The ongoing battle against fraud is not an easy one, but it gets even more challenging when it comes to digital goods and services — whose immediacy of delivery, with no physical shipping involved, is as appealing to cybercriminals as it is to legitimate customers.
Fiverr, an online marketplace for creative and professional services, has been sort of in the bullseye for that type of fraud. Fiverr (which is based in Tel Aviv with offices in New York, Chicago, Miami and San Francisco) has processed “in the area of 25 million transactions” since it started, with over a third of that volume coming in just the last year, adding “around 4,000 services” to its marketplace each day. Those transactions span 190 countries and connect small business owners or individual consumers with suppliers who can do anything from design a logo to translate software to find email addresses.
But that wasn’t really the problem. As Gali Gelber, Head of Trust and Safety at Fiverr, recently explained to MPD CEO Karen Webster, the unique nature of Fiverr’s users and their transactional behavior — which commonly involves multiple transactions in a single day — causes them to be flagged by traditional fraud prevention methods. Since that behavior – lots of small dollar purchases – is what causes alarm bells and red flags to be thrown up all over the place.
“This had a large negative impact on our business,” Gelber tells Webster, “as it led to a very high decline rates that happened to include a great deal of false positives. It was also very frustrating for the clients.”
Another element of Fiverr’s unconventional business model that attracts fraudsters is that it effectively allows the bad guys to set up accounts on both ends of the marketplace, both as buyers and sellers.
“That’s a big problem for us,” explains Gelber, “because our users don’t sell tangible products — they sell digital services. We don’t utilize information like shipping address or other common ways to identity users. We basically just have their email and IP addresses.”
For that reason, Gelber says that “it wasn’t difficult for fraudsters to exploit [Fiverr’s] system.” Criminals would just open an account as a user and as a buyer, and use it for “so many types of fraudulent purposes,” she remarks, including money laundering and cashing out stolen financials.
Not so good for Fiverr – but a veritable bonanza for the bad guys.
In an attempt to solve this problem, Fiverr explored a number of fraud alternatives that could meet their rather unusual requirements – no fraud, no friction, and in real time. A real-time solution was “a really big factor” for Fiverr — one that could keep up with the changing patterns of customers whose behavior is all about hopping around the marketplace, buying a variety of things.
Gelber also really didn’t want to have to trade-off a robust fraud system with having to allocate dozens and dozens of resources internally to fighting that fraud, particularly having to support manual reviews.
“Many fraud prevention tools require high maintenance by the fraud team,” Gelber said. “We wanted something that would help us continually size up the behavior of our users and help us continually define our own internal rules.”
In other words, since Fiverr facilitates the businesses of many creative professionals, they wanted a fraud solutions provider that could get a little creative itself in some of the details of the solutions that it provided.
They turned to Forter, given its rather unique – and, in this instance, rather creative — approach to fighting fraud, starting with disabling the company’s requirement for a CVV number with card payments. While this may seem like a counterintuitive maneuver — particularly in the online space — eliminating the automatic rejection of payments without a correct CVV number created a 3 to 5 percent increase in approval rates of legitimate Fiverr customers.
Sounds like just the sort of tactic that would do just the opposite. But as Bill Zielke, Chief Marketing Officer at Forter, explained, Forter is able to leverage its behavioral analysis — “a simple Java script that our customers have on their websites,” says Zielke — “to provide insight into the user and their behavior: where they’re going, how much time they spend on the site, what the browser language is,” et al.
“Those data points,” he continues, “which we can then use with the other transactional data, determine whether or not they’re a good customer – CVV notwithstanding.”
And, Zielke contends, successfully determine “about 80 percent of the time,” if the user on both ends of the transaction is the same person — whether they’re a fraudster or not.
All told, Fiverr’s relationship with Forter has led to a 50 percent increase in approvals of legitimate transactions on the marketplace. As an added benefit, being free of having to enact manual reviews has allowed Fiverr to allocate newly available resources to other areas of the business.
The elimination of friction for legitimate buyers and sellers — without putting its own operation at risk — has, says Gelber, resulted in “a cleaner environment than it was before”
“We can see it in our approval rates, the growth of our business, and in the resources that the fraud team is now able to allocate,” she concludes. “It’s a win-win situation.”