Schedule a Demo
Fight Fraud With nSure.ai
Explore the AI-driven world of online payment fraud prevention and protection. Discover the future of anti-fraud solutions that significantly lower sellers' risk of online fraud, focusing on high-risk domains.
Breaking the Myth: Payment Fraud Prevention in Crypto Isn’t as Hard as You Think
Let’s make one thing clear: Payment fraud in the crypto space is a serious problem - no doubt about it. From a digital merchant’s POV, on-ramp transactions are problematic because of the nature of cryptocurrencies. They are high-risk digital assets as payments usually don’t come with regulatory protection if something goes wrong, aren’t reversible, and offer a high level of privacy. Hence, they represent a fertile ground for fraudsters to do their thing. As weird as it sounds, crypto has it good compared to other, more traditional payment transactions - namely prepaid debit cards (more on that later on). Payment fraud prevention in the crypto space isn't as complex as many industry players are led to believe. In this post, I’ll explain why and present what can be done to mitigate this issue. Let’s get to it. To begin with, it is important to realize that: 1. Crypto Payments Aren’t Anonymous - They’re Private Cryptocurrency transactions are permanent and public, meaning there is some form of digital trail. When creating a crypto wallet, an alphanumeric address is generated, allowing the user to send or receive crypto. That address is visible to everyone on the blockchain, enabling the user to conduct transactions under a pseudonymous identity (as opposed to an anonymous one). Why is this significant? Because financial forensics on a given public address can be traced back to a real-world identity. 2. Prepaid Debit Card Fraud Is a Far Bigger Problem While crypto is an attractive proposition for fraudsters, there is an even easier option in prepaid debit cards. In this case, a fraudster either buys a prepaid debit card with stolen payment information or uses a stolen card to make a purchase. In short, there are three key reasons why fraudsters find this type of fraud more attractive, and therefore will more likely opt for it: A prepaid debit card isn’t “just” private, it’s completely anonymous. It isn’t connected to a specific identity or banking account, making it easy for fraudsters to leverage it for simple financial fraud and money laundering.It’s completely liquid and basically the same as cash as it can be used at an ATM, offering easy conversion of digital payment into cash. You can basically use it any way a credit card can be used.The regulation typically doesn’t cover basic fraud protections for transactions under $10,000 and unregistered cards that don’t hold personal information such as a Social Security number. If we compare all of this to cryptocurrencies, you’ll see that converting them to fiat is not easy. Where it exists, regulation tends to differ from country to country, and in some instances, from bank to bank. Crypto-friendly countries such as Portugal and El Salvador have banks and services that make the process easy but, generally speaking, there is a lot of paperwork involved. As crypto exchanges become progressively regulated, the registration process becomes more inconvenient, requiring users to provide all sorts of KYC documentation, origins of funds, transaction history, contract, proof that they are a miner, and so on. Even when a crypto exchange is willing to part ways with its fiat, there’s the matter of user experience. Cashing out fees can be high (significantly higher than for buying crypto) and there can be all sorts of problems with withdrawal such as delays, sudden exchange rate swings, or in more extreme cases - loss of funds due to improper form filling. The bottom line is that while technical capabilities are present, the entire process is very cumbersome and not quite user-friendly. 3. Prevention Tools Are Already Fighting Crypto Fraud Successfully The rise in frequency and the volume of digital transactions, coupled with constant changes in technology means businesses are not always fully equipped to prevent fraud. At a fundamental level, most fraud attempts are a variation of existing methods. Chargeback fraud is pretty much the same. Social engineering fraud has been around for years with essentially the same “catch”. A great deal of these fraudulent activities can be nipped in the bud with already existing tools that link customer data to cryptocurrency transaction histories. There are platforms that specialize in digital goods fraud protection and can help automate and simplify KYC processes so businesses can learn more about their customers. Thanks to an AI-driven approach, they can make accurate decisions in real time, all the while striking the optimal balance between a healthy fraud rate and a smooth customer experience. As a result, online merchants can uncover high-risk customers, remain AML compliant, and avoid the stigma associated with crypto money laundering. Bottom Line, This Is a Problem That Can Be Solved Crypto payments are in full swing as the number of use cases for cryptocurrencies keeps growing. But as much as the promise of fast, easy payments with typically lower fees continues to intrigue consumers, so it will attract more bad actors and consequently, more fraud. Sure, fraudsters are relentless in coming up with novel ways to bypass security and exploit vulnerabilities, but technology is keeping up. Through training, algorithms continuously take feedback from humans and learn to become more accurate with time. The key is to move swiftly and adopt these new standards so that there is tangible protection from predatory exploits. After all, many digital merchants fail to realize that the collateral damage of digital payment fraud goes beyond the initial financial hit. Lost revenue is reflected through the entire lifetime value of a customer, plus all the damage your brand reputation and loyalty take as they become associated with fraud. To come out on top and grow revenue instead of losing it, it’s a good idea to focus on adapting a safety strategy - one that emphasizes blocking fraud while streamlining the user experience.
Fraud Should Not Be Accepted as Part of the “Cost of Doing Business”
I’ll be the first to admit that dealing with digital goods fraud, especially payment fraud, is taxing. It can be a crippling blow to your business. I would know, as me and my business partner Ziv experienced this firsthand. Some years ago, we lived the nightmare of having 40% of our sales being fraudulent within the very first week of running our own online gift card business. Perhaps even worse was the feeling of being powerless to stop it. If we hadn’t developed a way to address the growing fraud levels (the foundation from which nSure.ai was born), eventually, we would have had to shut down our business. It was that big of a problem. Unfortunately, for many merchants, it still is. The very nature of high-risk digital goods makes them a fertile ground for fraud. Digital gift cards, top-up and prepaid cards, software and game keys - all of these present an attractive target to fraudsters. These can be easily penetrated as they are delivered immediately, and fraudsters can quickly resell them. Merchants don't have the time (or luxury) to vet each payment before a product is shipped, as opposed to when a physical shipment is involved. As a result, fraud happens swiftly and silently. In turn, many digital goods merchants are leaving a lot of money on the table out of fear. They see it as the "cost of doing business", as something that simply comes with the territory. Sometimes the Cure Can Be Worse Than the Disease As overwhelming as fraud can be in the digital goods space, some merchants make the wrong moves. In fact, the measures they put in place end up being equally or more damaging. How? Because a lot of money is lost through inadequate fraud prevention, not just through direct fraud. By inadequate fraud prevention, I mean frequent examples such as: Blocking all IP addresses except their country’sAccepting only credit cards from “safe” geos such as the US and EUImplementing a ‘register today, buy tomorrow’ policyAdding friction to the buying experience by introducing unnecessary unfriendly interface elements such as captcha There’s a lot to digest here. This isn’t 2010. As a digital goods merchant, you can no longer afford to just blacklist certain geos and hope the problem goes away. Yes, some areas really do carry higher rates of fraud. And yes, you will probably catch a few beginners, lazy fraudsters in the act - but that’s it. Not just that, fraud has advanced to highly sophisticated levels and nowadays comes in many forms. IP blocking is old news and there is no shortage of ways to circumvent it, from using a proxy server to VPNs, P2P anonymizers, and more. The principle is the same when you whitelist credit cards from specific countries and/or regions. Once again, the idea is good in theory: accepting online transactions on a global level exposes merchants to CNP (card-not-present) fraud, creating new risks. On the surface, whitelisting certain credit cards provides a smoother experience for returning customers and saves merchants the effort of reviewing orders for fraud. In reality, this is simultaneously creating a massive problem: false positives, wrongly identifying legitimate customers as potential fraudsters. Just how massive are we talking about here? Well, our own research showed that in the first half of 2021, out of over 10 million transactions worth almost $400 million in value, 4 out of 5 declined payments came from real customers. Considering that the industry standard decline rate fluctuates between 15% and 20%, only 4% of the total declined transactions were actual fraud. The rest - lost revenue from both existing and potential new customers. Also, one of the more “optimistic” forecasts shows that by the end of the year, the loss of revenue from false positives will be almost half a trillion dollars. To make matters worse, policies such as ‘register today, buy tomorrow’ add unnecessary friction to the buying experience. Be honest - would you buy from a shop where you had to wait half a day/day to purchase something? With digital goods, where expected delivery is immediate, you likely wouldn’t. Some merchants aren’t even aware of the damage they are doing with their fraud protection strategy. Unless they closely examine each transaction, they can’t know if what they blocked was legit or not. That scope of manual review is neither cost-friendly or scalable. To say that they don’t care would be detached. I’m certain they simply don’t know better. Still, the fact is that most merchants flat out drive away honest customers by default because it’s the "cost of doing business". They got used to it, but all they really do is create friction, lose money, and fail to fully protect themselves. It’s Important to Act Fast and Proactively I firmly believe that digital payment fraud isn’t and shouldn’t be the online merchant’s problem. Compared to their peers who sell physical goods, digital goods merchants are in an unfavorable position. Still, they should know better. They need to if they want to survive the harsh reality. Too many digital goods merchants haven’t updated their fraud protection methods to properly address cybercrime. They’re just masking reality and essentially, paying a hidden tax of sorts by sacrificing a lot of potential sales in the name of fraud protection. There is no time to wait for financial regulation. There is no time to wait and hope things sort out by themselves. That won’t happen anytime soon. Things are going to get a lot worse before they get better. What will happen is rejecting all the good, genuine customers will result in losing them to a huge global ecosystem of competitors, primarily Amazon. It shouldn’t be this way, especially when digital retailers can protect themselves with AI-driven real-time fraud protection. Thanks to advancements in AI, sophisticated tools can cross-reference and validate databases, examine behavior patterns, and more to that accurately separates digital fraud from legitimate customers. In times like these, keeping up with fraudsters without hurting the customer experience is becoming ever so vital for digital retailers - more than ever before. Image credit: https://www.maxpixel.net/Computer-Card-Fraud-Credit-Code-Cyber-Hack-Crime-6077545
Should Digital Fraud Really Be the Merchant’s Problem?
The entire concept of liability, with respect to digital fraud, seems to have happened by mistake. My claim? Online merchants shouldn’t incur (all) the cost. This complete plot (in which the digital merchants are the unwilling martyrs) traces back to the 1950s and the introduction of credit cards (and the system of credit cards). Before credit cards were accepted, there was one way to exchange payments for a product or service- cash. Not so long ago, a person walking into a store to purchase furniture for an entire house, with a stuffed envelope of money, wasn't a reason to alert the authorities about a potential gangster in the house. So, when a piece of plastic was first introduced, around 7 decades ago, card issuers had trouble convincing merchants about its legitimacy. The merchants weren’t paranoid. They indeed had a lot to lose. It was the unofficial beginning of modern payment fraud as we know it today. Plastic but Not Fantastic Simply put, merchants didn’t believe that a resulting sales slip they would get after a purchase was the same as cash. So most refused to accept it as a valid payment method. In turn, consumers were hesitant to switch to the new payment method. 1959 American Express Credit Card Then, credit card issuers realized that if their concept was to work, they would have to provide guarantees for consumers and merchants. In order to claim that their piece of plastic is as valid as a banknote, they had to be financially regulated and guarantee purchases with credit cards for both sides. And so, they became associated with banks. The move eventually worked, ensuring rapid adoption and growth in the 60s. However, soon another problem arose. Before computer networking, the entire credit card system in the USA was very complicated. Every time a consumer wanted to pay with his Diners, American Express, or any other card, the merchant would have to pick up the phone and call their bank. The bank then had to call the credit card company, where an employee had to manually look up the customer's name and credit balance. The inconvenient nature of this procedure meant merchants would often skip some or all of the required steps and simply assume the risk. In many cases, they accepted charges for smaller transactions. They also accepted purchases from known and trusted customers via phone, without verifying them first. This reality led to new procedures and card not present (CNP) transactions were born. For merchants, phone purchases were a great idea because they sped up the buyer experience and provided more convenience. All the customer had to do was provide their credit card number and make the pickup at the store. But credit card companies refused to cover these types of transactions. Because it was difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase, the transaction was susceptible to fraud. As such, the issuer of the card was liable for compensation, and they simply didn’t want to take that risk. So, protecting their customers and themselves on CNP transactions became the merchant’s responsibility, one they carry to this day. New Way of Shopping, Old Problems The advent of eCommerce only amplified this issue. Online transactions were grouped into CNP transactions because at their core, they were the same as phone purchases. The merchant had no way of identifying the buyer and couldn’t guarantee it was a legitimate purchase. When online shopping emerged in the mid-90s, no one envisioned it would become the $5 trillion market it is today. No one gave a serious thought about the potential implications of CNP transactions down the line and how they might hurt online merchants. Credit card companies took the easy way out and created a huge problem that is digital fraud, particularly in the digital goods space. About 15% of online transactions are declined on a regular basis. A third of those get declined by online merchants for legitimate reasons, meaning someone didn't type the number correctly, misspelled their name, didn't put the correct CVV code, or there weren’t enough funds available. These mistakes happen, so let’s say merchants are right to reject these transactions. But what about the rest? Well, 10% of online transactions are declined due to the card issuer's risk evaluation without any information regarding the reason for rejection. In other words, card issuers deem the risk of the transaction being fraudulent too high and provide a ‘Do Not Honor’ code. DNH code happens all the time because credit card companies don't know for sure the nature of the transaction. They want to offer the best possible service and protect their customers, but the lack of data to make an accurate decision means it’s easier for them to not approve it in the first place. This puts the merchants in an unfavorable position because they are at risk of crossing the chargeback “safe zone”. As such, they can receive fines from payment networks for every transaction labeled as fraud and even get blacklisted from accepting online payments altogether. The truly insane thing is that the loss of revenue from false positives will be close to half a trillion dollars by the end of 2021. The fraud problem likely would have never escalated to this level if someone who understands risk management was responsible for it. But since that wasn’t the case, now we have an anomaly where merchants are not responsible for their brick-and-mortar transactions but are responsible for their digital counterparts. Why Digital Goods Merchants Have It Worst In all of this, merchants who deal in digital goods such as gift cards retailers and prepay vendors are at the short end of the stick. You see, payment processors have realized there is money to be made on fraud protection for merchants, so they started marketing their services accordingly. For instance, PayPal literally calls its policy ‘Seller Protection for Merchants’ that aims to protect transactions from chargebacks, reversals, and associated fees. The problem here is that all of the above is true for physical goods. Digital goods - not so much. It’s because payment processors can’t cope with the level of digital goods fraud, as simple as that. Here is what bugs me. The concept of seller protection was one of the key selling points for PayPal, and arguably one of the major reasons why it’s one of the most popular payment processing companies. Accepting payment online with no liability is a huge boon for businesses, but it’s marketed in a way that ignores an entire segment of digital goods merchants who are left behind, essentially. From a business standpoint, companies such as PayPal cannot afford to be conceived as not safe enough, which is why it’s easier for them to sometimes just block merchants if the risk is too high. That’s not something they want to tangle with. Reputation is extremely important in this industry, and because there is no regulation forcing payment processors to do something about it, they take the path of least resistance. PayPal is making some steps toward digital goods protection but, in my opinion, it still has a long way to go (it’s a story for another time). And so, digital goods merchants are left to fight payment fraud on their own, trying to solve one key challenge: how to improve security without adding too much friction to the buying process and compromising customer experience. Unfortunately, many digital goods businesses fall short. Regulation to the Rescue It’s a sad state of affairs where borderless eCommerce is a profitable option for some merchants but less for others just because of the nature of the goods they sell. I believe payment fraud shouldn’t be the online merchant’s problem. They currently have a huge problem on their hands, and they’re limited in what they can do to eradicate it. It’s my belief that eventually, this is going to become an issue for either the banks (issuing and acquiring banks that are the entities that run the credit card networks) or insurance companies that insure merchants. And the solution is not going to come out of their own volition. The competitiveness of the market has already proven it’s not a strong enough reason. The solution is likely going to be because of regulation. Someone who understands financial risk management will recognize the magnitude of the problem and make concrete moves. Whether that happens 10 or 20 years down the line, it’s bound to happen because the fraud problem in digital transactions is getting worse by the year. There is already movement with PSD2 (Second Payments Services Directive), a European regulation for electronic payment services that mandates stronger security requirements for online transactions, but also recognizes and regulates third-party involvement. The implementation of PSD2 is expected to motivate the issuing banks liable by this regulation to rehaul their business models. At the moment, they simply don't have enough data to provide accurate enough decisions, so the regulation will have to evolve further in order to actually solve the problem. The good news is that we're seeing the first steps taken in regards to where the banks need to be in this equation. There are still all sorts of loopholes and delegated authority that allow banks to avoid the risk, but the process has been put in motion, and that’s what counts. What Can Digital Merchants Do? Until proper regulation is implemented, online merchants can protect themselves by relying on this one thing Predictive Artificial Intelligence. AI has the ability to differentiate all the nuances between fraudsters and genuine buyers, and make accurate, real-time decisions without interfering with customer experience. Because it’s able to continuously train and learn, it can keep up with whatever fraudsters are trying to pull off. Anything else will be a step back
The Collateral Damage of Digital Fraud (The Loss of Potential Shoppers)
Digital goods merchants are yet to understand the full impact digital fraud has on their business, most notably the indirect impact on their bottom line. Generally speaking, businesses care far more about what they’re losing as opposed to what they’re gaining. While trying to take precautions to keep fraud at bay, they end up rejecting genuine customers, which results in one thing: Leaving a lot of money on the table. The problem is this: new potential clients being declined due to fraud measures means you are not only losing the value of the transaction at hand - you’re also losing out on their lifetime value (LTV). That one rejected transaction might have been a long-term, loyal customer. So, lost revenue is reflected through the entire lifetime value of a customer, plus all the damage your brand reputation and loyalty take on the way (which are harder to quantify but still have a significant impact). When you factor in all the above, the true cost of digital goods fraud becomes far higher than just declining transactions. As you’ll see below, the math is brutal and indicative of a greater problem - one that can be solved or at the very least, minimized. Let’s Break This Down Here’s the deal: About 15% of online transactions are declined regularly, just to be on the safe side. One-third of those declines are based on legitimate reasons, such as a customer typing the wrong CVV code, misspelling their name, not having enough funds on their card, and so on. Beyond those, 10 of every 100 transactions are declined simply because the card issuer deems them as too high of a risk of being fraudulent. This is the infamous ‘Do Not Honor’ code, where it’s easier to not approve the transaction in the first place due to the lack of data to make an accurate decision than it is to risk being duped. In fact, the 15% decline rate is a "standard" processor/issuer decline rate across eCommerce and online transactions. Now the bigger part of the problem emerges: digital goods merchants do a bit of their own declining. It amounts up to 15% of the remaining 85% that are “generously” left after card issuers do their thing. This puts you in a bind as you risk crossing the chargeback “safe zone” and receive fines from payment networks for every transaction labeled as fraud - even get blacklisted from accepting online payments altogether. Now get this: 4 out of 5 declined payments come from real, legitimate customers. To make matters worse, 72% of these declines are new customers. We are seeing more points of friction than at any time in history right now, which are detrimental to the customer’s relationship with the merchant. Make no mistake - we’re talking about money that will be spent elsewhere, where the shopping experience is smoother and frictionless. The primary suspect is Amazon, which represented 43.5% of digital spending in the U.S. in 2021, up from. 41.8% in 2020. Additionally, the web giant accounted for 55.4% of all gains in U.S. eCommerce in 2021, according to Digital Commerce 360. Unless you're a major retailer like Walmart or Target, that’s the one company you don’t want to compete with. How Much Money Are We Talking About, Exactly? To provide you with the best possible picture of how much false declines are costing you, we offer a quick glimpse into our proprietary data. In 2021, for the gaming and digital gifting segments, the average order value was $29. Considering that the average number of transactions per returning customer is three, this puts the LTV of a digital goods customer at $87 per year. On average, our data shows you lose around 11% (!!) of revenue per month from new legit customers that are declined. For practical purposes, let’s say a business has $10 million in yearly revenue. The loss they would suffer from false declines of new customers would amount to $1.1 million every year. Now insert your business’ number of average monthly transactions and do the math of how much you’re actually losing. Quite a figure, isn’t it? What’s Next? The inherent problems in existing payment processes and the ever-increasing fraud are putting digital merchants under a lot of pressure to approve and deny the transactions they want to. Do payment processors and regulators have a moral obligation to improve their defenses against digital fraud that drives harmful activities? Absolutely. But merchants literally can’t afford to wait for that to happen. As online shopping continues to grow, fraudsters keep trying to take advantage of these new opportunities and customer behavior. From non-sophisticated methods to advanced AI technologies that automate much of fraudulent activities, criminals can operate at scale with hundreds, even thousands of fake accounts. Therefore, finding ways to differentiate between genuine customers and bad actors easily and swiftly is essential. Your focus should be on the number of new people that can be onboarded instead of rejected. If your fraud prevention system works as it should, then there are fewer false declines, meaning you gain the lifetime value of new customers. Any fraud manager worth their salt should take the decline rate percentage of new shoppers in stride and work on decreasing it as much as they can. By focusing on gaining new shoppers that are already expressing a purchase intent instead of rejecting them just to be on the safe side, a direct impact on the bottom line is created. When it comes to immediate, yet long-term remedies, it doesn’t get any bigger than that. Note: Data in this post (unless stated otherwise) is brought to you by nSure.ai, a predictive AI fraud protection company specifically tailored to the digital goods space that approves 98% of transactions with a 100% chargeback guarantee. Image credits: https://pxhere.com/en/photo/1636749 https://pxhere.com/en/photo/484054
The A to Z of Payment Fraud Protection
As unfortunate as it is, payment fraud is a common element of online activities. In fact, it’s an all too common element as a new study shows that merchant losses to online payment fraud will exceed $206 billion in total between 2021 and 2025. Fraud is evolving as fraudsters are constantly finding new ways to take advantage of the expanding digital market. Whether you're a new player or an industry veteran, getting up to speed on how your business can be hurt and protected is critical. Below, we explain different terms and concepts in payment fraud protection so you can learn more about this evolving space, draw a hard line between your acceptance and fraud rates, and make sure you know what type of protection you need. 3D Secure A security protocol that offers an additional layer of security for online credit and debit card transactions. The name refers to the three domains which interact using the protocol: merchant domain, card issuer domain, and network domain. Account Analysis of Transactions Refers to the hundreds of data points that are analyzed in real time, such as the age of the email used for account creation, provided phone number and its ability to receive calls, billing and shipping address, as well as third-party data. It’s important to note that account analysis is only one of the three key analysis points every fraud protection solution should have. See ‘Behavioral analysis of transactions’ and ‘Contextual analysis of transactions’ for more details. Account Takeover (Ato) A particularly dangerous form of fraud that is, essentially, identity theft. First, a fraudster uses automated bots to gain access to an account that has a credit card or other form of payment already authorized to make a purchase. Then, they alter certain account details (e.g. delivery address, email) to redirect the goods ordered by the rightful buyer to them. Authorization and Capture The two-step process that allows merchants to first authorize the cardholder's credit card to make sure it’s valid and that it has sufficient funds available for the transaction, then collect the funds at a later time. For digital goods, as opposed to physical goods where capture happens the moment goods are shipped, the process happens simultaneously, which means that the fraud analysis needs to be completed in real-time. It also means that digital goods represent a different and significantly harder challenge for online retailers when trying to protect against digital fraud. See ‘Delayed vs. immediate goods delivery’ for more details. Behavioral Analysis of Transactions Analyzes the overall market behavior trends, as well as the actions of the individual buyer and groups of buyers with similar or exact behavior by following their exact movement through the buyer journey to identify fraudulent behavior. Data that is analyzed includes time spent between entering the website and attempting checkout, if the buyer looked at different products and product variables such as size, price, and such, if they typed or copy/pasted their personal information, etc. For analysis of cohorts, data used includes groups that exhibit trending behavior together, specific products they browse and purchase, overall market trends when it comes to the age of payment methods, changes in geo distribution, and so on. Card Not Present (Cnp) Transactions Transactions in which the merchant has received the customer's payment information remotely such as online purchases, rather than having the physical card present. As such, these types of transactions have a greater risk for payment fraud. Card-Testing Fraud A type of payment fraud often found in eGaming where test purchases are made via a previously stolen credit card number. Purchases start in small amounts and rise incrementally, as soon as the fraudster realizes they can get away with bigger buys. Every purchase can become a chargeback filed by the credit card’s real owner. Chargeback A forced transaction reversal or a charge initiated by the cardholder’s issuing bank after a cardholder successfully disputes a purchase. Merchants usually incur a fee when a chargeback occurs. Fees vary from $20 to $100 and every dollar lost to chargeback fraud costs an estimated $3.36 due to operational and customer acquisition costs. Chargeback Protection A variety of techniques and technologies such as fraud protection tools that help safeguard merchants by reducing the risk from fraudulent chargebacks. Chargeback Safe Zone The acceptable percentage of transactions that are labeled as fraudulent within the payment processing cycle. A higher chargeback ratio determines the risk factor and ability to process payments. It’s widely accepted that merchants with a consistent fraud rate of 0.7% of all transactions are considered in the “safe zone”. However, the 0.7% rule of thumb is a designated safe zone from the payment network's perspective. As margins are very small and every transaction counts, we suggest 0.5% and below should be the upper limit for every merchant in order to avoid any kind of fines or worse, risk being blacklisted. Contextual Analysis of Transactions Analysis of context of each buyer attempting to make a purchase, against large data sets of proven legitimate and fraudulent purchases. Data includes the location from where the buyer is visiting (GEO), the browser being used, IP address, potential VPN usage, time of day and week, device fingerprinting, and so on. Dark Web Part of the internet that isn't visible to search engines and requires the use of specific anonymizing software to be accessed. Through the dark web, users can communicate and conduct business anonymously and privately, which makes it suitable for a wide range of criminal activities, including payment fraud. Decline Rate The rate at which payments from cards are dropped due to a variety of reasons such as lack of funds on the card, fraud prevention measures, merchant’s poor handling of payments, and so on. Our data-backed report has shown that the average decline rate in the digital gift card segment due to fraud prevention measures is 15%, while eGames and downloadable content have a higher average rate of declines at 20%. Deep Learning A subset of machine learning that simulates the way humans gain knowledge by learning from large amounts of data. To achieve this, deep learning uses a multi-layered structure of algorithms called neural networks which are based on the structure of the human brain Delayed vs. Immediate Goods Delivery Relates to the main difference between fraud protection for physical and digital goods merchants. Delayed delivery comes into play for physical goods retailers as their buyers expect to receive their product only following a certain amount of time to account for shipping times. On the other hand, digital goods merchants are expected to dispatch the goods immediately following the completion of the transaction. It’s important to note that a delayed delivery also happens in instances where merchants employ a large manual review team to analyze the transactions, which can lead to a subpar purchasing experience for buyers. Digital Goods Merchants Essentially websites and apps such as digital gift stores, travel agencies, ticket stores, gaming stores, and software companies that sell digital products that require no physical delivery. These merchants suffer from highly elevated fraud pressure as their products require immediate delivery and have a high resale value. False Declines/Positives Also commonly referred to in the industry as ‘insult rate’, these refer to Ttransactions from legitimate customers that were flagged as suspicious and rejected, in most cases due to the existing fraud protection solutions mistakenly labeling them as fraudulent purchases. Our numbers show that 4 out of 5 declined payments come from real, legitimate customers. To make matters worse, 72% of these declines are new customers, which makes fighting fraud with AI‑based fraud protection platforms an immediate priority. False Approvals/Negatives Transactions from actual fraudsters that the existing fraud protection system doesn’t detect and allows to make a purchase. Our extensive industry research found that the majority of AI/machine learning models can accurately approve only 85% of purchase attempts in the digital goods domain, out of which 84.5% represent legitimate customers, while 0.5% fall on fraudsters. The remaining 15% of the purchases are being rejected in order to be on the safe side. Friendly Fraud Fraud stemming from initially legitimate purchases. Once the buyer receives the product, they open a false dispute with their credit card issuer to reverse the payment on the grounds of supposed problems with the product or not having made the purchase at all. Liability Shifting The gold standard of fraud protection in which fraud protection vendors assume their clients’ fraud liabilities. The goal is not just to help merchants deal with the risk of fraud, but to completely remove it from their business. By assuming their clients’ liability, fraud protection vendors are essentially betting on the success of their product, which is based on an algorithm that can learn autonomously from massive quantities of data. At the same time, this algorithm has to be sophisticated enough to distinguish between genuine customers and all the nuances of fraud. Loyalty Fraud Also known as promotion fraud or promotion abuse where fraudsters, but also employees, partners, and legitimate customers try to game and abuse the system in various ways: by creating multiple accounts to gain access to additional promotions and earn more points, sell or transfer points to non-members, repeatedly return items after earning points, etc. Machine Learning A subset of artificial intelligence that represents the study of algorithms that can improve automatically through experience and by the use of data. In fraud protection, machine learning is used to analyze data (such as the context and actions the buyers took) at a high level of accuracy. Manual Review The process of evaluating the data of a specific transaction by trained specialists to further analyze if the purchase is fraudulent or not. The review process can consist of multiple emails sent to the submitted email address, phone call, requests for the buyer to send the review team some kind of verification of their identity, and other tactics. These are typically labeled as “challenges” within the fraud protection professionals. While employing a team of fraud detection experts may be effective to a point, the reality is that manual review is expensive and slow. For high-volume sales environments where immediate fulfillment is key, this generates a bad customer experience due to delayed delivery. Predictive AI Artificial intelligence supplemented with predictive analytics that leverages machine learning processes. It predicts outcomes using historical data. As a result, businesses can gain deeper insight into trends and patterns regarding their legitimate and fraudulent customers, and mitigate risk. Processor Decline The rejection of payment from the payment processor based on a number of reasons: from incorrect credit card numbers and CVVs, to lack of funds in the cardholder’s account - but also because of the risk of the transaction being fraudulent. Typically, about two-thirds of the declines happen due to the card issuer's risk evaluation. These carry no information regarding the reason for rejection, simply providing a ‘Do Not Honor’ code that means the card issuer is refusing to send an authorization token back to the payment system, thus failing to validate the transaction. PSD2 (Second Payments Services Directive) European regulation for electronic payment services. It mandates stronger security requirements for online transactions and also recognizes and regulates third-party providers to access or aggregate accounts and initiate payment services. Risk Scoring A fraud management approach that relies on obtaining and combining multiple risk scores that are calculated using rough data such as the age of the email address used for a purchase or geographic location of an IP address. The risk score is eventually used to suggest whether to accept or decline a certain transaction. The model of risk scoring lacks concrete decision-making regarding each transaction, which coupled with real-time analysis of various data points makes for a truly risk-free framework. Synthetic Fraud A complex and relatively new form of identity theft in which fraudsters build a fake identity using either real personally identifiable information (social security numbers, home addresses, phone numbers) or combining it with fake sets of information. Two-Factor Authentication (2FA) General term for an additional layer of security for online accounts in which users provide two different authentication factors to verify themselves. This typically includes either a security token such as a smartphone or a biometric factor like a fingerprint or facial scan. True Acceptance Rate The rate of buyers that attempt to make a purchase and are allowed to do so based on a complete analysis of friction points such as geo limitations to a website or app, forced account creation, two-step authentication, account creation declines, as well as PSD2/3DSecure and processor declines. True Payment Fraud Type of fraud in which a credit card is stolen and used to make a fraudulent purchase. The cardholder disputes the purchase, which results in their account being closed with a new account number and card being issued. Back to You It is crucial for you as a digital goods merchant to leverage up-to-date knowledge about payment fraud, as well as industry best practices, to continually upgrade the way you understand and combat payment fraud. Every day, fraudsters are getting more sophisticated - and so must you. We hope this glossary helps you boost your chances and prevail in this fight. Want to know how to translate the above into a fraud protection solution that helps you sell your digital goods with confidence (98% approval rate with 100% chargeback guarantee)? Talk to our fraud product experts today.
Fraud Manager, the Unsung Hero in the Fight Against Digital Fraud
The value that a fraud protection team (and by proxy, the fraud manager) delivers is far different from any other team in the company because it’s perceived differently. A typical fraud team operates in a fairly gray and very tricky area. While they are measured by their impact on preventing and reducing overall fraud, they are not measured by the amount of revenue they contribute, and their impact on the bottom line. Essentially, their role is reduced to mere gatekeepers, overlooking their true value. It doesn’t help that every fraud decision has the potential to upset someone. Whether declining transactions or approving them, there is a looming decision that impacts bottom lines both directly (preventing loss) and indirectly (via the user experience of not declining a legit transaction, and reducing friction where needed). Alas, there is no award for good behavior here. If a fraud manager does everything well and does their job, there’s no applause. But if something goes wrong, they get reprimanded for subpar work. Their ongoing work to minimize fraud is rarely recognized the way it should be. The entire perception of the fraud team’s effect and role needs to be modified and measured accordingly. So, we’ve come up with a new KPI - one we hope will make everyone more effective and impactful in the fight against fraud. Why a Fraud Manager Should Be Glorified Here is the simple truth that often gets ignored: The diligent work of the fraud team translates to extra money for the company. As it happens, businesses care far more about what they’re losing as opposed to what they’re gaining. This is only natural. In psychology and behavioral economics, there is a name for this - loss aversion. Fraud managers are pressured to take extra precautions to keep fraud at bay, resulting in rejection of genuine customers, harming user experience, and leaving a lot of money on the table. Our point is this: Instead of the fraud manager being conceptually responsible for decreasing the amount of chargeback and fraud in general, they should just as much be held responsible for getting people in, so to speak. In other words: it’s about time we give them the credit for actually increasing the bottom line. Here’s what we have in mind. Introducing a New KPI: The Revenue of New Fraud Suspect Shoppers Gained For every business, one of the most important metrics is customer acquisition cost (CAC) because it helps calculate the overall value of a customer and the resulting ROI of an acquisition. Stating the obvious, right? What isn’t obvious is measuring the acceptance rate of new shoppers in spite fraud. By all accounts, it should be. For example, a digital goods merchant can have a cushy 0.2% chargeback rate and a decline rate of 15%, which is roughly the average decline rate in this segment. But when talking about the decline rate for new customers, the average is around 25%. That’s simply what happens. The tendency to decline new consumers is always higher than it is to decline their long-term peers - ones you have an LTV on, know transaction history of, and other data. So, imagine all the first-time buyers who recently snagged up a gift card, discounted coupon, and such, beyond the holiday season. Each and every one of them can become a loyal customer and even a brand advocate. Too many are getting declined. It’s time to invert the pyramid and measure this from the bottom up, calculating the impact of fraud manager’s performance on the bottom line through a “hidden” KPI: the revenue of new fraud suspect shoppers gained. How? We suggest the following formula: % of new visitors that were onboarded instead of rejected within a specific time frame * their lifetime value. Let’s say that just 5% of new customers are added on a monthly basis through the deeper discovery of the root causes of fraud: poor customer experience, inadequate fraud protection tools, inefficient merchant operations, or any other issue. Multiply that 5% with the customers’ lifetime value and voila - the narrative changes. It’s about how much money the company could have lost but didn't due to the aforementioned action. The fraud manager is actually impacting the company’s top line through a certain amount. Add the gross margin to the mix and you also get an understanding of how the bottom line is impacted. They literally bring money that is otherwise lost for absolutely no good reason. Where Is the Catch? There isn’t any. What we’re saying is an observation of industry peers who are privy to the inner workings of mid/large companies and their fight against payment fraud. A simple change can make a huge difference. Think about the way this shift in approach could improve the way employed fraud professionals perceive themselves. It would do wonders for their motivation and heighten their sense of belonging to a company that fully values their expertise. Too many businesses operate under the misconception that their anti-fraud initiatives are designed for one function alone: loss prevention. Cybersecurity is a team sport where everyone has to work together to keep up and stay afloat. Successful fraud management can’t happen without everyone - the fraud team, technology - playing a role in properly responding to fraud, not just detecting and preventing. We say this because the fraud team can’t do it alone. They need the right set of tools to improve their efficiency, something that will detect fraud quickly and accurately in real time. Artificial intelligence, in other words. It can reduce the time usually spent investigating each case and improve the accuracy by providing actionable insights to make a decision where it’s needed. This not only translates to less fraud but also to less customer friction. Now, this is a sensitive area due to technology’s power to be a game-changer - and a job changer too. While adequately trained AI models are effective at preventing fraudulent activity, the human touch is always going to be needed. There’s always going to be a need to still view the alerts and perform analysis to understand why a customer or transaction was flagged. Plus, someone needs to take care of training data availability and accuracy, as well as make sure that the right processes are adopted so that AI models can improve over time. By understanding this, the fraud team will have a clearer idea of how the AI model learns and works, and ultimately - helps diminish fraud. The reality is that a fraud manager is expected to act a certain way because they operate within the confines of fraud losses. They need to realize their true position within the system - as heroes who can save the day over and over again simply by thinking bigger. Image credits: https://www.quotemaster.org/loss+aversion#&gid=1&pid=3 https://pxhere.com/en/photo/1625828
The Shocking Level of Digital Fraud and Decline Rates in 2021 (According to Data)
Here’s what you already know. Digital fraud has become an all too common sight, especially in the digital goods space of gift cards and gaming. And here’s what you should avoid. While trying to take precautions, you end up rejecting legit buyers, leaving a lot of money on the table. The real question is how high decline rates are compared with actual fraud rates and how they impact your digital goods business. The answer to this question is what hinders your growth. And so, we decided to reach into our treasure trove of data - over 10 million transactions since January 2021 totalling almost $400 million in value - to help paint a clear picture of the state of fraud in digital goods and what you can do about it. Below are the actual fraud rates vs. decline rates by industry and geo - all backed by data. We’re sure you won’t want to miss this eye-opening report. The Decline Rates Are Higher Than You Think (And Are Getting Worse) High decline rates are a very common reality for digital merchants trying to minimize the possibility of fraudulent payments. But, with the boom in demand for global digital goods, this problem has become worse. Our team of data scientists uncovered that the average decline rate in the digital gift card segment is 15%, while eGames and downloadable content have a higher average rate of declines at 20%. The higher percentage in the latter segment is the uppermost end of the industry standard decline rate of between 15% and 20%. Here is the scary part: only 19% of those declines are actual fraud, meaning 81% are real buyers. When digital campaigns are actively running, such as promotions or discounts, the rate drops further down to only 16.2%. Let us put it differently. Up to 4% of overall declined transactions are actual fraud, which is the highest decline rate that digital merchants should be aiming for. But the unfortunate reality is that payments from legitimate shoppers are being turned down. The fact that 4 out of 5 declined payments come from real customers should give a pause to every digital merchant. Reevaluate the True Cost of Fraud To make matters worse, 72% of these declines are new customers. This is important because the final cost of fraud doesn’t stop at that one rejected transaction. Some of these mistakenly rejected customers were going to be long-term, loyal customers. Instead, they turn to Amazon (for the most part) where the shopping experience is much smoother and frictionless. In reality, the false declines you have are actually the minimum of what you are losing in terms of revenue. So, lost revenue is reflected through the entire lifetime value (LTV) of a customer, not to mention the damage to brand loyalty and reputation. This means that when you factor in all the above, the true cost of digital goods fraud becomes even higher than just declining transactions. Our estimates put the total fraud costs on a global level around the $108 billion mark. Fraud Is Everywhere, But…. The impact isn’t spread evenly. Here’s a breakdown of actual fraud within declined transactions per geos: The markets in North America and Europe are close to industry averages. For North America, the percentage of declined fraudulent transactions for digital goods is 21% while in Europe, it’s 17%. Considering that the industry standard is between 15% and 20% and that these markets are technologically mature, these are still high percentages. This implies that 79% and 83% are false positives and wrongly declined. When it comes to fraudulent transactions, things are far worse in Asia, and especially in LATAM and Africa. In Asia, 38% of declined transactions are actually fraud, while in LATAM and Africa, those rates are 52% and 56%, respectively. Why do we see such high percentages in these areas? Because many companies are lacking security resources and have weak verification systems which, coupled with poor customer awareness, make payment fraud possible with relative ease. Then, there is the regulation. The use of digital payment services is proliferating at a pace that most regulators can’t keep up with, creating opportunities fraudsters are quick to seize upon. And, there is limited access to best-in-class fraud protection solutions, which makes striking an optimal balance between customer experience and safety a constant struggle. We also noticed that the worrying levels of fraud in LATAM, Africa, and Asia have another impact. Many vendors opt to decline customers from these regions based on their high average decline rates, which ultimately means more false positives. Digital Gift Cards vs. Egames - Who Takes the Lead? With an all-time high demand in 2020, the interest in digital gift cards has resulted in more fraud than ever before. So, 27% of declined digital gift card transactions are real fraud, which means only 4% at max of total transactions is actual fraud. This is driven by the fact that digital cards are anonymous and issued immediately, making them an attractive target for fraudsters. The gaming industry is faring slightly better with 18% of declined transactions being actual fraud. But, certain categories have very high fraud rates. One such category is in-game purchases (various items or points that a player can buy for use within the game’s virtual world) where a whopping 41% of declined transactions are real fraud. When it comes to console gaming, there is no real difference as the two of the most popular services – Xbox Game Pass and PlayStation Now - are at 15%. Turn This Into an Opportunity It’s no secret that fraudsters are here to stay. Plus, the fraud problem is only going to get worse as it grows more sophisticated and more effective. This is not a lost battle. You have the opportunity to change your mindset about how you effectively protect yourself from fraud. Manual reviews don’t cut it anymore. So, now is the time to step into the AI-driven fraud protection game that makes accurate decisions in real-time, and finds the optimal balance between a healthy fraud rate and smooth customer experience. And think about this: with a constantly growing volume of online transactions and the right fraud protection solution in place, you’ll be able to meet demands at scale to capture all potential revenue. In other words - grow your business with confidence. Just in time, if you ask me. Note: This data is brought to you by nSure.ai, a predictive AI fraud protection company specifically tailored to the digital goods space that approves 98% of transactions with a 100% chargeback guarantee. Offer: Want to pick our brains on how to protect yourself from digital fraud? Let’s talk. No strings attached.
How to Stay in the 0.5% Chargebacks “Safe Zone” for Digital Goods
Fact: industries such as eGifts and eGaming are under constant threat of fraud. According to a recent study sponsored by PayPal, the primary challenge online businesses are facing is battling the increasing sophistication of fraudsters. This is followed closely by not having the right tools or practices in place to mitigate online fraud, which doesn’t make life easier. The result? This reality affects your bottom line. How Are Online Merchants Losing Money, Exactly? As an online merchant, you’re probably living in a reality where you still have to manually review transactions as your last line of defense. Of course, employing a team of fraud detection experts may be effective to a point, but they are expensive and slow. This generates a bad customer experience due to delayed delivery (it takes time to review all the relevant data - anywhere between 30 and 120 minutes per purchase). For high-volume sales environments where immediate fulfillment is key, you should avoid this by all means. Another option is enforcing strong rules and/or restrictions for all customers. This basically means blocking out any suspicious-looking transactions. This naturally adds some type of friction to the buying experience and sometimes can reject your legitimate buyers, leading to a significant drop in transaction conversion rates. Look, we understand. Times are tough, but I am happy to say there is a cloud of hope amid all this negativity. In this post, I’ll show you a better way to not only combat fraud but prevail against it and stay in the 0.5% chargeback “safe zone” for digital goods. Let’s first make sure we are on the same page: What Is the Chargeback “Safe Zone” and Why 0.5%? A chargeback safe zone is the acceptable percentage of transactions that are labeled as fraudulent within the payment processing cycle. A higher chargeback ratio determines the risk factor and ability to process payments. It’s widely accepted that merchants with a consistent fraud rate of 0.7% of all transactions are considered in the “safe zone”. The zone between 0.7% and 0.9% is often referred to as the ‘danger zone’ where businesses have to be extremely careful not to end up, as it basically means you’re flying too close to the 0.9%+ sun. Those that end up with a fraud rate greater than 0.9% will be outright flagged as high-fraud merchants. This means two things: Incurring major fines from payment networks for every transaction labeled as fraud.Getting blacklisted from accepting online payments altogether, which is a fast lane to potentially shutting down the business. Now, the question I’m pretty sure is on your mind: why 0.5% and not 0.7%? The 0.7% rule of thumb is a designated safe zone from the payment network's perspective. The thing is that the margins are very small. And so, every transaction counts and it’s very easy to “wander” into the danger zone and get slapped with fines. We believe that I cannot stress enough that as a merchant, you are solely responsible for your individual fraud/chargeback rates. Here Is How Fraud Prevention Impacts Your Purchase Conversion Rates The pandemic-driven shift to online transactions was always going to put front and center one key challenge: to beef up security without causing too much friction for new and loyal customers. While optimistic in their intent to successfully solve this challenge, many digital goods businesses fall short. Based on our extensive experience in the fraud protection field and independent research, we found out that the fraud management framework set in place has a ripple effect across the general conversion rate of purchases. By safeguarding against fraud, you actually create friction in the pre-purchase process, in the form of: Blocking certain geosMaximum purchases per day per IP addressMaximum payment allowed per card per 24 hoursPayments with 3-D Secure/PSD2 implementedTwo-step verificationAnd more However, these friction points routinely lead to false positives/declines. You indeed get to keep away a significant amount of fraudsters and fraud schemes from harming you - that is, until they figure out the "rule" and then circumvent it. At the same time, you also push away your legitimate customers due to overly tightened acceptance parameters. You get it. You end up with low conversion rates and a worrying number of false declines at the point of purchase. It’s not just about false declines. It’s also about your customers-to-be who are unwillingly directed to another seller, meaning that you lost revenue from that individual purchase AND future ones from a potentially loyal customer. About 40% of new shoppers simply won’t come back for another purchase after experiencing their first decline. These lost customer relationships are never recovered. When you add the long-term damage caused by lost loyalty, friction-driven failed sales, the actual cost of digital goods fraud becomes far bigger than expected. In our experience, removing these friction points can increase the conversion rates by more than 100%. This is because the entire purchasing process becomes more enjoyable (higher conversion rates), which leads to continued sales to the same buyer (brand loyalty). In turn, the good word spreads across social media (positive brand image), creating a neat loop. We all know it’s typically far easier and cheaper to get repeat business from existing customers than it is to win new ones from scratch. For all of these reasons (but also because it’s common sense), it is critical to consider the true influence of a fraud prevention system on purchase conversion rates. How to Remain in the “Safe Zone” I have three words for you: Predictive Artificial Intelligence (AI). AI is the reason why we have liability shifting today - the best fraud prevention model the cybersecurity industry has to offer. Liability shifting is the higher security standard in which fraud prevention companies assume their clients’ fraud liabilities. This represents a significant change in the handling of payment fraud as the goal isn’t just to aid businesses deal with the risk of fraud but to completely eliminate it from their ranks. Thus, liability shifting has a highly advanced technological component as it applies a machine learning algorithm that learns autonomously from mountains of unknown data. Thanks to continuous training and learning, it can differentiate between fraudsters and genuine buyers. In fact, it is also able to tell apart nuances of actual yet unusual purchases. A confused grandfather getting a little something for his grandchildren or a purchasing agent buying supplies over a legitimate VPN will both rightly account as legitimate transactions. AI has the ability to make these assessments in a blink of an eye and with as little customer disturbance as possible. It allows you to provide a friction-free customer experience and still keep up with whatever fraudsters are scheming. Unlike physical goods, the immediate delivery of digital goods requires real-time, automated decision-making to approve or decline the transaction. I’ll go even further and say that in today’s high-tech world, manual detection should be viewed as a weakness, even though it acts as the last line of defense in many cases. Human fraud detection teams are expensive by nature, as they are slow and not completely resistant to errors. And the numbers speak for themselves. Research suggests that the annual cost of manual reviews for a small merchant is roughly $378,000, while the figures rise up to around $825,000 for medium-size merchants. If your current fraud protection setup isn’t continuously monitoring for fraud and/or is overly reliant on rules and restrictions, you are likely rejecting legitimate customers. So, the solution for a comfortable spot in the chargeback safe zone is a predictive AI fraud protection system that makes accurate suggestions and decisions in real-time by finding the optimal balance between a healthy chargeback rate (under the 0.5% threshold), no rules, and low manual review costs. But... Not All AI Is Created Equal Singing praises about AI is one thing I’ll be more than glad to do any time of the day. Still, I wouldn’t be much of a credible person if I failed to mention that AI will likely never be perfect. Despite being far and wide better at analyzing online purchase behavior more accurately and at scale than any human team, AI/ML models still aren’t 100% right. Our extensive industry research found that the majority of AI/machine learning models can accurately approve only 85% of purchase attempts. These represent the clearly legitimate buyers, which is about 84% on average, while the remaining 1% falls on fraudsters. Then, there’s the issue of how most solution providers implement liability shifting. The remaining 15% of the purchases are being rejected in order to be on the safe side. I stand by my words that liability shifting is the state of the art in fraud prevention but there is no denying there is room for improvement in terms of its accuracy. Another important thing to note is the generality of existing fraud prevention solutions. Whether we are talking about crude identity management to advanced machine learning tech, the majority of options on the market were developed with e-commerce sales specifically in mind. Where does that leave your business in dealing with digital goods fraud? Short of the finishing line, I’m afraid. To be fair, these products do their job for the most part and minimize exposure to fraud risk, but they also inadvertently do some harm as they treat all online sales alike. This is a time of continuous change where each product category has its own challenges to overcome when fraud comes knocking on the door. And what’s happening now in digital goods is no exception so each category calls for a tailored solution for maximum results. The 85% mark is what a standard AI/machine learning model is able to correctly determine when it comes to the legitimacy of payment purchases. I say ‘standard’ because we at nSure.ai have raised the stakes… We’re proud to guarantee a 98% transaction approval rate for digital goods. Here’s how you can have peace of mind and sell digital goods with confidence. What Makes the Best Fraud Protection Solution The first step to the best possible protection for your business is to get a holistic understanding of how each piece of the fraud-fighting puzzle fits in the big picture. In that regard, there are three key elements that ultimately make the best fraud protection system: Hundreds of different data points for analysisSegment specializationHigh level of transparency For instance, nSure.ai examines more than 500 data points and their combinations in its relentless hunt for fraudsters. A large part of this data isn’t even understandable to humans so running it through our algorithm offers a higher level of specificity than any manual review. Analysis of various data points is usually a mix of three loosely categorized groups: Contextual data, Behavioral data, and Account data. Contextual data refers to “passive” features of the transaction, such as: IP address of the potential buyerpurchase sizedevice type usedtheir browsers and more. Behavioral data concerns the “actions” of the customer, including: how much time they spend on the pagethe time elapsed between entering the website and attempting checkoutwhether they typed or pasted the password opted for a discount or paid the full priceand more. Account data refers to all the details tied to the account making the purchase. These include: the age of the email used to create the accountverification of the phone numberaddress of both the cardholder and the shipping address (if applicable)and more. In some cases with a comprehensive fraud prevention system, the services of third-party data vendors are retained. This allows the analysis of outlying data points that might be relevant to the overall decision of which purchases to accept or decline. Data is critical for any AI fraud-fighting effort as a machine learning algorithm is only as strong as the data it is fed with during training. That is how we are able to deliver over 98% accurate approvals, declining only 2% of your sales, compared to the 15% industry average. In that spirit, segment specialization allows the focus to be primarily on specific product categories across the e-commerce landscape, instead of treating all the transactions the same. Speaking for our segment, the challenges of digital goods are unique and have to be handled as such. Products like digital gift cards are ideal for fraud operations at scale as they personify speed and convenience. They are sold and delivered digitally and immediately, are anonymous, and can be easily resold. Now compare that to a merchant selling physical goods online. It’s hardly the same, right? There is less data to work with, which requires better use of the existing information. This is why segment expertise. And you should always demand a certain level of transparency from your fraud protection vendor. Still, making decisions regarding which transactions are genuine and which aren’t in real time means it’s somewhat difficult to exactly point to the factor(s) for each declined transaction. But knowing the reasoning behind these decisions allows you to keep your finger on the pulse of your approval and decline rates. As a bonus, we offer a 100% chargeback guarantee, providing yet another layer of confidence in what you’re doing. “For the Times They Are A-Changin’” In the words of the immortal Bob Dylan, the times they are a-changin’ and fraud is very much included. There is a distinct lack of regulatory oversight and industry standards for digital goods, which mean two things: There is very little protecting companies of all shapes and sizes from chargebacks caused by these fraudulent transactions, as well as other types of digital goods fraud.Fraudsters can freely come up with effective schemes that target you, an honest merchant going about your own business - literally. So, it’s not surprising to learn that fraudulent digital transaction attempts against businesses increased 46% worldwide and 22% in the U.S. between March 2020 and March 2021. These attacks aren’t going away. If anything, they are likely to continue at a steady rate, if not incrementally increase. Successful fraud prevention relies on sophisticated innovation driven by predictive AI. But it also relies on you. On your intelligence, experience, and instinct to focus on the right practices and policies that will help you steer clear from chargebacks and rejecting legitimate customers in the first place. Image credits: https://cindygeodev.wordpress.com/2015/07/15/developing-an-asset-management-gis-data-maintenance-methodology-part-3-data-processing-updating-working-the-magic/ https://davidbaptistechirot.blogspot.com/2016/10/meme-maker-lab-safety-memes.html https://ahseeit.com/?qa=56271/customer-service-is-easy-if-there-are-not-any-customers-meme https://imgur.com/t/buzz/Gt8379s https://giphy.com/gifs/tom-cruise-dustin-hoffman-rain-man-FFFGVpPUyQSGY Want to sell your digital goods with confidence? Talk to our product experts today!
The State of Digital Goods Fraud in 2022
Here’s an interesting fact to start your day: consumers spent $861 billion online with U.S. merchants in 2020, representing an incredible increase of 44% year-over-year. By now, it’s clear that the maddening pandemic has been as much of a boon for online businesses as it was a curse for brick-and-mortar ones. However, with the demand for global digital goods exploding, it’s not just the legitimate businesses that look to make a profit. The favorable market boom came with a corresponding increase in online fraud, especially in payments to various digital goods, spiking at the very beginning of the pandemic and retaining unreasonably high levels. For all U.S. merchants, both store-based and online, the cost of fraud is up 7.3% in 2020 from 2019. However, mid-to-large retailers selling digital goods are hit the hardest by fraud attempts with monthly fraudulent transactions up by 37.1%. As unfortunate as it is, fraud is a common element of online activities. What shouldn’t be common are the ways online criminals are taking advantage of this expanding digital market. They are literally cashing in on the opportunities presented to them. As a team with more than 35 years of combined experience in fighting digital goods fraud, we understand the situation all too well. It pains us to say that it’s no surprise to see fraudsters finding their way into the ecosystem and thriving. The good news is that businesses can learn about these fraudulent actions and prevent their consequences by examining the behavior of everyone involved in this “racket”, most notably the businesses themselves. So, let’s dive into why this is happening and how you can dramatically lower your business fraud risk. Why Digital Goods Like Egifts and Egaming Are Under Constant Attack Fraudsters have a narrow but precise focus when it comes to their targets: Ease of purchase acceptanceTime to ROIResale value In other words, they target retailers dealing in digital goods because they can be easily penetrated, there are no shipment issues, and they can quickly get their hands on money. These are all the reasons why particular industries like eGifts and eGaming are experiencing the brunt of fraudulent efforts. According to Forter: Digital currency gift cards are the target of fraud attacks 5x the normal rate.Downloads (apps and music) are targeted by fraud attacks 3x the normal rate.Console games (Playstation, followed by Xbox and Nintendo) experience fraud attacks 2x the normal rate. What’s Happening in the Egifts Market Demand for digital gifting reached an all-time high in 2020, with 71% of consumers saying they are more interested in digital gift cards than other gifts. However, digital gift cards present a highly appealing proposition to fraudsters for the same reason consumers love them: they are issued instantly and are anonymous. The high level of flexibility and convenience appeals to the dark side too. On top of that, they have a high resale value. Together, they form a potent combination for automated fraud at scale, which is exactly what’s happening today. Let’s take a closer look. Being anonymous means digital gift cards are virtually (interesting choice of words, we know) untraceable. It’s extremely difficult to prove that the goods were delivered to the intended person. Furthermore, it’s fairly easy to shop directly or receive resale value for a gift card, whether in the form of money, other goods, or even cryptocurrency. As a result, your business is bound to lose and eat the charge. All of this is evident during peak sales seasons such as holidays and special events like Black Friday where the sheer volume of transactions acts as a cover for fraudulent ones. Digital gift cards are one of the most common purchases, and some merchants make the fraudster’s job easier by loosening up a bit their fraud control. This is a well-intentioned but ultimately misplaced effort on their part to provide a smoother and faster customer experience. How Egaming Is Faring With Fraud When it comes to eGaming, the principle is largely the same. GlobalWebIndex's data shows we have passed the 1 billion mark of people streaming games each month. One in five gamers has experienced fraud when paying for games online, while one in three reports being less likely to spend money on online games due to concerns around fraud. The influx of new gamers driven by the pandemic meant gaming platforms needed to implement quick onboarding to keep up with increased volume in registrations, which understandably led to “relaxed” screening and payment checks. The corresponding surge of in-game payments for items, in-game currency, features, additional levels, and so on has created various opportunities for wrongdoing. There are numerous accounts at play here, most of which have payment details on file and some of which aren’t real, to begin with (run by bots). When you factor in the relative anonymity these accounts offer and lenient KYC (Know Your Customer) checks, you get a fertile ground for payment fraud to prosper. For large gaming platforms, the risk of online payment fraud is also high because they have to deal with payments that require real-time approval, as gamers want instant gratification, just like any consumer wants. So, thieves have been taking advantage of the resulting situation by stealing payment data and engaging in financial crime. What Both Verticals Have in Common It’s important to understand that: digital gift cards don’t fall under industry standards for tracking and use as credit and debit cards, for instance.there is a lack of regulatory oversight in eGaming If you’re potentially targeted by online payment fraud in these two verticals, you are largely left to fend off these attacks yourself. This means fraudsters have almost unprecedented freedom to come up with different but effective schemes. Speaking of schemes: How Fraud Has Evolved: From Unsophisticated to Cunning Means Naturally, payment fraud remains the undisputed champion of fraud risk, with the most frequent cases involving hackers obtaining access to databases that store credit card information. What makes this especially effective is the fact that the majority of these credit cards are still valid in the eyes of payment networks (not yet labeled as fraudulent) as the cardholders themselves aren’t aware their sensitive information has switched hands, so to speak. Sadly, digital fraud takes on many forms, including: Account Takeover To improve their chances, fraudsters deploy bots, software programs that automate specific tasks like entering payment and checkout details, in something called account takeover (ATO). How account takeover works Basically, this is a form of identity theft. Upon getting access to the account, the scammer will alter certain account details, like the delivery address and email, to redirect the goods ordered on that app or website to them instead of the rightful buyer. Bots scale the fraud operation while also mimicking a genuine human buyer’s behavior as closely as possible. As you can imagine, this makes it very difficult to protect against. What’s more, if the bot attacks are successful, fraudsters may extend their attempts to an organized attack, which will likely continue until the product’s inventory is depleted. It’s also worth noting that some bot attacks are specifically designed to exploit specific sites and brands. So, if a fraudster sees an opening in your platform, you are likely painting a big target on yourself. Account Aging Related to ATO is account aging. Lately, this fraud practice has become popular because it allows fraudsters to build up a breached account’s reputation. They sit on stolen information and let the account “age” like wine, thus making it more difficult for fraud detection teams and automated rules-based systems to identify bogus accounts from real ones. Friendly Fraud/Chargeback Fraud There are several other fraud types you should be wary of, starting with friendly fraud, also known as chargeback fraud. It begins with a person making a legitimate purchase. However, once they receive the product, they open a false dispute with their credit card issuer to reverse the payment on the grounds of problems with the product or not having made the purchase at all (credit card fraud). The fraudsters may be trying to have their cake and eat it too - receive both the product and keep their money (also called stealing), or they may simply experience a case of buyer’s remorse - regret the purchase and no longer want the product. Examples of friendly fraud include the buyer asserting that: They didn’t make the purchase although they didThe order was canceled but still shippedThe item delivered does not fit the description or expectationsThey didn’t receive the item at allThe item was returned but the seller didn’t issue a refund The dark side of friendly fraud is that it’s very hard to predict and prove human intentions in these cases, especially since not all of them are intentional and malicious (e.g. the kid trying to get his hands on the latest Halo game or the buyer forgetting they made the purchase). Loyalty Fraud Also known as promotion fraud or promotion abuse. Not so fun fact: more than two-thirds of loyalty/promotion programs have been the victim of fraud. What’s intriguing here is that it isn’t just typical fraudsters that are the culprits. There are three main types of loyalty/promotion fraud offenders: Fraudsters/hackersInsidersLoyalty members The first group targets unsecured or poorly secured loyalty accounts, which is often the case with such accounts. This allows them to carry off user’s credits and promotions through account takeover schemes. Loyalty fraud also comes from where you least expect it: your employees, partners, or legitimate customers. They hardly appear like your run-of-the-mill scammers but here we are. This type of fraud may occur during checkout, when a customer doesn’t associate their purchase with their loyalty account, allowing the employee to credit their own or their friends’ accounts. Retailers that don’t have capable tools to track the attribution of loyalty points are most at risk of insider fraud. [pic] Awarding your loyal customers with points, special discounts, and other membership privileges is a popular and successful method to build your relationship with them. However, you should be aware that some loyalty members may try to abuse this and gain undeserved loyalty advantages by “gaming the system” in various ways: Creating multiple accounts to obtain access to additional promotionsSelling or transferring points to non-membersMaking a purchase with the accrued intent to return it for cashDouble-dipping - simultaneously using points online and in the physical store. Card-testing Fraud As for the more cunning fraud developments in the eGaming field go, enter card-testing fraud. A thief gets their hands on a single stolen credit card number access or a list of them and begins making test purchases. These tend to go unnoticed because of the aforementioned nature of numerous in-game payments that happen in small amounts. Starting with $0.99 and incrementally rising, these charges grow into more costly ones as soon as the fraudster realizes they are possible. Every made purchase, regardless of how big or small, can become a chargeback filed by the credit card’s real owner. True Fraud Finally, there is true fraud, in which a credit card is stolen. In the gaming environment, funds from the card are used to beef up a game account so it can be sold on a trading site. And these sell well because the asking price is considerably lower than what was spent on building the profile as it’s all profit for the criminals. When the real cardholder discovers these charges, they file a chargeback dispute, and we’re pretty sure you know by now on whom the harm falls if the card owner is successful. The (Un)Expected Ways Businesses Are Hurting The end result of all this fraud goes beyond the usual hit in the ROI area or as we like to call it - the cost of inadequate fraud protection. Here are five factors leading to soaring fraud-related costs:Human workforce (manual review)Lost revenueRisk scoring toolsChargeback costsThird-party enrichment We already mentioned fraud detection teams whose job is to manually review transactions and approve or reject them. Not only do these teams cost salary-wise, but they are also costing the business with slow and often excessive analysis that is driving away potential customers with a poor customer experience (as opposed to instant gratification). As a result, the lost revenue is not reflected through a case-by-case individual purchase but through diminished brand loyalty and reputation. It’s reasonable to assume that at least some of these potential customers that were mistakenly declined, were potentially long term loyal customers. On top of which, the receivers of digital gift cards would have likely bought more credit, which is another lost opportunity. In an attempt to protect against fraudulent purchases, some businesses implement pre-purchase friction. These pre-purchase friction points often lead to another form of lost revenue: false declines/positives, as they not only drive away the fraudsters but also honest customers. Risk scoring tools, one of the standard ways to filter out legitimate transactions (those that should be accepted) from fraudulent ones (those that should be declined to avoid the chargeback), charge per transaction analyzed. For enterprise-level companies, this can be ridiculously costly due to the sheer volume of transactions, especially if there is a need to implement other third-party enrichment vendors to reach an accurate decision. When it comes to chargeback costs, fees vary from $20 – $100. Every dollar lost to chargeback fraud costs an estimated $2.40 due to operational and customer acquisition costs. So a $100 chargeback fee actually costs $240. An important side note: we can’t stress enough that online businesses are solely responsible for their individual fraud rates or chargeback rates - the percentage of transactions that become labeled as fraudulent within the payment processing cycle. As a rule of thumb, any retailer that has a (consistent) fraud rate greater than 0.9% of their transactions will be labeled as a high-fraud retailer. [Safe zone, danger zone, high-fraud retailer zone graph] This means a higher chargeback ratio that also determines the risk factor and ability to process payments. Eventually, a business can be blacklisted from accepting payments online completely and ultimately, shut down for good. Payment card fraud losses reached $28.65 billion worldwide in 2019 (the jury is still out on 2020 data), and these losses don’t include merchants’ operational costs related to inadequate fraud fighting. To illustrate the point: approximately 15% of card-not-present (CNP) transactions involve costly manual reviews of pending sales, even though 90% of those transactions are approved. About 40% of fraud mitigation costs involve a manual review of CNP transactions. According to the True Cost of Fraud study, the total cost of fraud is an average of $3.78 for every dollar of fraud lost in the pre-COVID period for companies dealing with financial services in the U.S. (up from $3.35 since 2019). When all of the costs mentioned here are combined together, our estimates show that businesses are liable to lose anywhere between 250% and 350% in associated costs. Ultimately, this puts our estimates at around the $108 billion mark for global fraud when it comes to total fraud costs. Tackling the Challenges With AI With high customer expectations and a rising focus on digital channels, businesses are hesitant to apply stronger policies that have the potential to limit customer interactions with their brand and potentially turn away good customers. On the other hand, customers expect brands to trust them and provide a smooth, frictionless purchase process. So what can businesses expect and do moving forward? First and foremost, the need to automate the existing fraud prevention process with AI due to a growingly more complex environment. You see, fighting fraud in digital goods with conventional fraud prevention tools is almost the same as fighting the current pandemic with social distancing. It will help but up to a point where only a vaccine will do the rest of the job. The biggest challenge digital goods businesses are facing when fighting fraud is implementing a fraud protection system that will be able to: make accurate suggestions or decisions for the highest percentages of transactions as possible;maintain a high true acceptance rate and low chargeback (fraud) rates while limiting manual review costs;do it all in real-time. Data science and AI/machine learning fully address these concerns due to their ability to analyze the context, user behavior, and account details in real time. Then, compare them to those of past buyers that have already completed the same purchasing process. This translates into correct decision-making. In real time. Without turning off your customers. The only feasible way to achieve this is the ability to analyze these transactions in real time via high-functioning AI/ML models. Simply put, you need to bring your AI game. Digital Goods Fraud Is a Real but Solvable Problem Here at nSure.ai, we’ve been getting a lot of inquiries due to our capacity to help reduce fraud in situations where there is a limited course of action, so we wanted to share our thoughts and musings. Online transaction volumes are increasing so businesses need to be ready to meet demands at scale to capture all potential revenue. And it’s no secret that fraudsters are here to stay. This requires a clear understanding of the payment fraud landscape, as well as the responsibilities and roles each player has in the larger online transactions process. We mention this deliberately as research has shown that digital fraud victims often overestimate the ability of governance mechanisms to prevent fraud and tend to have misplaced trust in them, which leads to dire consequences. Simply put, businesses must understand this new consumer and fraudster behavior, along with the broader context to approve genuine transactions without impacting the customer experience and bottom line. The fact is that payment fraud is getting more sophisticated and effective, even more so when it comes to digital goods. However, with AI and machine learning at the forefront, fraud prevention is at a point where businesses and customers together might finally have an upper hand over fraudsters - and not a moment too soon. Image credits: https://ccbill.com/kb/account-takeover https://www.digitalcommerce360.com/2020/07/27/the-cost-of-fraud-is-up-7-for-us-merchants/ https://code.tutsplus.com/tutorials/so-you-want-to-accept-credit-cards-online--net-25457 https://www.meme-arsenal.com/en/create/meme/942433 https://giphy.com/gifs/the-matrix-neo-thomas-anderson-V2ojLo7PvhVug Want to sell your digital goods with confidence? Talk to our product experts today!