommerce fraud costs in 2021.

For small businesses, the biggest issue with ATO fraud is the chargebacks that inevitably result.

How chargebacks impact small ecommerce businesses

If you’re lucky enough to have never faced a chargeback, here’s a quick overview: A customer finds a purchase they don’t recognize or remember and immediately contacts their payment processor to dispute the charge. The payment processor investigates the transaction, asking the business for proof that a legitimate purchase was made. If the proof isn’t compelling or if the purchase was actually made by a fraudster, the company has to refund the transaction amount and pay the processor a fee called a chargeback.

If your chargeback rate gets too high — more than 1% — the fees increase and you can be placed on a chargeback monitoring program or become classified as a “high risk” merchant. Those fees eat away at revenue very quickly … and can devastate a small business.

But as your business grows, chargebacks tend to become part of the cost of doing business. Enterprise ecommerce businesses are still concerned about chargebacks and keeping their rates as low as possible, but they know a “zero-chargeback” goal isn’t realistic after reaching certain volumes.

Besides, they have bigger fraudulent fish to fry, in the form of policy and return abuse.

Policy and return abuse are major concerns for enterprise businesses

For nearly 60% of enterprise businesses, refund abuse is increasing. And it’s increasing overall at a cost of up to $15 billion in losses per year.

Not every fraudster knows how to perpetrate return abuse — it’s the calling card of an expert fraudster. They spend time studying businesses’ policies to learn exactly where the loopholes exist, creating tactics to exploit them.

Some of the most common types of return abuse include:

• Stolen merchandise returns – Shoplifters return stolen merchandise for the full price.
• Receipt fraud – Criminals use stolen or fake receipts to return merchandise. Even more clever, they may purchase a product on sale at one store and return it to another for a higher price.
• Employee fraud – Also known as “insider fraud,” employees help fraudsters return stolen goods.
• Price arbitrage – Fraudsters purchase similar products that are priced differently and return the cheaper one at a higher price.
• Switch fraud – Criminals purchase a replacement product and return the damaged or defective item.
• Bricking – Fraudsters purchase and strip an electronic product, then return it without the valuable components intact.
• Wardrobing – Criminals purchase products (often apparel) to use or wear once and then return.

As your business grows, you may implement buy online, pick-up in store (BOPIS) services, which are subject to fraud as well.

BOPIS fraud has become more rampant

Buy online, pick-up in store (BOPIS) shopping allows customers to place their orders on your ecommerce site and then pick their orders up at a later time or date at your brick-and-mortar location. This convenient service was wildly popular during the pandemic when consumers weren’t able to shop in stores.

Fraudsters have also taken advantage of the BOPIS trend because it presents yet another opportunity to make money and/or steal goods. In fact, BOPIS fraud has recently increased up to 250%, forcing businesses to spend additional time distinguishing between suspicious and legitimate orders.

Enterprise ecommerce companies leave money on the table with false declines

If your first reaction to these additional fraud threats is to simply turn up the volume on your online fraud filters, you’re not alone.

That’s a mistake many enterprise businesses make as well.

They try to combat fraud by being more cautious, assuming any suspicious transaction is fraudulent. And that opens them up to one of the biggest fraud prevention concerns for enterprise ecommerce businesses: false declines.

 We often hear from enterprise clients that they have fraud “under control” because their chargeback rates are reasonable and they’re making money.

The problem is they’re also losing money – money they don’t know about.

Enterprise businesses often use wide-sweeping filters and rules that automatically decline transactions based on factors such as address mismatches, transaction amounts, and other factors that may not necessarily be fraud. 

And because their fraud teams tend to work independently (unless they need reinforcements from other departments when transaction volumes peak), they often turn away perfectly good transactions before even considering that they might be valid, creating a large number of false declines.

How big is this “large number”? Consider that about 58% of false declines are actually valid transactions.

And it gets worse: When shoppers are declined, especially in younger generations, they don’t respond well. We’ve found that 40% of customers experiencing a false decline never come back to that business, and about 34% complain about their experience on social media.

The Risks of Keeping a Small Business Fraud Mindset

Return fraud and false declines on top of ATO fraud are a lot to think about, which can make some small businesses choose to just stick with the status quo on their fraud prevention efforts, no matter how much their business grows.

Not a great idea for a number of reasons.

If you want to grow your business into the enterprise space, you must think like an enterprise business, especially when it comes to fraud.

In that vein, there are some traps to avoid:

1. Being overzealous with deny and allow lists

No doubt, you’ve probably read somewhere about the age-old practice of creating deny lists (formerly blacklists) and allow lists (I.e., whitelists) as a shortcut to fighting fraud.

Deny lists automatically decline transactions associated with specific names, addresses, email addresses and select other factors, for a variety of reasons. Often, it’s because of previous fraud attempts, unruly customers and fired employees. Allow lists are usually full of VIPs and company executives who expect to have their transactions approved.

The issue with deny lists is the decline happens before any analysis of the transaction.

If any element in the transaction has a hit in the deny list, the order is declined, so you learn absolutely nothing of value from that transaction. That’s a big mistake.

At ClearSale, we’ve spent decades learning about fraud and fraudsters by analyzing transactions and detecting patterns. Without that analysis to improve your fraud intelligence, a deny list puts you at risk of declining good customers (often, fraud victims themselves) – again, losing money you didn’t know was available to your business.

Instead of a deny list, we recommend setting up an alert that flags transactions for automatic approval or denial while using machine learning and even secondary reviews to detect suspicious activity and make sure they really should be declined.

Similarly, using an allow list is risky. If a fraudster gets their hands on any of those VIPs’ or executives’ credentials, they will be kids in a candy store, and you won’t know you’re being robbed.

2. Not doing homework before entering new markets

Another mistake small businesses make as they grow is not doing research about new markets before expanding, especially international ones. Without doing that research, you’ll struggle to delight customers … when you’re not struggling to keep fraudsters at bay.

Here are some examples:

• You need to know that the biggest concerns in Mexico, Chile, Ecuador, Uruguay, Argentina, Peru, Colombia and other LATAM countries are false declines, to the tune of about 50% of all transactions.
• You should research which languages are spoken and if translation is necessary for your website, app, and chatbot. Another important bit of research is slang and vernacular. If your website is full of both, even ESL speakers in other countries may miss the point of “clever” content and move on without making a purchase.
• Consider shipping challenges in countries like Australia as well as GDPR requirements in European countries such as Spain, France, Germany and the United Kingdom.

Finally, think hard about which payment options to offer in different markets. If you’re doing business in China, Singapore, Hong Kong, Japan or Vietnam, you need to lean heavily on digital wallets. In the United States, consumers want choices and lots of them, from credit cards to digital wallets to a host of alternative payments.

3. Only considering industry-specific fraud trends

Small businesses also forget to look across industries as they grow to determine fraud trends.

Whether or not you plan to expand outside your current industry, there’s a lot you can learn from fraud trends in other industries. Any type of expansion or growth should be paired with a full analysis of what could happen:

• What are other industries seeing in fraud trends?
• How are fraudsters finding opportunities to try new tactics?
• Are new channels being exploited, and how?

4. Trying to do it alone

One of the biggest mistakes small businesses make as they grow is trying to do it alone. Making the shift to an enterprise mindset isn’t a matter of turning a switch.

Instead, it’s a combination of slow creep and sudden jolts where success can happen faster than anticipated, especially in the current ecommerce environment. And when a business has to scale their approval process and fraud protection faster than they anticipated, they run the risk of setting off on the wrong path.

“You have to build a process that can adapt and scale to fit your business as it grows, because it may grow much faster than you anticipated. For example, your filters may be optimized and you have an ad hoc analyst on hand … but what happens if one of your products goes a bit viral and business doubles in a week?”

- Rick Sunzeri, Director of Enterprise Accounts, ClearSale

To appropriately scale your fraud prevention efforts, you need resources. For example, we had a client that was closer to middle market and wanted to expand internationally. They did the appropriate research about superior customer experiences, operational differences, and financial factors. But they weren’t sure what to do about fraud.

We helped prepare their growing fraud analysis team for international traffic by training them on how it would differ, the unique signatures of fraudsters in other markets, and what to do about it.

This is why it’s so important to choose the right partner for growth.

Choose the Right Fraud Prevention Partner

At ClearSale, we have a number of advantages that can help businesses scale and grow without having to reallocate resources before they’re ready.

We’ve seen it all

ClearSale has worked with companies of all sizes around the world, including those in the most high-risk areas. That wealth of knowledge and experience makes our data analysts and fraud specialists more likely to recognize unique fraud patterns across industries and channels.

Superior data analytics

We thrive on data and data analytics. Our team leverages transaction data to help companies make key business decisions. To do that, we bring the power of data analytics to understand your specific customer base and their purchasing habits, as they compare to consumers around the world.

By doing so, we can see fraud patterns as they emerge and our system learns from those patterns.

Continuous machine learning

We screen every transaction with artificial intelligence and machine learning, which helps fine-tune fraud models based on customer behavior. Transactions that meet all criteria are automatically approved, and suspicious transactions are flagged for additional review.

What many businesses find fascinating is how that machine learning happens:

When we first start processing a company’s transactions, our system will apply what it “knows” about fraud within the industry, the region and the world. But the real magic happens as the system processes more and more transactions and we rerun fraudulent transactions post-decline to teach the system what fraud looks like for your business.

Secondary review for high-risk transactions

High-risk transactions that seem suspicious undergo a secondary review process in which one or more of our 1,500+ fraud analysts review the transaction and buyer details and may even reach out to customers to confirm purchases.

This hybrid approach of machine learning and secondary review helps identify high-risk patterns within 30-90 days. From there, fraud detection rises to another level so we can approve more transactions and decrease false declines, while keeping your chargeback rate as low as possible.

Resource augmentation as needed

Hiring has become a challenge. Filling open positions in a fraud analysis team as your business grows will take time. So you may want to augment your team with expert resources who can provide training, help establish best practices and policies, and offload transaction reviews during peak seasons.

With the massive increase of transactions and fraud over the last few years, ClearSale has become further poised to help companies recognize fraud as they grow.

To learn more about how ClearSale has helped other companies fight fraud and maximize revenue as they grow, our team is available.