Rules of thumb are useful — until they aren’t. When it comes to deploying corporate resources in the battle against online fraud and account takeovers (ATOs), all too often, guiding principles fail to spot what’s really happening to a business in real time.
To that end, Sift Science said Tuesday (Oct. 23) it had debuted Sift Insights, billed as a reporting suite that offers a view of how fraud hits corporate top and operating lines, and impacts customer experience. The new offering is built into the Sift Science Digital Trust Platform.
The firm’s latest movement in real-time fraud analysis comes as the company also offers insight, via a white paper, into “10 Fraud Myths” commonly held by risk professionals. With the analysis of 165 billion transactions, Sift Science’s myths run the gamut, spanning from how much fraudsters ring up in average individual orders to where (geographically speaking) they ply their trade, to how long they wait after account takeovers to use stolen accounts.
Thumbs Down On Rules Of Thumb?
In an interview with Geoff Huang, vice president of product marketing at fraud prevention solutions provider Sift Science, the executive stated that the myths point toward an overarching mindset among businesses: “the idea that one can rely on a rule of thumb to predict fraud.” For example, he pointed to the commonly held rule of thumb that some days — notably, the days that cluster around holidays and spikes in shopping activity — should see more fraudulent activity than others. However, contrary to the rule of thumb, it’s not Black Friday or Cyber Monday that see the most fraudulent activity. It turns out that, for online retail last year, the “fraudliest day” was Dec. 3.
Huang pointed to another rule of thumb that the bad guys make small purchases on victims’ accounts to “fly below the radar” and avoid detection. Sift Science has found, though, that while “good” orders have an average transaction value of $910, the average fraudulent order comes to $3,300.
“What also jumped out at us was the pattern of behavior after an account takeover,” Huang told PYMNTS. The rule of thumb here is that after committing account takeover fraud, those fraudsters lie in wait before using the stolen account. However, as Huang noted, within a week after the ATO, account activity gets a boost by as much as 22 times. In tandem with that spike, once a fraudster has gotten their hooks into an account, their activity can represent as much as 60 percent of the user’s annual spending — a finding that holds true even if the bad apple only has control of an account for a week.
“Not only is there a spike in activity, but there is a huge financial implication for the user,” said Huang, who added that the merchant can suffer reputation damage as well.
These and other myths, he said, illuminate the “surprising and unpredictable and changing nature of fraud. Just when you think you have a rule of thumb to cover [fraud], you really need a huge amount of data to see the trends that matter.”
The Big Disconnect
It’s no secret that executives know they need data at their fingertips to get a sense of what is going on with the daily minutiae of their operations. Huang pointed to a 2017 Merchant Risk Council Global Fraud Survey that found 68 percent of the council’s members rated improving fraud analytics as among their top priorities. However, 38 percent of those firms do not track metrics beyond their chargeback rates and 39 percent of respondents queried by the Association of Certified Fraud Examiners (ACFE) do not use analytics to evaluate the effectiveness of their own investigation teams.
When asked why chargebacks should be the metric examined by businesses, and why it’s the metric that so often serves as the lone insight into fraud, Huang said the chargeback rate is viewed as the “real cost of fraud to the business … it’s easily available information.” All too often, he elaborated, fraud monitoring involves manual processes, Excel spreadsheets and even hiring outside analysts to make sense of data and prepare reports.
However, businesses need to know about fraud trends at a granular level, a level of insight that is frequently lacking. It’s worth noting whether fraud is rising as transactions are on the upswing, and whether they need to allocate resources to fraud and risk management during specific times of the year.
In other words, historical data, cogently presented, makes all the difference. So does a holistic view of fraud efforts — “how well am I doing … and what do I need to be doing differently?” as Huang put it. “This historical view allows the leaders of risk and fraud teams to do some forward planning, which, headed into the holiday season, is probably top of mind,” he said.
He added that, with Sift Insights, the intent is to make it so that machines (specifically, machine learning) can detect and illuminate fraud trends for businesses. He cited as examples the ability to use machine learning to see block rates for user accounts, how many manual reviews were conducted and how accurate they might have been, and to track the performance of individual members of their fraud teams.
“The big vision here is really to provide that aggregated information in real time for the leader of the fraud risk team,” Huang told PYMNTS. “They can make better decisions to optimize the way that they’re fighting fraud and, ultimately, to catch more fraud.”