Fraud is hardly a new phenomenon in retail — in fact, it is probably safe to assume that fraud in some form or other has been there since the beginning. The minute the first shop opened for business, some fraudster likely got the idea to devise a scheme to take something from that shop without having to pay for it. Fraud, in some sense, is, was and always will be a cost of doing business in the world of retail.
But fraud in the last decade during the rise of digital sales has become something quite different than it ever has been. In the good old days of brick-and-mortar, a fraud was limited by proximity — to defraud a merchant, they had to visit the merchant’s establishment. In the era of eCommerce worldwide, a fraudster with a boosted payments credential can appear on one’s digital doorstep ready to defraud from just about any place on the planet.
And, as Visa’s CyberSource Vice President Andrew Naumann told Karen Webster in a recent conversation, fraudsters these days aren’t limiting themselves to the biggest online targets — they’re going after small and medium-sized businesses (SMBs) as well.
“What we’ve seen is that fraud has gone mainstream,” Naumann said. “This isn’t just a problem limited to the biggest players, this is [small] and medium-sized businesses that are now targets, which means that there is a level of awareness in place that I would say wasn’t there five years ago.”
Awareness, he said — and an evolving consensus that fighting fraudsters isn’t necessarily about building the best-locked doors and windows in the world, but about developing a revenue-protection strategy that looks holistically at the merchant’s overall goals when it comes to managing their business, their security and their relationships with customers.
The Three Phases Fraud-Fighting for Merchants
Over the last 10 years, as digital fraud has exploded, Naumann told Webster, most of the retailers CyberSource has worked with have gone through three distinct phases in developing their “fraud philosophy.” The first phase, when they realize they are losing a significant amount of revenue to chargebacks and fraud, is the eradication phase. The idea there, he said, is after the “CFO runs into the office and demands something be done” the firm dials up the rules with an eye toward driving the fraudsters away.
That method works in terms of reducing chargebacks and making life harder for fraudsters, but it has the negative effect of also increasing the number of false positives for fraud and driving away good sales. Plus, Naumann noted, since consumers don’t like to have their cards declined on legitimate purchases, they tend not to come back after having a bad experience. And merchants quickly key into the idea that fighting fraudsters isn’t a one-and-done proposition because fraudsters never actually go away. That means that fighting on dialed-up rules and making use of heavy manual checking starts having very high operational costs, which, when combined with the customer experience costs, leave merchants with a realization.
“They see the cure is worse than the disease, and they move to the second phase of their fraud philosophy — which is about balancing the operational, fraud and customer costs in a revenue-protection strategy,” he explained. “The question isn’t about fraud in the abstract — how much do I want to have. It is about revenue flow in the whole — and what role fighting fraudsters will play there.”
And from there, he said, the evolutionary process is ongoing. Once merchants have moved to that second phase and balancing the costs, the ones that are most successful and forward-thinking are embarking on what Naumann called the third evolutionary phase, which is about moving away from merely balancing costs and more about optimizing. The really savvy merchants out there, he noted, are now focusing on how they can further improve their authorization rates by better tapping into contextual data.
The hurdle to climb, however, is getting all players in the ecosystem on the same evolutionary path.
Bringing Everyone’s Data Into Alignment
Building a better consumer experience using digital tools means high rewards for merchants — free one-day delivery, storing payments credentials so they’re easily accessible when needed, buy online and pick up in-store functionality. Customers love rewards and are drawn to them, thus boosting basket sizes and conversions. The problem, Naumann said, is that fraudsters are looking for vulnerabilities in the program, process or system to exploit.
The card-not-present (CNP) fraud rate has been stabilizing over the years due to better awareness and security solutions implemented by payment ecosystem participants, but because the eCommerce pie is getting bigger, the number of dollars lost to fraud is growing.
This is where the new EMV 3-D Secure specifications (sometimes referred to as 3DS 2.0) can help the industry, particularly when coupled with a fraud solution tool such as CyberSource’s, Decision Manager. It supports app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. Just as important, it enables 10x more contextual data than the previous version of 3-D Secure to be shared between merchants and issuers in real-time so issuers can use the information to authenticate customers more accurately without introducing friction. The merchants, because of where they sit in the transaction, have a lot more contextual information to leverage when choosing whether or not to approve a transaction than the issuer does. The 3DS 2.0 protocols, as well as Decision Manager risk outputs, he said, offer a mechanism by which the issuer can use that additional context.
Because at the end of the day, when it comes to fighting fraudsters, issuers and merchants have essentially aligned goals. Both are aware that fraud isn’t something that can be eliminated by a single party alone, but instead, it requires continuous coordination and collaboration with ecosystem partners. Both are coming around to the idea that killing all fraud will likely also take out too much good commerce — and that systems need to be calibrated to hit the right middle ground.
What still needs to happen, and what the new 3-D Secure specifications can help with, is merchants and issuers working as a team to strike that properly optimized fraud balance, instead of taking on the same problem separately.
“Contextual data is the lifeblood of a robust fraud solutions,” Naumann said. “The more issuers and merchants work together in securely sharing contextual data to improve good transactions and identify bad ones, the more they are both in a position to benefit from improved authorization rates.”