Managing E-Commerce Fraud Risk on International Transactions
How is the fraud risk different for cross-border e-commerce?
One of the biggest challenges of managing international e-commerce is the need to integrate different payment systems for each country. Because there is no single standardized approach to international payments, retailers often have to use a different set of tools for every country in which they sell.
Worse, because these are companies in growth mode, the number of incoming transactions will be increasing – meaning already over-taxed fraud teams often end up pushed to the brink. As a result, fraud teams often turn to automated fraud order reviews as a desperate means of stretching their resources. Frequently, in these situations, low-risk transactions will be accepted automatically, and high-risk transactions will be declined automatically. Manual reviews will be saved for only those transactions that fall in the middle.
But, what constitutes “high risk” in international markets?
The country is perhaps the easiest risk factor to determine. According to a 2016 report from Ingenico ePayments, the highest fraud chargeback rates happen in:
- Brazil: 3.59%
- Mexico: 2.82%
- Russia: 0.82%
Compare this to the 0.47% and 0.51% fraud chargeback rates in the U.S. and the U.K., the reality of the risks inherent in different markets becomes clear.
The market sector also determines the fraud risk. According to the same Ingenico report, the industries with the highest fraud chargebacks rates were:
- Software: 0.66%
- Financial Services: 0.57%
- Retail: 0.50%
Ingenico also identifies an increased fraud risk for larger order amounts. Orders over approximately $575 U.S. dollars had a fraud chargeback rate of 0.70% -- almost twice the 0.41% rate on orders with values of only $75 to $125.
Does this mean that if a company doesn’t fit one of these categories that they’re off the hook in terms of fraud? Not by a long shot. International fraudsters can and do attack merchants in all categories and all countries. Common types of attacks include:
- Bot attacks: International fraudsters often use automated bot attacks to test a merchant’s fraud system and website limitations. The attack works by flooding a merchant’s order system with thousands of different types of fraudulent orders, in an attempt to see which ones get approved and which get declined.
- Gift cards: Fraudsters know that gift cards are typically untraceable. They’ll take advantage of this by placing fraudulent orders, returning the purchase, and requesting the refund via gift card – all before the legitimate card holder knows what happened. Or, the fraudster may use stolen credit card information to fraudulently purchase multiple gift cards that can later be used for legitimate orders.
- Card testing: This often takes place in low-risk verticals. Fraudsters will purchase stolen credit card information on the black market and then place a small order with an e-commerce store. If the order is approved, the fraudster knows the card information is valid – and can now step up to more big-ticket, serious fraud attacks. Or, the fraudster may place a series of orders to understand what types of limits and thresholds the merchant has set for its automated fraud filters.
Because the nature of cross-border e-commerce fraud can vary, it’s critical that everyone on an e-commerce team be aware of trending fraud patterns in each of the markets they’re selling into.
What can international retailers do to mitigate their risk profile?
In addition to all the “standard” approaches to fraud prevention in e-commerce, teams might consider adding a few specialized approaches to their cross-border strategy:
Implement identity verification tools
Typically used to thwart bot attacks, this involves integrating a third-party service into your front-end website which forces the customer to prove they are human before placing an order. The customer will have to enter a sequence of identifiers that can be found in a supplied picture or question. Be aware, though, that this may create friction for legitimate customers trying to place orders.
Limit the number of gift cards in a single transaction
Because gift cards are such a common tool for fraudsters, it is often a good idea to limit the number of gift cards that can be purchased in a single order. International retailers should also consider not sending gift cards via email, due to their high-risk nature.
Create different rulesets for each country
Ideally, in fact, each country will be set up on a different channel. This will enable not only different values and thresholds to be set for different countries without impacting orders from your existing markets, it also will enable you to more easily measure fraud patterns in the new markets.
As you enter a new market, adjust the filters according to the risk profile of both the market and the products you’re selling: The higher the risk, the tighter the limits. As your business has become settled in the market, you can consider relaxing the ruleset based on your actual experience.
However, with tighter filters comes the increased risk of false declines, where legitimate orders are incorrectly denied as fraudulent. False declines are notoriously difficult to measure, and a rate that’s too high can put a damper on your growth goals.
Leverage artificial intelligence and machine learning
Today’s computing systems can analyze millions of transactions and pieces of information in the blink of an eye. While an automated solution should never be used for 100% of incoming orders, relying on this technology can dramatically reduce the workload for overburdened e-commerce teams. Because an intelligent system can quickly cull out the obvious fraud cases, teams can instead focus their attention on the less-obvious cases.
Enhance the fraud strategy with expert analysts
Although technology can do quite a lot, it’s no substitute for human decision-making. Instead, seek to build industry-specific or market-specific fraud expertise into your team – or look for a partner that can complement the skills your team already possesses. An expert analyst capable of identifying new fraud trends and patterns is often your strongest line of defense against wily fraudsters that are continually devising new ways to fool you.
The good news is there are several strategies merchants can use to lessen the inherent risks with cross-border e-commerce. The bad news is that it can be very difficult to know which strategy is best for any given company. Just as no two retailers are like, no two fraud risk profiles are alike either. Ultimately, building the right strategy by necessity becomes an intensely customized approach that each e-commerce team must take for themselves.
Wondering if a fraud managed services solution is right for your international business? Download our ebook for guidance on how to choose an approach to comprehensive fraud protection.