The purpose of this article is to present 3 effective and most employed anti-fraud tools like AVS, IP geolocation and cardholder authentication via 3-D secure service, to offer a comprehensive view on chargebacks and on automatic vs. manual order reviews.
Software Business Published date: March 31, 2008 Effective Anti Fraud Tools How to Keep Away from Online Fraudsters Bogdan Popescu, Online Editor, Avangate Software Business, Published date: March 31, 2008 Internet fraud is a growing and frequently encountered phenomenon nowadays almost directly proportional with internet infrastructure development in general. With reference to fraud detection, this is a particularly problematic issue when it comes to digital goods and services" like software. Fraudsters can employ email addresses that do not trace back to them and internet protocols are sometimes easy to hide with tools found on the wide internet which offers solutions for everything and everybody. Not to mention that if you are a software vendor, sometimes not only will you lose the payment for a product because of a fraud, but you might even be charged back with an additional chargeback fee. Although the fraud rate seems to have known a slight decrease from 1.8 % in 2004 to 1.4 % in 2007, according to Cybersource Online Fraud report , the sum of money lost due to fraud has increased significantly. This might not be such an alarming issue judging by the fact that the e-commerce infrastructure has been emerging with at least 20% every year since 2004. According to Cyber source estimation, almost $3.6 billion was lost in online fraud in 2007. Therefore, the security problem should be given due consideration by software merchants. The ‘in-house' detection of frauds might not be so effective all the time since a lot of practice and experience is required. A deep knowledge of fraud tactics and behavior is an absolute prerequisite. Consequently, resorting to an ecommerce company with implemented anti-fraud detection system might be a cost-wise decision. At the same time, not only should you choose just an e-commerce company, but you should pick up a niche payment processor e-commerce company, a company that is specialized in a certain field of activity. © 2008 Avangate page 1 www.avangate.com Software Business Published date: March 31, 2008 The purpose of this paper is to present 3 effective and most employed anti-fraud tools, to provide a comprehensive view on chargebacks and on automatic vs. manual order review. Which are the fraud detection tools an e-commerce provider should have? The fraud detection tools could be defined as those instruments that help determine the identification of the risk probability which is associated to a transaction or to the identification of the purchaser's identity, in order for a transaction to be accepted or rejected. Taking into consideration Cybersource Online Fraud report small and medium merchants use up to 5.4 fraud detection instruments on average. The number of instruments increases with the size of the merchant or with the sales volume up to seven tools on average. You can see in the above graphic the increase in fraud detection tools which correlates with the size of the company evaluating the transaction validity and with the transactional sale volume. Source: Cybersource Online Fraud report 2008 © 2008 Avangate page 2 www.avangate.com Software Business Published date: March 31, 2008 1. The AVS instrument AVS in an abbreviation from Address Verification Service which basically revolves around the process of making a comparison between the numeric address data and the information on file from the cardholder's card issuing bank. This tool is most important when it comes to delivering tangible goods. AVS will verify whether the address provided by the cardholder matches the billing address that was provided on the credit card application. If the information provided by the customer does not match the information contained in the AVS, a notice is sent to the merchant, who then has the option to contact the customer to collect more information or to deny the transaction. What you should know is that this feature is mostly available for US and for a limited number of cardholders in Canada and UK. AVS is designed to help merchants protect themselves against fraudulent, lost, or stolen credit cards and chargebacks. It is used as an extra protection in transactions for which the card is not present. 2. IP geolocation Knowing the online buyers geographic information might actually result to be a pretty useful tool to prevent fraud. IP geolocation can exactly detect where the user is located or calculate the distance between billing address of online buyers and the actual location of persons entering the orders. Nevertheless, this might not be so efficient since fraudsters could also employ anonymizers / proxy servers in order to hide their true IP address and location. The geolocation technology delivers information which helps determine which transactions are worth reviewing and which are worth allowing. This creates a beneficial balance between the risk of fraud losses and that of blocking legitimate customers. Basically, an IP address is a network identifier issued by an Internet Service Provider to a user's computer every time they are logged on to the Internet. For an order to be considered legitimate, the IP address country and the billing address country should be the same, although there might be exceptions: for instance, the billing address might match the person in spite that the IP might hint at another country. Although this situation might be perfectly legitimate (for instance a person traveling to another country), some extra precautions should be taken. © 2008 Avangate page 3 www.avangate.com Software Business Published date: March 31, 2008 For a more accurate detection, some e-commence companies are even able to identify the exact city/town and country where the card holder is situated, actually increasing the level of certainty. 3. Cardholder authentication via 3-D Secure Service According again to Cybersource, the Verified by Visa and MasterCard SecureCode are among the most cited tools for the detection of fraud and also among the most often named for implementation in 2008. Payer authentication is one of the most powerful tools available to e-commerce merchants today. Payer authentication provides merchants with the electronic equivalent of a signed sales receipt. Under the umbrella of Visa's 3-Domain (3-D) Secure initiative, Internet merchants can participate in payer authentication. Visa's program is called Verified by Visa. MasterCard and Japanese Credit Bureau (JCB) also have 3-D Secure programs (licensed from Visa) called MasterCard SecureCode and J/Secure, respectively. The benefits for merchants using payer authentication are quite obvious and revolve around the fact that merchants payment is guaranteed on any authenticated transaction, even if the transaction is later determined to be fraudulent. The bottom line is that merchants won't be "charged back." In fact, with the implementation of Visa and MasterCard measures, the submitting of chargebacks to a merchant's acquiring bank are actually locked, so there is not even awareness at the merchant bank level that a chargeback occurred. More importantly, the number of chargebacks that merchants record with their acquirers will drop dramatically. What about chargebacks? It is almost common knowledge that a chargeback is a kind of reversal of a credit-card transaction from the perspective of the merchant. It usually occurs when a consumer makes a complaint with their bank or credit/debit card provider. This generally happens when a consumer discovers fraudulent transactions on their statement. The bank will be the one to investigate the complaint, and will simply take back the value of the original transaction sometimes asking for an additional fee varying from $0 to $50 depending on the financial institution, directly from the merchants account, unless the merchant can prove transaction's legitimacy. © 2008 Avangate page 4 www.avangate.com Software Business Published date: March 31, 2008 In all likelihood, the chargeback dispute is not an easy or cost-free process. Before disputing, merchants must manage and organize all the orders, delivery and payment information with a view to successfully dispute fraudulent orders with financial institutions. The chargeback issue is particularly worth paying attention since chargeback management can have a significant influence on the overall profit. A merchant is billed for chargebacks as they occur, along with other fees and settlements associated with credit card acceptance. Because a merchant may be charged back by mistake, and because chargebacks may often involve complicated customer disputes, a chargeback may be appealed by the merchant. This process varies depending on the credit card. If the chargeback happens to be found erroneous, a merchant will be granted a reversal. Unscrupulous persons may occasionally abuse the chargeback system. For instance, in a "Friendly Fraud", a person will purchase something over the Internet with his own credit card and then make a chargeback once the product or service is received. In these cases merchants can have difficulty recovering the payment. Chargeback process is complex as a result of frequent rule changes by the major credit card companies (MasterCard, Visa, American Express, etc.). This here is again another reason why it is worth having a specialized e-commerce company to deal with these matters. Usually a whole chargeback process takes about 1.8 hours which is spent on research, documentation and submission. So, clearly, fraud chargeback management is a significant expense for merchants, given the time involved plus fees and penalties. Automated Order Review vs. Manual Order Review. Which one? Automated order review is currently used by 34% of merchants (up from 25% in 2005). Most of the time the decision to adopt such a way of approving online orders depends on the transactional volume. © 2008 Avangate page 5 www.avangate.com Software Business Published date: March 31, 2008 There are a couple of tools that help companies in making automatic order screening by applying a general pattern of merchant's business rules in the real-time evaluation of incoming orders. This set of rules is generally based on: 1. customer behavior general time spent by the customer on a certain page overall order velocity order frequency customer's history (whether he has ever had fraud attempts), order volume 2. card verification number 3. postal address validation service 4. IP geolocation 5. credit cards black lists 6. 3-D Secure What is also worth mentioning is that, broadly speaking, these are also the main criteria based on which an order is manually validated. Sometimes, additional external passive verification sources are employed. The automatic detection tools will determine whether the transaction should be approved or manually reviewed. Due to the dynamism of fraud patterns, and judging by the fact that the introduction of new products/ services needs most of the time, a single collection of acceptance rules, a rapid adaptation to the changing environment is vital. You can observe in the following graphic the proportion of merchants utilizing automatic order review in correlation with the annual revenue. © 2008 Avangate page 6 www.avangate.com Software Business Published date: March 31, 2008 Source: Cybersource Online Fraud Report - 2008 Edition The most common practice for internet merchants is to later manually review the orders that were rejected or set as pending by the automatic tools. During this time, further information about the order and the person ordering will be gathered. Generally speaking, manual review is a problematic issue with online merchants on the grounds of the time and financial expenses. First of all there has to be a person reviewing the order, who has to be paid for and also that person needs time in order to realize whether a particular order should be labeled as a fraud or not. As far as the US is concerned, it appears that more than three quarters of the merchants manually review the orders. Also, there seems to be a slight decrease in the number of online orders reviewed corresponding to larger companies. When dealing with automated vs. manual order review, we should also take a look at the order rate of acceptance/ rejection. In 2007, it seems that more than three quarters of the orders were manually accepted © 2008 Avangate page 7 www.avangate.com Software Business Published date: March 31, 2008 which might be regarded as encouraging judging by the 2006 percentages which indicated approximately two thirds. With reference to the rejection rate, we might observe an unsteady evolution. If you take a look at the image bellow, you will be able to notice that the rejection rate depends on the field we refer to. So there is an average 4.2% corresponding to all fields, which is identical to the number corresponding to digital goods. Judging by our own experience, we might consider this percentage quite high. Taking into consideration the Avangate report from 2007 which indicated a maximum rejection rate of 1.5%, we might identify a difference of 2.7% which is explainable by the lack of experience that most merchants have. At the same time, Cybersource reported a higher level of order rejection on the part of online merchants caused by the suspicion of payment fraud for international orders. The actual fraud rate experienced on international orders makes the merchants adopt a more cautious approach when tackling international orders which need more attention. Source: Cybersource Online Fraud Report - 2008 Edition © 2008 Avangate page 8 www.avangate.com Software Business Published date: March 31, 2008 Conclusion In a nut-shell, if you are a software publisher and you develop and sell products that fraudsters might be interested in, you should be able either to invest a lot in preventing online fraud or just let a specialized ecommerce platform company handle everything. Credit card companies won't certainly give you much help since they actually don't have much incentive to reduce fraud. Every merchant should be aware of the internet credit card fraud, it spite of the fact that it is something that can never be completely abolished; it is rather something that must be well administered. One of the most important factors in managing fraud is customer behavior understanding and the implementation of effective security measures that can adapt to the level of risk in each transaction. Turning to a specialized e-commerce company in the order management, will greatly contribute to a reduction in credit card fraud. *** Sign up now for the Avangate Digest Newsletter and receive our Internet marketing tips, shareware industry tools, techniques and resources as soon as they're released. E-mail this to a friend *** Copyright © 2008 www.avangate.com all rights reserved. This article was written by Bogdan Popescu, Online Editor at Avangate The author has in depth knowledge of internet marketing services and website analysis applied to the software industry and e-commerce development. This article may be reproduced in a website, e-zine, CD-ROM, book, magazine, etc. so long as the above information is included in full, including the link back to this website. Please e-mail at firstname.lastname@example.org, before using the article. *** About Avangate Avangate provides solutions for electronic software distribution and reseller management, assisting software companies worldwide in successfully selling their products online and at the same time efficiently managing a distribution network. The company’s offer includes an eCommerce platform incorporating an easy to use and secure online payment system plus software marketing services and additional marketing and sales tools such as an affiliate network, automated cross selling options, software promotion management, real time reporting, 24/7 shopper support, and the ARMS reseller management program specifically designed for software sales. More information can be found on the corporate website, at www.avangate.com © 2008 Avangate page 9 www.avangate.com Software Business Published date: March 31, 2008 Avangate Van Heuven Goedhartlaan 937, 1181 LD Amstelveen, The Netherlands Tel: +31 208908080 Email: email@example.com Fax: +31 202031309 Web: www.avangate.com .member of GECAD Group, delivering innovative IT solutions Worldwide since 1992 © 2008 Avangate page 10 www.avangate.com
Pages to are hidden for
"Effective Anti Fraud Tools"Please download to view full document