Enhancing eCommerce Profitability: Protect Your Bottom Line
Online fraud collectively costs merchants billions of dollars each year. In addition, the back-office and personnel costs associated with managing online fraud continue to grow. High fraud rates on international online transactions have not declined, either. And the face-off between fraud perpetrators and merchants continues to escalate in intensity and complexity. When merchants bolster protection in one area, criminals soon find new weak spots, triggering another round of costly fraud detection and prevention measures.
An often-overlooked aspect of fraud is that it adversely affects both costs and revenues for merchants. While experts and insiders tend to focus on the immense costs of preventing, detecting and resolving fraud, the impact on revenue is rarely mentioned. First Data commissioned a consumer research study that examined the lost revenue side of fraud. The study found that when consumers are victims of fraud, they place most of the blame on the merchant. As a result, victims become much more timid in their online shopping habits and may also avoid merchants that have experienced data breaches or have any perceived security weakness.
Foregone sales can also be the result of “false positives,” or suspicious-looking transactions that are denied but are actually legitimate. Online customers whose legitimate transactions are declined on one Web site often eventually complete their purchase on a competing site—and may never return to the original online merchant.
What can you do to cut fraud losses? How can you employ fraud prevention measures strong enough to protect you yet flexible enough to minimize costs, provide a smooth shopping experience and avoid rejecting legitimate transactions?
Your goal should be to have an integrated, holistic approach to fraud management that takes into account all major types and avenues of fraud. Start by discussing your online order processes with trusted partners, such as your payment processor, your order management system provider and your security management expert. Ask them to look for vulnerabilities and suggest corrective actions. There are also advantages to consolidating all of the data points into a single view to understand more clearly where the vulnerabilities exist and what trends are being seen. Fraud management tools are available to help score and trend transaction data over time to help build a stronger defense against fraud.
Fraud Detection at Checkout
High-level fraud processing means more than just obtaining an authorization from a card association. Shoppers’ overall purchase habits and shopping patterns—not just transaction data—can and should be regularly examined for abnormalities. That’s why some of the leading payment processors are offering comprehensive solutions that detect fraud even before cardholders report their cards have been lost, stolen or compromised.
For most Internet retailers, in-house development of fraud management solutions is not practical. Even the largest online merchants that employ sizeable security and technical staffs to fight fraud, use outside expertise in developing and implementing fraud detection and prevention programs.
Your payment processor should be able to offer you robust fraud detection capabilities that include an array of anti-fraud tools such as:
• Automated, out-of-wallet challenge/response questions that can authenticate a shopper’s identity.
• Tools that monitor Web site behavior and detect usage patterns that are abnormal.
• Customizable filters that automatically screen for transactions that fail certain defined parameters and flag them for special attention.
• Geolocation tracking that uses a shopper’s IP address to identify from which country an online order originated.
• Device “fingerprinting” tools that identify the PC or mobile device interacting with your site and placing orders.
• Tools that enable you to set parameters and monitor velocity of critical transaction data, including card number, bill to/ship to address, email, phone number, IP address, device ID and even product SKUs.
Lowering the Cost of Security Compliance
In order to help ensure the security of consumer payment information, merchants who accept payment cards are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). This is a set of rules and practices designed to keep cardholders’ data safe. If determined to be out of compliance with PCI rules, merchants and their card processors can, among other things, be charged higher processing fees, fined or even have their transaction processing rights suspended.
PCI compliance practices vary in stringency according to a merchant’s total dollar volume of card transactions. By eliminating on-site cardholder data storage, a merchant avoids the need to meet many of the more stringent compliance requirements. Lowering compliance thresholds, in turn, reduces the cost of compliance.
Sophisticated technology is now available to help merchants securely keep payment card data isolated while allowing access when needed. Some of the newer technologies, such as tokenization, eliminate the need for merchants to store card data at all—and as a result, can dramatically reduce the cost and complexity of PCI compliance.
A comprehensive approach to risk management can reduce your costs of fraud and compliance while at the same time strengthening customer confidence and loyalty. Leading payment processors use a variety of best practices to aid in both fraud detection and PCI compliance. Your payment processor should be able to deliver fully integrated solutions that don’t burden your IT resources and that work seamlessly with your transaction processing system.
This is the fourth article in a First Data series about payment-related strategies that can enhance a merchant’s online services, open new markets and help increase profits.