Posted by: Fred Lizza, CEO, Dydacomp
Online fraud is a significant and growing concern for online retailers of all sizes. A major study by LexisNexis in 2012, The Cost of Fraud Study, found that 54% of all retailers are affected by fraud in some way. The ThreatMatrix 2012 State of Cybercrime study reports that online fraud resulted in about $3.5 billion in lost revenue in North America alone last year. The ThreatMatrix study also found that although 85% of retailers indicated that cyber security is a high priority issue for their organization, 40% of those responding have no online fraud prevention measures in place. As technology evolves, fraud perpetrators are able to use more sophisticated methods and online retailers need to be more vigilant in the steps they take to combat fraud.
Online retailers face a significant probability of being the target of order fraud. Online buyers often have the perception of being anonymous, with no face to face contact taking place. This makes it psychologically easier for a person to commit fraud and puts the online retailer at an increased risk. As their businesses grow retailers face the challenge of screening more online orders while keeping manual order review and fraud rates as low as possible.
Online retailers have observed that the majority of fraudulent orders have some common aspects. Some of the more common fraud red flags for online orders are:
- Late night orders – the incidence of fraud increases late at night
- Orders from certain countries – high fraud areas include China, Israel, Eastern Europe and South America
- High volume orders – money is no object when there is no intent to pay
- Physical address – be wary of orders where the physical address does not match the credit card billing address
- Free, web based, non-ISP email addresses – these easily conceal the user’s identity
- ISP address – should originate in the same area as the record of the customer’s physical address
So what’s an online retailer’s best defense without having to manually check each and every order that comes in? Implementing a fraud screening system will help to identify potentially fraudulent transactions before they are processed. An order management system that can spot and set aside for additional review those orders that are outside of your defined parameters (dollar value, product cost vs. shipping cost, different Ship To address, etc.) can be a good, cost –effective first step.
One retailer commented that fraud is getting bigger and bigger and more sophisticated tricks are being used. If a retailer is able to isolate fraudulent activity to a particular referral URL, they could block orders from that referral URL, or specific IP or IP Range. One of our customers suggests placing suspicious orders on hold in a review stage where the retailer can review them before clearing them for processing. They commented, “We were fortunate to catch these orders because we put every order of $150 or more on Order Review and verify them.”
Compiling this data will enable you to create rules based filters that compare previous transaction history elements including the points listed above to the current order. Utilizing existing data to implement transaction verification/validation guidelines and decision systems can evaluate the risk on incoming orders in real time. Where data doesn’t match, you can send an email to your customer to validate the order before processing. If fraudulent activity is detected and can be traced to particular Referral URLs, IPs or IP Ranges, you can block activity from these identified sources. These steps can reduce the rate of online fraud that you experience.
There are some specific fraud fighting tools and technologies that you can adopt including device fingerprinting, IP geolocation, automated transaction scoring and real time transaction tracking tools. Online retailers need to improve their fraud detection abilities to maximize legitimate orders while fighting fraud on an ongoing basis. For additional information about Online Payment Fraud Trends, Merchant Practices and Benchmarks, visit www.cybersource.com to download the CyberSource 2013 Online Fraud Report.