Fraud Prevention, Business Continuity, and Crisis Management
Every business needs crisis mitigation and response strategies in case of technical disasters or other major problems that can impact customers and cause reputational harm. Now that organized criminals are using bots to launch more than half of all e-commerce fraud attacks, fraud has the potential to create business disruptions. Now is a good time for merchants to create or improve their fraud prevention plans and best practices for fraud-related crisis management.
Reducing fraud-related reputational risks to your business
Payment fraud was trending upward before the pandemic accelerated the trend. Fifteen percent of consumers in a five-country survey by ClearSale said they had at least one online payment fraud experience between March 2020 and March 2021. Among those consumers, 62 percent said they experienced more online payment fraud during that time than in the year before.
When fraud happens in your store, many customers are unlikely to forgive your brand. Nearly 85 percent of shoppers in the survey said they would never shop again on a website that allowed a fraudster to make a purchase with their credit card.
Account takeover fraud carries an additional risk: exposing your customers’ private data to criminals. That might violate data privacy laws like GDPR, which can lead to costly fines and—if the number of accounts breached is large—negative media coverage of the event.
Mitigating fraud carries risks of its own, in the form of false declines. When a good customer’s order is rejected by mistake, they’re likely to feel insulted. Not only will 40 percent of them boycott a merchant that declines their order, 34 percent will also complain about the decline on social media. That can increase the amount that a company must spend to convince new customers to do business with them. Customer churn, reduction in average customer lifetime value, and brand damage are among the key reasons that false declines were estimated to cost businesses almost 70 times more than fraud in 2021.
Avoiding fraud-related business interruptions
Fraud can cause the slow drain of a company’s revenue and customer goodwill. In extreme cases, fraud also has the potential to bring business to a halt. Estimates of downtime costs vary, depending on factors such as the size of the business, the industry, etc. In general, though, they can range from a few hundred dollars per minute for a small business to thousands per minute for larger organizations.
It may seem surprising that fraud could cause this kind of disruption, but criminals will swarm a site, evade its fraud controls, and inundate it with fraudulent orders, causing a spike in chargebacks. The company—unless it’s tracking chargeback metrics and communicating regularly with the bank—may not realize it’s approaching the point where the bank limits transactions or closes the account with minimal notice. When that happens, revenue from customers is cut off. The bank may hold company funds in reserve to cover fraud losses, which can extend the reputational harm by leaving the company unable to pay employees or vendors.
Prevention costs less than remediation
Even small amounts of fraud can be costly and disruptive. When a major fraud incident causes a business interruption, it can be extremely expensive and difficult or even impossible to recover. These best practices can help prevent fraud and its consequences.
Monitor your chargeback ratio closely. Gradual increases indicate a problem that needs to be analyzed and addressed. A spike in chargebacks needs an immediate response to stop the inflow of fraudulent transactions and prevent your bank from closing your account.
Keep an eye on your false decline rate. Not every fraud prevention program analyzes declined orders to identify false declines. Often, these programs assume that every decline was fraud. However, knowing your false decline rate gives you a benchmark for improvements that protect customer relationships and your brand reputation.
Screen orders with AI and machine learning tools. Basic fraud tools can be helpful for catching obvious fraud, but advanced tools can detect anomalies that indicate a bot attack or account takeover fraud.
Manually review suspicious orders instead of automatically declining them. An expert review can confirm a fraud finding or determine that the order is actually valid. That can make the difference between a false decline and a satisfied customer.
Monitor your brand on social media, in app stores, and around the web. Engaging with customers strengthens your brand’s reputation, and it can help recover customer relationships that might otherwise be lost after a false decline. Brand monitoring can also alert you to impersonators that are phishing for your customers’ login data to commit account takeover fraud.
Analyze your fraud metrics by channel. Each channel has a different profile in terms of traffic, customer behavior, popular purchases, and fraud risks. Tracking fraud by channel can show you where your protection needs improvement and where it’s working well to keep criminals out.
Have a response plan. In case of a major fraud attack, it’s critical to prevent more fraud orders from being approved, communicate clearly with your bank, and report the fraud to relevant authorities within the time limits set forth by rules like GDPR. Appoint one person or team to handle each of those tasks, as well as a representative to address customers and the media, so that your message is consistent and clear, to minimize loss of trust.
Taking these steps can pay off in the short term by reducing fraud and false declines so your business keeps more revenue and keeps good customers. Over the long term, strong fraud prevention practices can deter fraudsters from launching the kinds of attacks that cause serious harm, so you have less risk to worry about and can focus on growing your business.