How to fine tune the fraud filter

Merchants’ past investments in online and mobile fraud mitigation solutions and systems have often yielded disappointing results – but Universal Payments company, ACI Worldwide, offers advice on how fraud solutions can both reduce fraud and, crucially, drive up conversion and revenues.

Research from LexisNexis, shows that in 2016 large e-commerce and m-commerce merchants in the US saw an increased volume of successful fraud attempts, and fraud taking more of their annual revenues, despite a higher spend on fraud solutions and automated flagging systems.1

“False declines” of genuine customers also increased for US merchants in 2016 as their spending on anti-fraud systems rose. For many that increase could have wiped out any reduction in fraud losses. At least one third of consumers declined by a false positive fraud flag abandon their purchase, and the merchant will lose some of those customers forever.

However, the research also shows that large e-commerce and m-commerce merchants who manage fraud from different threat perspectives, using a multi-layered approach, report lower false positive rates than others and fewer successful fraud attempts.

The right approach

So what is this multi-layered approach? ACI characterises it as employing a properly configured and aligned combination of tools and techniques.

Beyond the usual procedures of authentication and verification for cards and customers, which are clearly important but often fail to prevent fraud, merchants are deploying a variety of other tools to filter fraud.

ACI’s recent white paper on “Driving up conversion with effective fraud management” explains how with the right tools merchants can optimise their filter to achieve a proper balance between fraud and conversion.

The approach should be three pronged, “involving rule strategies, profiles (by merchant, customer, branch, retail location, channel etc) and analytics”, says Andreas Suma, Global Product Leader for Fraud/Data ACI Worldwide.

While the approach involves several dynamic layers, it does not mean that merchants have to use all the layers for all transactions. Profiling and analytics enable trusted customers to avoid jumping through all the hoops, thereby reducing the risk of cart abandonment and loss of custom.

A proper balance between fraud and conversion rates can only be achieved by “setting up fraud management tools based on the specific factors affecting the fraud a merchant experiences”, the white paper argues.

Big Data

To really understand what their fraud looks like merchants need “massive amounts of data, and systems that can analyse it for trends even as those trends are still nascent or evolving”.

Merchants need to be able to see their own data but also data on other potential customers and fraudsters, obtainable from external sources such as hot card files, chargeback data and information traded on the dark web. Fraud exchange services, such as ACI’s ReD Fraud Xchange (RFX) product can be highly valuable here.

That information can be particularly useful for merchants operating internationally, who, research shows, are often at a loss to know which fraud controls they should use due to fraud activity in different countries.

ACI’s fraud exchange service draws on the expertise of a team of analysts located in six different countries and speaking over 15 different languages. Erika Dietrich, global director of risk services, is the team leader.

“To know what fraud controls to put in place, you need to understand local payment methods, trends and behaviours,” she says. “It’s very dependent on the geography.

“Another advantage of working with our team is we see fraud affecting multiple merchants. We can bring that expertise to merchants who have been working in isolation.”

The RFX system can alert merchants to fraudsters across the whole client network, a key feature given most chargebacks are caused by so called “friendly fraud” – ie authorised transactions that are then disputed. Although usually fraudulent there are often few flags to identify these transactions.

Fraud Indicator Tools

Research shows there is little consensus on the fraud detection tools that merchants should use, and their adoption of more advanced tools, such as device fingerprinting, is still very low.

ACI’s white paper shares the company’s wealth of experience with the various tools merchants have deployed. “Device fingerprinting and plausibility checks rarely cause any issues for conversion rates.”

But other tools can be problematic. Velocity checks, on the number of purchases coming from a specific origin, can be useful for airlines, but in telecommunications or gaming can decline many genuine shoppers.

However, when a bot attack using multiple credit cards hits a retailer or group of retailers, the high velocity of transactions can be an obvious sign of fraud, once merchants have realised the orders are linked, which they are likely to do much quicker if they are using RFX.

The white paper suggests that in some markets (such as Brazil and China) a well regarded fraud prevention tool like 3D Secure can cause genuine customers, who are unused to it, to abandon the cart. But in other markets it can be reassuring.

The paper also comments on other indicator tools such IP geo-location, and set limits rules, advising that they must be aligned and treated as integral cogs in the overall strategy.

More advanced fraud management tools

Machine learning (ML) can more accurately pinpoint fraud, if the models are correctly trained (using mass amounts of transaction data) and configured, ACI’s experts comment.

“These techniques can be used to block fraud behind the scenes, invisible to shoppers, with no harm to conversion rates.”

ACI used ML recently to build a fraud solution for a leading football club that was losing heavily on promotional kits. The solution, based on three months of transaction data, helped reduce chargebacks to 0.22% and manual reviews by 71%, the authors report.

But they caution that “because ML models… can struggle to spot and respond to monolithic events”, they should form just one part of an overall fraud management solution.

Analytics and behavioral profiling capabilities can be used to make quick changes to fraud rules, such as accepting transactions from high risk shoppers while monitoring their activities, and limiting them to more secure payment methods, while reducing review rates for recognised, genuine customers.

Continuing role for fraud analysts

The paper emphasises that fraud experts still have a vital role to play in the day-to-day management of fraud strategies.

“Almost every fraud management tool and process needs to be configured and constantly monitored by experts to get the best value from it and to make informed decisions.”

ACI’s risk analysts worked together with an airline’s fraud team and came up with a recommendation to add several new data fields to its fraud screening processes. In the first year of a collaboration with ACI, the airline found that an average 97% of all fraud was denied by the new rules, saving it $3 million, while manual review rates were reduced from 12% to less than 5% achieving significant operational savings and chargeback rates fell to less than 0.1% on average, the paper reports.

Fraud and conversion rates do not have to work at cross purposes, if the merchant’s fraud filter is a “tailored, properly configured and aligned combination of tools, underpinned by expert support, a wealth of intelligent data and powerful analytics capabilities,” the authors conclude.

“Critically it also needs to be dynamic, as no solution, no matter how effective, can be set and forgotten.”

For more advice on managing fraud and sales performance, download our new insight paper, ‘Driving Up Conversion with Effective Fraud Management.’ by clicking here.

1. LexisNexis “True Cost of Fraud study 2016”