Fight Fraud With nSure.ai
Explore the AI-driven world of online payment fraud prevention and protection. Discover the future of anti-fraud solutions that significantly lower sellers' risk of online fraud, focusing on high-risk domains.
Third-Party Fraud: How to Prevent Fraudulent Transactions
A recent PwC Global Economic Crime Fraud Survey found that nearly half (46%) of organizations reported suffering from fraud, corruption, and other economic illicit activities. With the international economy becoming even more hyper-connected, digital fraud will only intensify. But what exactly is third-party fraud anyway? Put simply, this is when fraud is committed against a merchant or bank by an unknown or unrelated third party. Is this the cost of doing business for merchants of all sizes? No, it doesn't have to be. Common Types of Third-Party Fraud There are four main types of third-party fraud that would require the assistance of payment fraud prevention services! 1. Credit Card Fraud Hundreds of thousands of credit card fraud instances are reported every year, and these cases are rising consistently. While consumers are typically viewed as the main victims, merchants are always impacted, too, since chargebacks happen, leaving them saddled with a loss. Also, the instance of fraud originates at the merchant, which could damage the business reputation. 2. New Application Fraud New application fraud is escalating, which is when a fraudster applies for a new account in a new service or company using stolen or fake details. Because the fraudster is submitting an application to attain a new account, product, or service, they will eventually defraud the merchant by getting unlawful credit or prepaid debit cards, loans, or other similar things. While this undoubteduly affects consumers, merchants will usually have to deal with the repercussions of refunding the affected party while also losing out on the product stolen by fraudsters. 3. Account Takeover Fraud This criminal activity includes criminals obtaining control of a victim's account. The act can result in permanent damage to the targeted client because culprits will have access to PINs, account settings, and even the ability to permit unauthorized withdrawals. The measure can also trigger broader consequences since accessing a victim's account could allow the culprit to access to accounts for investments, social media, online shopping, utilities, and other pertinent services. Additionally, many regulations require online businesses to install the necessary protections for their customers. If they fail to do, and the consumers are affected because of it, the business will be held liable. 4. False Identity Fraud Also known as synthetic identity creation, producing a fake identity can still impact businesses and consumers since it requires components of a real identity to commit third-party fraud, such as submitting a loan application or applying for a credit card. How Third-Party Fraud Works On the merchant side of third-party fraud, the unscrupulous individuals or organized criminals will use stolen identities and personal information to make purchases of products or services offered by retailers. This is significantly harmful for the company for many reasons: When the victim and the bank realize the fraudulent activity, the business will experience chargebacks.The store's bottom line will take a hit because now the revenue has been eliminated or products have been lost.Merchant reputation could take a nosedive since it might be made aware that it accepted fraudulent payments, which could even lead to large fines or blacklisting. How to Prevent Third-Party Fraud Is it a futile endeavor to defend against third-party fraud? If you intend on doing what most companies do (adding hoops or "friction" that your customers have to jump through in the form of geo-locking, multi-step KYC authentication, waiting times for account activation, and limited orders), then yes. Sophistocated fraudsters will circumvent these steps entirely while legitimate customers will be chased away. Instead, there are many fraud prevention mechanisms you can employ that don't add friction to ensure that fraud doesn't not decimate your business. Prevention Tools Believe it or not, there are many automated tools to prevent third-party fraud. In today's hyper-advanced marketplace, merchants are not required to comb through every transaction. Instead, they can rely on artificial intelligence-driven mechanisms that can automatically spot dubious payments. A Plan From the Fraud Manager The value that is derived from a fraud protection team is instrumental in preventing any type of third-party fraud. Through a series of key performance indicators (KPIs) and critical measures, any merchant can avoid being the victim of fraud. But what would be a KPI? One such formula is the percentage of new visitors that were onboarded rather than rejected within a pre-determined time frame, which is then multiplied by their lifetime value. Essentially, this calculates a fraud manager and his or her system's performance on the company's bottom line. Or, in other words, how much the firm could have lost but did not because of the fraud prevention efforts. How to Get Ahead of Third-Party Fraud Now, is there any tool or strategy that fraud managers can employ to stay ahead of third-party fraud? Indeed there are various measures that can be integrated into your fraud prevention campaign. Tokenization Tokenization substitutes credit card details with a special identifier. This makes sure that sensitive information is not stored on a merchant's computer. Security experts purport that this significantly mitigates identity theft, payment fraud, and phishing threats. Real-Time Fraud Prevention Software Another aspect of getting ahead of third-party fraud is to take advantage of real-time fraud prevention software since they contain a suite of tools that can enhance your security campaign. With nSure.ai, you can rest assured that our software will use intelligent machine learning tactics to identify repeat behaviors that are indicative of fraud to stop fraudsters in their tracks while still achieving no less than a 98% success rate for legitimate transactions.
Crypto exchange5 Ways to Protect Your Crypto Exchange From Automated Bot AttacksAn automated bot attack is a type of large-scale digital operation in which web requests from various devices (bots forming a botnet) are used to perform an attack. These attacks can target a business's website, backend, or users. These bots form part of a botnet created by infecting networks of devices with malware, putting them under control by a bot herder. These compromised networks are then used to launch attacks with predefined actions that harvest user credentials, crash websites or networks, and disrupt the online business in some way for financial gain. Crypto exchanges are especially vulnerable to these attacks because they use new technologies that often have security holes or are visited by many users that want to remain anonymous, allowing fraudsters using bots to blend in with the crowd. » Is your online platform vulnerable? Discover why fraudsters target digital goods How Do Automated Bot Attacks Work? Once the botnet gains control over a group of connected devices. Fraudsters then use these botnets to perform the following types of automated bot attacks: 1. Phishing Attacks Phishing attacks exploit social engineering methodologies to persuade people to share their personal information or login credentials. Usually, fraudsters pretend to be a trusted and legitimate source (such as the crypto exchange) and fool people into performing a desired action like following a malicious link or replying to the email with the desired information. 2. Denial-of-Service Attacks A distributed denial-of-service (DDoS) attack involves using bots to crash a server by overloading it with web traffic. This method is used by fraudsters to disrupt website functioning and to launch additional botnet attacks whilst servers are compromised. Crypto exchanges often see high levels of traffic and will only notice a DDoS attack when it's too late. 3. Brute Force Attacks Brute force attacks are based on trial-and-error principles. Cybercriminals will guess users' login information or reuse previously compromised user credentials and attempt username and password combinations in quick succession to "force" entry into private accounts. Modern brute force attacks are intelligently executed to blend into the crowd of normal user login attempts. » What impact do bots have on your business? Discover how bad bots harm fintech companies How to Protect Your Crypto Exchange from Bot Attacks Every crypto exchange should be protecting its users from the threat posed by online fraudsters. Below are the some common methods crypto exchanges use to protect themselves and their users from bot attacks, ranked worst to best (skip to point 5 for the best solution). 1. Block Old User-Agents and Browsers By blocking older browser versions from your crypto exchange, you'll make it harder for less-sophisticated bots to target your site, but also harder for users with older devices and software as well (which chases away revenue). Some exchanges do this because many bot scripts make use of these outdated credentials and browser versions. A good fraud prevention solution will monitor old browser user agents and versions as part of its real-time functionalities. 2. Block Data Center IP Addresses Less advanced bot attacks tend to make use of proxy servers that have already been used in previous attacks. Blocking data center IP addresses with a known history of fraudulent activity is an easy way to reduce cybercrime on your crypto exchange, but you may also be blocking legitimate users with those IP addresses too. Again, it’s better to use a fraud prevention platform that doesn’t blanket block and drive away potential revenue. 3. Use Multi-Factor Authentication Introducing multi-factor authentication is a great way to secure your crypto exchange against future attacks. Users logging into your exchange will require a username, password, and an additional one-time password (OTP) that is sent in real-time to the user's smartphone to provide an extra layer of protection during the login process. This does add some friction to the user experience. 4. Secure APIs & Trading Bots Securing APIs from hackers stops them from accessing trades directly. Creating a secret API key adds an added layer of protection to prevent fraudsters from gaining access to your exchange. For even greater protection, delete API keys once you have stopped using a particular trading bot. As well as securing APIs, it's also important to secure your trading bots. Choose a reliable and secure trading bot with robust security features designed to protect your data. Signs of a good trading bot include private user keys, encryption, and segregated data storage. 5. Use AI Models to Monitor Traffic Using AI models to monitor user behavior across the site intelligently implements the best of the above methods while eliminating user friction. Every crypto exchange should be monitored for traffic spikes, suspicious traffic sources, unusual bounce rates, and overall site performance. Spikes in traffic or bounce rates that occur over a short period of time for no apparent reason indicate a potential bot attack. Looking out for changes to site performance or unusual shutdowns can indicate an influx of bot-related traffic. Once suspicious activity is detected, then it can be stopped or challenged with the above methods, allowing legitimate users to continue using the exchange without any friction. » Can payment fraud be prevented in crypto? Discover the regulations and tools that help prevent crypto fraud Secure Your Crypto Exchange The best way to secure your crypto exchange against automated bot attacks is not to use indiscriminate blocking tactics that will filter out legitimate customers, but to use a fraud prevention solution that intelligently monitors all site traffic and differentiates between bot activity and legitimate user activity. nSure.ai is a holistic fraud prevention solution that uses machine learning models to provide crypto exchanges with peace of mind. Humans can't react in time to notice or stop carefully crafted automated bot attacks, but nSure.ai lifts the load off of the anti-fraud team by catching even the most advanced fraud activity.
Fraud protectionDeepfake Financial Fraud: How FinTechs Deal With Increasing Deepfake ScamsDeepfake technology is a form of AI that uses deep learning algorithms to learn how to solve problems using large data in order to create convincing fake media. Most commonly, deepfake technology is used to swap faces into digital content for the purposes of fraud. Deepfake technologies make use of deep neural networks to employ face-swapping techniques that can map one person's image onto another person. But how does this work? Fraudsters take a collection of video clips of the target person and run them through an autoencoder. The autoencoder analyzes the video clips to generate an image of the target from a range of different angles. This image is then rendered onto another person, allowing them to gain access to the target's accounts. Deepfake technology is becoming more sophisticated and machine learning Generative Adversarial Networks, or GANs, are making it easier for fraudsters to bypass deepfake decoders by improving the flaws in their images. As a result of improving technology, deepfake fraud is now a growing threat to the cybersecurity of fintech and digital goods companies. Deepfakes facilitate identity fraud through large-scale phishing and BEC attacks. Over time, this has the potential to do real damage to an organization's reputation and the security of employee data. How Deepfake Technology Can Be Used for Financial Fraud Deepfake technology is now being used to facilitate financial fraud in a number of different ways. Everything from identity theft to large-scale cyberattacks and the spreading of misinformation are propped up by deepfake technology. Let's take a look at some of the ways deepfake technology can be used for financial fraud. Ghost Fraud Ghost fraud is a type of scam in which a criminal steals the personal data of a deceased person for the purpose of financial fraud. These fraudsters steal a deceased person's identity to gain access to their online services and accounts or even take out credit cards and loans in their name. New Account Fraud New account fraud involves using a fake or stolen identity to open a new bank account. Using these fake or stolen identities, fraudsters open accounts to take out loans or max out credit cards without ever paying back the money. Synthetic Identity Fraud Synthetic identity fraud involves creating a fake identity based on the information and identities of multiple people. By pooling the information of multiple people, fraudsters make their activities harder to track down. Criminals then use this data to issue large transactions and credit applications. How FinTechs Usually Deal With Deepfake Financial Fraud In order to deal with deepfake financial fraud, FinTechs implement payment fraud protection strategies and anti-spoofing technologies. Biometrics is one of the most effective ways to deal with deepfake financial fraud. Biometric technologies help to prevent payment fraud in crypto and financial services by providing organizations with a secure way to authenticate online users using biometric face verification tools that allow users to verify their face against an official image (a passport or ID card, for example). Another method used by FinTechs to deal with deepfakes is liveness detection, a technology that can identify artificial representations like deepfakes. This technology can be implemented when onboarding new clients to prevent fraudsters from setting up accounts under false identities or attempting fraudulent logins to existing user accounts. Whether using biometric checks, liveness detection technology, or simple manual checks, there are some tell-tale signs that can help organizations detect deepfake financial fraud. Key indicators that an image or video may be a deepfake include: Variations in skin toneVariations in lighting Jerky movementsUnnatural motions (e.g. blinking strangely or not at all)Out of sync speech-to-lip movements A Better Way to Detect Deepfake Financial Fraud Relying on manual checks alone is a pretty risky approach to dealing with deepfake scams. Luckily, anti-deepfake technologies are becoming more advanced. The best way to counter financial fraud is to implement a robust security procedure using a fraud prevention platform like nSure.ai, an advanced fraud detection and prevention platform designed to protect merchants of digital goods and high-risk digital domains by using tailored auto-ML models that collect and analyze real-time data, providing real-time anomaly detection, advanced behavioral analytics, and ancillary feedback loops. Schedule a demo today.
Fraud protectionHow to Detect and Prevent Online Gaming FraudFraud has been increasing steadily with the rise of online gaming. Any online platform is a potential target for fraud, and managers should be aware of the risks involved. Gaming is especially vulnerable due to low-security payment systems, poor communication, and easily stolen user-tradeable items. Furthermore, user accounts are often poorly protected and at risk of credential stuffing attacks. The number of people using online gaming platforms is enormous. In a recent study, researchers found that 67% of adults and 76% of kids younger than 18 in the U.S. play video games—that's hundreds of millions of people in one country alone. It's simple for anyone to pick up their smartphone and download a game, and it's just as simple for fraudsters to target them. Online Gaming Fraud Trends Below are some common online gaming fraud techniques to look out for. While some of these primarily affect the user and not the platform, fraud managers should nevertheless be aware of them. Credit card fraud. Stolen credit cards are the most common ingredients used in online fraud. Card Not Present (CNP) fraud and card-testing fraud occur when a fraudster attempts to purchase something like in-game currency with a stolen card, steadily increasing amounts to test detection limits. Chargebacks hurt a platform's standing with financial institutions.Multiple accounts. Credential stuffing means using information from data breaches to attempt to break into accounts on another platform. Many people use the same password for all their accounts, making it easy for a fraudster to mass input account details and collect compromised accounts. These accounts can then be sold, used to exploit the game, and more.Phishing. A fraudster creates a fake website which mimics a legitimate one, then tries to deceive a user into entering their account and payment details. Phishing has become more sophisticated over the years, and many users don't know they've been defrauded until it's too late. The fraudster can then use the stolen credentials to perpetuate gaming payment fraud.Exploiting promotions. Promotions, sales, and other bonuses incentivize users to perform certain actions. Gaming platforms must be careful to block individuals with multiple accounts from compounding benefits.Viruses. Fraudsters can advertise "tools" that claim to increase in-game currency, give free items, or provide some other in-game advantage. These tools are usually viruses that don't deliver the promised benefits, and even legitimate tools can exploit the gaming platform.Item and currency trading fraud. Users may trade in-game currency and items on third-party websites outside the gaming platform's control. Such trading and gambling platforms are often unsecured, or outright scams. How to Avoid Online Gaming Fraud Be aware of how fraudsters operate and test for vulnerabilities—prevention is always better than a cure. Unfortunately, avoiding online gaming fraud completely is impossible. Fraudsters actively work to find new and improved methods of exploiting systems. A gaming platform must learn to react quickly to any detected fraud and prevent it from snowballing. The most effective way to reduce online gaming fraud on your platform is to use a fraud protection platform like nSure.ai. Such platforms use advanced machine learning techniques to detect and stop fraud almost in real time. nSure.ai is a much more effective solution than traditional methods, which can increase customer friction. Friction makes it harder for legitimate users to access the platform, which risks chasing them away and losing sales. Useful Tips for Detecting Online Gaming Fraud If any fraud gets out of hand, users quickly lose trust in a platform. Therefore, it's essential to detect fraud and shut it down early, before it can spread and affect more users. Payment fraud detection software. Machine learning works faster and processes more than any human can, allowing payment fraud to be detected around the clock and in real time.Communication. Better communication with users allows the gaming platform to notify them of possible fraud attempts on their accounts. Stealing an account is usually a lengthy process, so detecting possible fraud and alerting the relevant user is a crucial first step to nipping it in the bud.Analytics and metrics. Using monitoring tools to see which user accounts are behaving suspiciously (suddenly winning a lot, having an abnormally high amount of in-game items, etc.) can go a long way in the early detection of fraudulent or compromised accounts.
Fraud protectionBreaking the Myth: Payment Fraud Prevention in Crypto Isn’t as Hard as You ThinkLet’s make one thing clear: Payment fraud in the crypto space is a serious problem - no doubt about it. From a digital merchant’s POV, on-ramp transactions are problematic because of the nature of cryptocurrencies. They are high-risk digital assets as payments usually don’t come with regulatory protection if something goes wrong, aren’t reversible, and offer a high level of privacy. Hence, they represent a fertile ground for fraudsters to do their thing. As weird as it sounds, crypto has it good compared to other, more traditional payment transactions - namely prepaid debit cards (more on that later on). Payment fraud prevention in the crypto space isn't as complex as many industry players are led to believe. In this post, I’ll explain why and present what can be done to mitigate this issue. Let’s get to it. To begin with, it is important to realize that: 1. Crypto Payments Aren’t Anonymous - They’re Private Cryptocurrency transactions are permanent and public, meaning there is some form of digital trail. When creating a crypto wallet, an alphanumeric address is generated, allowing the user to send or receive crypto. That address is visible to everyone on the blockchain, enabling the user to conduct transactions under a pseudonymous identity (as opposed to an anonymous one). Why is this significant? Because financial forensics on a given public address can be traced back to a real-world identity. 2. Prepaid Debit Card Fraud Is a Far Bigger Problem While crypto is an attractive proposition for fraudsters, there is an even easier option in prepaid debit cards. In this case, a fraudster either buys a prepaid debit card with stolen payment information or uses a stolen card to make a purchase. In short, there are three key reasons why fraudsters find this type of fraud more attractive, and therefore will more likely opt for it: A prepaid debit card isn’t “just” private, it’s completely anonymous. It isn’t connected to a specific identity or banking account, making it easy for fraudsters to leverage it for simple financial fraud and money laundering.It’s completely liquid and basically the same as cash as it can be used at an ATM, offering easy conversion of digital payment into cash. You can basically use it any way a credit card can be used.The regulation typically doesn’t cover basic fraud protections for transactions under $10,000 and unregistered cards that don’t hold personal information such as a Social Security number. If we compare all of this to cryptocurrencies, you’ll see that converting them to fiat is not easy. Where it exists, regulation tends to differ from country to country, and in some instances, from bank to bank. Crypto-friendly countries such as Portugal and El Salvador have banks and services that make the process easy but, generally speaking, there is a lot of paperwork involved. As crypto exchanges become progressively regulated, the registration process becomes more inconvenient, requiring users to provide all sorts of KYC documentation, origins of funds, transaction history, contract, proof that they are a miner, and so on. Even when a crypto exchange is willing to part ways with its fiat, there’s the matter of user experience. Cashing out fees can be high (significantly higher than for buying crypto) and there can be all sorts of problems with withdrawal such as delays, sudden exchange rate swings, or in more extreme cases - loss of funds due to improper form filling. The bottom line is that while technical capabilities are present, the entire process is very cumbersome and not quite user-friendly. 3. Prevention Tools Are Already Fighting Crypto Fraud Successfully The rise in frequency and the volume of digital transactions, coupled with constant changes in technology means businesses are not always fully equipped to prevent fraud. At a fundamental level, most fraud attempts are a variation of existing methods. Chargeback fraud is pretty much the same. Social engineering fraud has been around for years with essentially the same “catch”. A great deal of these fraudulent activities can be nipped in the bud with already existing tools that link customer data to cryptocurrency transaction histories. There are platforms that specialize in digital goods fraud protection and can help automate and simplify KYC processes so businesses can learn more about their customers. Thanks to an AI-driven approach, they can make accurate decisions in real time, all the while striking the optimal balance between a healthy fraud rate and a smooth customer experience. As a result, online merchants can uncover high-risk customers, remain AML compliant, and avoid the stigma associated with crypto money laundering. Bottom Line, This Is a Problem That Can Be Solved Crypto payments are in full swing as the number of use cases for cryptocurrencies keeps growing. But as much as the promise of fast, easy payments with typically lower fees continues to intrigue consumers, so it will attract more bad actors and consequently, more fraud. Sure, fraudsters are relentless in coming up with novel ways to bypass security and exploit vulnerabilities, but technology is keeping up. Through training, algorithms continuously take feedback from humans and learn to become more accurate with time. The key is to move swiftly and adopt these new standards so that there is tangible protection from predatory exploits. After all, many digital merchants fail to realize that the collateral damage of digital payment fraud goes beyond the initial financial hit. Lost revenue is reflected through the entire lifetime value of a customer, plus all the damage your brand reputation and loyalty take as they become associated with fraud. To come out on top and grow revenue instead of losing it, it’s a good idea to focus on adapting a safety strategy - one that emphasizes blocking fraud while streamlining the user experience.
Fraud protectionFraud Should Not Be Accepted as Part of the “Cost of Doing Business”I’ll be the first to admit that dealing with digital goods fraud, especially payment fraud, is taxing. It can be a crippling blow to your business. I would know, as me and my business partner Ziv experienced this firsthand. Some years ago, we lived the nightmare of having 40% of our sales being fraudulent within the very first week of running our own online gift card business. Perhaps even worse was the feeling of being powerless to stop it. If we hadn’t developed a way to address the growing fraud levels (the foundation from which nSure.ai was born), eventually, we would have had to shut down our business. It was that big of a problem. Unfortunately, for many merchants, it still is. The very nature of high-risk digital goods makes them a fertile ground for fraud. Digital gift cards, top-up and prepaid cards, software and game keys - all of these present an attractive target to fraudsters. These can be easily penetrated as they are delivered immediately, and fraudsters can quickly resell them. Merchants don't have the time (or luxury) to vet each payment before a product is shipped, as opposed to when a physical shipment is involved. As a result, fraud happens swiftly and silently. In turn, many digital goods merchants are leaving a lot of money on the table out of fear. They see it as the "cost of doing business", as something that simply comes with the territory. Sometimes the Cure Can Be Worse Than the Disease As overwhelming as fraud can be in the digital goods space, some merchants make the wrong moves. In fact, the measures they put in place end up being equally or more damaging. How? Because a lot of money is lost through inadequate fraud prevention, not just through direct fraud. By inadequate fraud prevention, I mean frequent examples such as: Blocking all IP addresses except their country’sAccepting only credit cards from “safe” geos such as the US and EUImplementing a ‘register today, buy tomorrow’ policyAdding friction to the buying experience by introducing unnecessary unfriendly interface elements such as captcha There’s a lot to digest here. This isn’t 2010. As a digital goods merchant, you can no longer afford to just blacklist certain geos and hope the problem goes away. Yes, some areas really do carry higher rates of fraud. And yes, you will probably catch a few beginners, lazy fraudsters in the act - but that’s it. Not just that, fraud has advanced to highly sophisticated levels and nowadays comes in many forms. IP blocking is old news and there is no shortage of ways to circumvent it, from using a proxy server to VPNs, P2P anonymizers, and more. The principle is the same when you whitelist credit cards from specific countries and/or regions. Once again, the idea is good in theory: accepting online transactions on a global level exposes merchants to CNP (card-not-present) fraud, creating new risks. On the surface, whitelisting certain credit cards provides a smoother experience for returning customers and saves merchants the effort of reviewing orders for fraud. In reality, this is simultaneously creating a massive problem: false positives, wrongly identifying legitimate customers as potential fraudsters. Just how massive are we talking about here? Well, our own research showed that in the first half of 2021, out of over 10 million transactions worth almost $400 million in value, 4 out of 5 declined payments came from real customers. Considering that the industry standard decline rate fluctuates between 15% and 20%, only 4% of the total declined transactions were actual fraud. The rest - lost revenue from both existing and potential new customers. Also, one of the more “optimistic” forecasts shows that by the end of the year, the loss of revenue from false positives will be almost half a trillion dollars. To make matters worse, policies such as ‘register today, buy tomorrow’ add unnecessary friction to the buying experience. Be honest - would you buy from a shop where you had to wait half a day/day to purchase something? With digital goods, where expected delivery is immediate, you likely wouldn’t. Some merchants aren’t even aware of the damage they are doing with their fraud protection strategy. Unless they closely examine each transaction, they can’t know if what they blocked was legit or not. That scope of manual review is neither cost-friendly or scalable. To say that they don’t care would be detached. I’m certain they simply don’t know better. Still, the fact is that most merchants flat out drive away honest customers by default because it’s the "cost of doing business". They got used to it, but all they really do is create friction, lose money, and fail to fully protect themselves. It’s Important to Act Fast and Proactively I firmly believe that digital payment fraud isn’t and shouldn’t be the online merchant’s problem. Compared to their peers who sell physical goods, digital goods merchants are in an unfavorable position. Still, they should know better. They need to if they want to survive the harsh reality. Too many digital goods merchants haven’t updated their fraud protection methods to properly address cybercrime. They’re just masking reality and essentially, paying a hidden tax of sorts by sacrificing a lot of potential sales in the name of fraud protection. There is no time to wait for financial regulation. There is no time to wait and hope things sort out by themselves. That won’t happen anytime soon. Things are going to get a lot worse before they get better. What will happen is rejecting all the good, genuine customers will result in losing them to a huge global ecosystem of competitors, primarily Amazon. It shouldn’t be this way, especially when digital retailers can protect themselves with AI-driven real-time fraud protection. Thanks to advancements in AI, sophisticated tools can cross-reference and validate databases, examine behavior patterns, and more to that accurately separates digital fraud from legitimate customers. In times like these, keeping up with fraudsters without hurting the customer experience is becoming ever so vital for digital retailers - more than ever before. Image credit: https://www.maxpixel.net/Computer-Card-Fraud-Credit-Code-Cyber-Hack-Crime-6077545
Fraud protectionShould Digital Fraud Really Be the Merchant’s Problem?The entire concept of liability, with respect to digital fraud, seems to have happened by mistake. My claim? Online merchants shouldn’t incur (all) the cost. This complete plot (in which the digital merchants are the unwilling martyrs) traces back to the 1950s and the introduction of credit cards (and the system of credit cards). Before credit cards were accepted, there was one way to exchange payments for a product or service- cash. Not so long ago, a person walking into a store to purchase furniture for an entire house, with a stuffed envelope of money, wasn't a reason to alert the authorities about a potential gangster in the house. So, when a piece of plastic was first introduced, around 7 decades ago, card issuers had trouble convincing merchants about its legitimacy. The merchants weren’t paranoid. They indeed had a lot to lose. It was the unofficial beginning of modern payment fraud as we know it today. Plastic but Not Fantastic Simply put, merchants didn’t believe that a resulting sales slip they would get after a purchase was the same as cash. So most refused to accept it as a valid payment method. In turn, consumers were hesitant to switch to the new payment method. 1959 American Express Credit Card Then, credit card issuers realized that if their concept was to work, they would have to provide guarantees for consumers and merchants. In order to claim that their piece of plastic is as valid as a banknote, they had to be financially regulated and guarantee purchases with credit cards for both sides. And so, they became associated with banks. The move eventually worked, ensuring rapid adoption and growth in the 60s. However, soon another problem arose. Before computer networking, the entire credit card system in the USA was very complicated. Every time a consumer wanted to pay with his Diners, American Express, or any other card, the merchant would have to pick up the phone and call their bank. The bank then had to call the credit card company, where an employee had to manually look up the customer's name and credit balance. The inconvenient nature of this procedure meant merchants would often skip some or all of the required steps and simply assume the risk. In many cases, they accepted charges for smaller transactions. They also accepted purchases from known and trusted customers via phone, without verifying them first. This reality led to new procedures and card not present (CNP) transactions were born. For merchants, phone purchases were a great idea because they sped up the buyer experience and provided more convenience. All the customer had to do was provide their credit card number and make the pickup at the store. But credit card companies refused to cover these types of transactions. Because it was difficult for a merchant to verify that the actual cardholder is indeed authorizing a purchase, the transaction was susceptible to fraud. As such, the issuer of the card was liable for compensation, and they simply didn’t want to take that risk. So, protecting their customers and themselves on CNP transactions became the merchant’s responsibility, one they carry to this day. New Way of Shopping, Old Problems The advent of eCommerce only amplified this issue. Online transactions were grouped into CNP transactions because at their core, they were the same as phone purchases. The merchant had no way of identifying the buyer and couldn’t guarantee it was a legitimate purchase. When online shopping emerged in the mid-90s, no one envisioned it would become the $5 trillion market it is today. No one gave a serious thought about the potential implications of CNP transactions down the line and how they might hurt online merchants. Credit card companies took the easy way out and created a huge problem that is digital fraud, particularly in the digital goods space. About 15% of online transactions are declined on a regular basis. A third of those get declined by online merchants for legitimate reasons, meaning someone didn't type the number correctly, misspelled their name, didn't put the correct CVV code, or there weren’t enough funds available. These mistakes happen, so let’s say merchants are right to reject these transactions. But what about the rest? Well, 10% of online transactions are declined due to the card issuer's risk evaluation without any information regarding the reason for rejection. In other words, card issuers deem the risk of the transaction being fraudulent too high and provide a ‘Do Not Honor’ code. DNH code happens all the time because credit card companies don't know for sure the nature of the transaction. They want to offer the best possible service and protect their customers, but the lack of data to make an accurate decision means it’s easier for them to not approve it in the first place. This puts the merchants in an unfavorable position because they are at risk of crossing the chargeback “safe zone”. As such, they can receive fines from payment networks for every transaction labeled as fraud and even get blacklisted from accepting online payments altogether. The truly insane thing is that the loss of revenue from false positives will be close to half a trillion dollars by the end of 2021. The fraud problem likely would have never escalated to this level if someone who understands risk management was responsible for it. But since that wasn’t the case, now we have an anomaly where merchants are not responsible for their brick-and-mortar transactions but are responsible for their digital counterparts. Why Digital Goods Merchants Have It Worst In all of this, merchants who deal in digital goods such as gift cards retailers and prepay vendors are at the short end of the stick. You see, payment processors have realized there is money to be made on fraud protection for merchants, so they started marketing their services accordingly. For instance, PayPal literally calls its policy ‘Seller Protection for Merchants’ that aims to protect transactions from chargebacks, reversals, and associated fees. The problem here is that all of the above is true for physical goods. Digital goods - not so much. It’s because payment processors can’t cope with the level of digital goods fraud, as simple as that. Here is what bugs me. The concept of seller protection was one of the key selling points for PayPal, and arguably one of the major reasons why it’s one of the most popular payment processing companies. Accepting payment online with no liability is a huge boon for businesses, but it’s marketed in a way that ignores an entire segment of digital goods merchants who are left behind, essentially. From a business standpoint, companies such as PayPal cannot afford to be conceived as not safe enough, which is why it’s easier for them to sometimes just block merchants if the risk is too high. That’s not something they want to tangle with. Reputation is extremely important in this industry, and because there is no regulation forcing payment processors to do something about it, they take the path of least resistance. PayPal is making some steps toward digital goods protection but, in my opinion, it still has a long way to go (it’s a story for another time). And so, digital goods merchants are left to fight payment fraud on their own, trying to solve one key challenge: how to improve security without adding too much friction to the buying process and compromising customer experience. Unfortunately, many digital goods businesses fall short. Regulation to the Rescue It’s a sad state of affairs where borderless eCommerce is a profitable option for some merchants but less for others just because of the nature of the goods they sell. I believe payment fraud shouldn’t be the online merchant’s problem. They currently have a huge problem on their hands, and they’re limited in what they can do to eradicate it. It’s my belief that eventually, this is going to become an issue for either the banks (issuing and acquiring banks that are the entities that run the credit card networks) or insurance companies that insure merchants. And the solution is not going to come out of their own volition. The competitiveness of the market has already proven it’s not a strong enough reason. The solution is likely going to be because of regulation. Someone who understands financial risk management will recognize the magnitude of the problem and make concrete moves. Whether that happens 10 or 20 years down the line, it’s bound to happen because the fraud problem in digital transactions is getting worse by the year. There is already movement with PSD2 (Second Payments Services Directive), a European regulation for electronic payment services that mandates stronger security requirements for online transactions, but also recognizes and regulates third-party involvement. The implementation of PSD2 is expected to motivate the issuing banks liable by this regulation to rehaul their business models. At the moment, they simply don't have enough data to provide accurate enough decisions, so the regulation will have to evolve further in order to actually solve the problem. The good news is that we're seeing the first steps taken in regards to where the banks need to be in this equation. There are still all sorts of loopholes and delegated authority that allow banks to avoid the risk, but the process has been put in motion, and that’s what counts. What Can Digital Merchants Do? Until proper regulation is implemented, online merchants can protect themselves by relying on this one thing Predictive Artificial Intelligence. AI has the ability to differentiate all the nuances between fraudsters and genuine buyers, and make accurate, real-time decisions without interfering with customer experience. Because it’s able to continuously train and learn, it can keep up with whatever fraudsters are trying to pull off. Anything else will be a step back
Fraud protectionThe Collateral Damage of Digital Fraud (The Loss of Potential Shoppers)Digital goods merchants are yet to understand the full impact digital fraud has on their business, most notably the indirect impact on their bottom line. Generally speaking, businesses care far more about what they’re losing as opposed to what they’re gaining. While trying to take precautions to keep fraud at bay, they end up rejecting genuine customers, which results in one thing: Leaving a lot of money on the table. The problem is this: new potential clients being declined due to fraud measures means you are not only losing the value of the transaction at hand - you’re also losing out on their lifetime value (LTV). That one rejected transaction might have been a long-term, loyal customer. So, lost revenue is reflected through the entire lifetime value of a customer, plus all the damage your brand reputation and loyalty take on the way (which are harder to quantify but still have a significant impact). When you factor in all the above, the true cost of digital goods fraud becomes far higher than just declining transactions. As you’ll see below, the math is brutal and indicative of a greater problem - one that can be solved or at the very least, minimized. Let’s Break This Down Here’s the deal: About 15% of online transactions are declined regularly, just to be on the safe side. One-third of those declines are based on legitimate reasons, such as a customer typing the wrong CVV code, misspelling their name, not having enough funds on their card, and so on. Beyond those, 10 of every 100 transactions are declined simply because the card issuer deems them as too high of a risk of being fraudulent. This is the infamous ‘Do Not Honor’ code, where it’s easier to not approve the transaction in the first place due to the lack of data to make an accurate decision than it is to risk being duped. In fact, the 15% decline rate is a "standard" processor/issuer decline rate across eCommerce and online transactions. Now the bigger part of the problem emerges: digital goods merchants do a bit of their own declining. It amounts up to 15% of the remaining 85% that are “generously” left after card issuers do their thing. This puts you in a bind as you risk crossing the chargeback “safe zone” and receive fines from payment networks for every transaction labeled as fraud - even get blacklisted from accepting online payments altogether. Now get this: 4 out of 5 declined payments come from real, legitimate customers. To make matters worse, 72% of these declines are new customers. We are seeing more points of friction than at any time in history right now, which are detrimental to the customer’s relationship with the merchant. Make no mistake - we’re talking about money that will be spent elsewhere, where the shopping experience is smoother and frictionless. The primary suspect is Amazon, which represented 43.5% of digital spending in the U.S. in 2021, up from. 41.8% in 2020. Additionally, the web giant accounted for 55.4% of all gains in U.S. eCommerce in 2021, according to Digital Commerce 360. Unless you're a major retailer like Walmart or Target, that’s the one company you don’t want to compete with. How Much Money Are We Talking About, Exactly? To provide you with the best possible picture of how much false declines are costing you, we offer a quick glimpse into our proprietary data. In 2021, for the gaming and digital gifting segments, the average order value was $29. Considering that the average number of transactions per returning customer is three, this puts the LTV of a digital goods customer at $87 per year. On average, our data shows you lose around 11% (!!) of revenue per month from new legit customers that are declined. For practical purposes, let’s say a business has $10 million in yearly revenue. The loss they would suffer from false declines of new customers would amount to $1.1 million every year. Now insert your business’ number of average monthly transactions and do the math of how much you’re actually losing. Quite a figure, isn’t it? What’s Next? The inherent problems in existing payment processes and the ever-increasing fraud are putting digital merchants under a lot of pressure to approve and deny the transactions they want to. Do payment processors and regulators have a moral obligation to improve their defenses against digital fraud that drives harmful activities? Absolutely. But merchants literally can’t afford to wait for that to happen. As online shopping continues to grow, fraudsters keep trying to take advantage of these new opportunities and customer behavior. From non-sophisticated methods to advanced AI technologies that automate much of fraudulent activities, criminals can operate at scale with hundreds, even thousands of fake accounts. Therefore, finding ways to differentiate between genuine customers and bad actors easily and swiftly is essential. Your focus should be on the number of new people that can be onboarded instead of rejected. If your fraud prevention system works as it should, then there are fewer false declines, meaning you gain the lifetime value of new customers. Any fraud manager worth their salt should take the decline rate percentage of new shoppers in stride and work on decreasing it as much as they can. By focusing on gaining new shoppers that are already expressing a purchase intent instead of rejecting them just to be on the safe side, a direct impact on the bottom line is created. When it comes to immediate, yet long-term remedies, it doesn’t get any bigger than that. Note: Data in this post (unless stated otherwise) is brought to you by nSure.ai, a predictive AI fraud protection company specifically tailored to the digital goods space that approves 98% of transactions with a 100% chargeback guarantee. Image credits: https://pxhere.com/en/photo/1636749 https://pxhere.com/en/photo/484054
Fraud protectionThe A to Z of Payment Fraud ProtectionAs unfortunate as it is, payment fraud is a common element of online activities. In fact, it’s an all too common element as a new study shows that merchant losses to online payment fraud will exceed $206 billion in total between 2021 and 2025. Fraud is evolving as fraudsters are constantly finding new ways to take advantage of the expanding digital market. Whether you're a new player or an industry veteran, getting up to speed on how your business can be hurt and protected is critical. Below, we explain different terms and concepts in payment fraud protection so you can learn more about this evolving space, draw a hard line between your acceptance and fraud rates, and make sure you know what type of protection you need. 3D Secure A security protocol that offers an additional layer of security for online credit and debit card transactions. The name refers to the three domains which interact using the protocol: merchant domain, card issuer domain, and network domain. Account Analysis of Transactions Refers to the hundreds of data points that are analyzed in real time, such as the age of the email used for account creation, provided phone number and its ability to receive calls, billing and shipping address, as well as third-party data. It’s important to note that account analysis is only one of the three key analysis points every fraud protection solution should have. See ‘Behavioral analysis of transactions’ and ‘Contextual analysis of transactions’ for more details. Account Takeover (Ato) A particularly dangerous form of fraud that is, essentially, identity theft. First, a fraudster uses automated bots to gain access to an account that has a credit card or other form of payment already authorized to make a purchase. Then, they alter certain account details (e.g. delivery address, email) to redirect the goods ordered by the rightful buyer to them. Authorization and Capture The two-step process that allows merchants to first authorize the cardholder's credit card to make sure it’s valid and that it has sufficient funds available for the transaction, then collect the funds at a later time. For digital goods, as opposed to physical goods where capture happens the moment goods are shipped, the process happens simultaneously, which means that the fraud analysis needs to be completed in real-time. It also means that digital goods represent a different and significantly harder challenge for online retailers when trying to protect against digital fraud. See ‘Delayed vs. immediate goods delivery’ for more details. Behavioral Analysis of Transactions Analyzes the overall market behavior trends, as well as the actions of the individual buyer and groups of buyers with similar or exact behavior by following their exact movement through the buyer journey to identify fraudulent behavior. Data that is analyzed includes time spent between entering the website and attempting checkout, if the buyer looked at different products and product variables such as size, price, and such, if they typed or copy/pasted their personal information, etc. For analysis of cohorts, data used includes groups that exhibit trending behavior together, specific products they browse and purchase, overall market trends when it comes to the age of payment methods, changes in geo distribution, and so on. Card Not Present (Cnp) Transactions Transactions in which the merchant has received the customer's payment information remotely such as online purchases, rather than having the physical card present. As such, these types of transactions have a greater risk for payment fraud. Card-Testing Fraud A type of payment fraud often found in eGaming where test purchases are made via a previously stolen credit card number. Purchases start in small amounts and rise incrementally, as soon as the fraudster realizes they can get away with bigger buys. Every purchase can become a chargeback filed by the credit card’s real owner. Chargeback A forced transaction reversal or a charge initiated by the cardholder’s issuing bank after a cardholder successfully disputes a purchase. Merchants usually incur a fee when a chargeback occurs. Fees vary from $20 to $100 and every dollar lost to chargeback fraud costs an estimated $3.36 due to operational and customer acquisition costs. Chargeback Protection A variety of techniques and technologies such as fraud protection tools that help safeguard merchants by reducing the risk from fraudulent chargebacks. Chargeback Safe Zone The acceptable percentage of transactions that are labeled as fraudulent within the payment processing cycle. A higher chargeback ratio determines the risk factor and ability to process payments. It’s widely accepted that merchants with a consistent fraud rate of 0.7% of all transactions are considered in the “safe zone”. However, the 0.7% rule of thumb is a designated safe zone from the payment network's perspective. As margins are very small and every transaction counts, we suggest 0.5% and below should be the upper limit for every merchant in order to avoid any kind of fines or worse, risk being blacklisted. Contextual Analysis of Transactions Analysis of context of each buyer attempting to make a purchase, against large data sets of proven legitimate and fraudulent purchases. Data includes the location from where the buyer is visiting (GEO), the browser being used, IP address, potential VPN usage, time of day and week, device fingerprinting, and so on. Dark Web Part of the internet that isn't visible to search engines and requires the use of specific anonymizing software to be accessed. Through the dark web, users can communicate and conduct business anonymously and privately, which makes it suitable for a wide range of criminal activities, including payment fraud. Decline Rate The rate at which payments from cards are dropped due to a variety of reasons such as lack of funds on the card, fraud prevention measures, merchant’s poor handling of payments, and so on. Our data-backed report has shown that the average decline rate in the digital gift card segment due to fraud prevention measures is 15%, while eGames and downloadable content have a higher average rate of declines at 20%. Deep Learning A subset of machine learning that simulates the way humans gain knowledge by learning from large amounts of data. To achieve this, deep learning uses a multi-layered structure of algorithms called neural networks which are based on the structure of the human brain Delayed vs. Immediate Goods Delivery Relates to the main difference between fraud protection for physical and digital goods merchants. Delayed delivery comes into play for physical goods retailers as their buyers expect to receive their product only following a certain amount of time to account for shipping times. On the other hand, digital goods merchants are expected to dispatch the goods immediately following the completion of the transaction. It’s important to note that a delayed delivery also happens in instances where merchants employ a large manual review team to analyze the transactions, which can lead to a subpar purchasing experience for buyers. Digital Goods Merchants Essentially websites and apps such as digital gift stores, travel agencies, ticket stores, gaming stores, and software companies that sell digital products that require no physical delivery. These merchants suffer from highly elevated fraud pressure as their products require immediate delivery and have a high resale value. False Declines/Positives Also commonly referred to in the industry as ‘insult rate’, these refer to Ttransactions from legitimate customers that were flagged as suspicious and rejected, in most cases due to the existing fraud protection solutions mistakenly labeling them as fraudulent purchases. Our numbers show that 4 out of 5 declined payments come from real, legitimate customers. To make matters worse, 72% of these declines are new customers, which makes fighting fraud with AI‑based fraud protection platforms an immediate priority. False Approvals/Negatives Transactions from actual fraudsters that the existing fraud protection system doesn’t detect and allows to make a purchase. Our extensive industry research found that the majority of AI/machine learning models can accurately approve only 85% of purchase attempts in the digital goods domain, out of which 84.5% represent legitimate customers, while 0.5% fall on fraudsters. The remaining 15% of the purchases are being rejected in order to be on the safe side. Friendly Fraud Fraud stemming from initially legitimate purchases. Once the buyer receives the product, they open a false dispute with their credit card issuer to reverse the payment on the grounds of supposed problems with the product or not having made the purchase at all. Liability Shifting The gold standard of fraud protection in which fraud protection vendors assume their clients’ fraud liabilities. The goal is not just to help merchants deal with the risk of fraud, but to completely remove it from their business. By assuming their clients’ liability, fraud protection vendors are essentially betting on the success of their product, which is based on an algorithm that can learn autonomously from massive quantities of data. At the same time, this algorithm has to be sophisticated enough to distinguish between genuine customers and all the nuances of fraud. Loyalty Fraud Also known as promotion fraud or promotion abuse where fraudsters, but also employees, partners, and legitimate customers try to game and abuse the system in various ways: by creating multiple accounts to gain access to additional promotions and earn more points, sell or transfer points to non-members, repeatedly return items after earning points, etc. Machine Learning A subset of artificial intelligence that represents the study of algorithms that can improve automatically through experience and by the use of data. In fraud protection, machine learning is used to analyze data (such as the context and actions the buyers took) at a high level of accuracy. Manual Review The process of evaluating the data of a specific transaction by trained specialists to further analyze if the purchase is fraudulent or not. The review process can consist of multiple emails sent to the submitted email address, phone call, requests for the buyer to send the review team some kind of verification of their identity, and other tactics. These are typically labeled as “challenges” within the fraud protection professionals. While employing a team of fraud detection experts may be effective to a point, the reality is that manual review is expensive and slow. For high-volume sales environments where immediate fulfillment is key, this generates a bad customer experience due to delayed delivery. Predictive AI Artificial intelligence supplemented with predictive analytics that leverages machine learning processes. It predicts outcomes using historical data. As a result, businesses can gain deeper insight into trends and patterns regarding their legitimate and fraudulent customers, and mitigate risk. Processor Decline The rejection of payment from the payment processor based on a number of reasons: from incorrect credit card numbers and CVVs, to lack of funds in the cardholder’s account - but also because of the risk of the transaction being fraudulent. Typically, about two-thirds of the declines happen due to the card issuer's risk evaluation. These carry no information regarding the reason for rejection, simply providing a ‘Do Not Honor’ code that means the card issuer is refusing to send an authorization token back to the payment system, thus failing to validate the transaction. PSD2 (Second Payments Services Directive) European regulation for electronic payment services. It mandates stronger security requirements for online transactions and also recognizes and regulates third-party providers to access or aggregate accounts and initiate payment services. Risk Scoring A fraud management approach that relies on obtaining and combining multiple risk scores that are calculated using rough data such as the age of the email address used for a purchase or geographic location of an IP address. The risk score is eventually used to suggest whether to accept or decline a certain transaction. The model of risk scoring lacks concrete decision-making regarding each transaction, which coupled with real-time analysis of various data points makes for a truly risk-free framework. Synthetic Fraud A complex and relatively new form of identity theft in which fraudsters build a fake identity using either real personally identifiable information (social security numbers, home addresses, phone numbers) or combining it with fake sets of information. Two-Factor Authentication (2FA) General term for an additional layer of security for online accounts in which users provide two different authentication factors to verify themselves. This typically includes either a security token such as a smartphone or a biometric factor like a fingerprint or facial scan. True Acceptance Rate The rate of buyers that attempt to make a purchase and are allowed to do so based on a complete analysis of friction points such as geo limitations to a website or app, forced account creation, two-step authentication, account creation declines, as well as PSD2/3DSecure and processor declines. True Payment Fraud Type of fraud in which a credit card is stolen and used to make a fraudulent purchase. The cardholder disputes the purchase, which results in their account being closed with a new account number and card being issued. Back to You It is crucial for you as a digital goods merchant to leverage up-to-date knowledge about payment fraud, as well as industry best practices, to continually upgrade the way you understand and combat payment fraud. Every day, fraudsters are getting more sophisticated - and so must you. We hope this glossary helps you boost your chances and prevail in this fight. Want to know how to translate the above into a fraud protection solution that helps you sell your digital goods with confidence (98% approval rate with 100% chargeback guarantee)? Talk to our fraud product experts today.
Fraud protectionFraud Manager, the Unsung Hero in the Fight Against Digital FraudThe value that a fraud protection team (and by proxy, the fraud manager) delivers is far different from any other team in the company because it’s perceived differently. A typical fraud team operates in a fairly gray and very tricky area. While they are measured by their impact on preventing and reducing overall fraud, they are not measured by the amount of revenue they contribute, and their impact on the bottom line. Essentially, their role is reduced to mere gatekeepers, overlooking their true value. It doesn’t help that every fraud decision has the potential to upset someone. Whether declining transactions or approving them, there is a looming decision that impacts bottom lines both directly (preventing loss) and indirectly (via the user experience of not declining a legit transaction, and reducing friction where needed). Alas, there is no award for good behavior here. If a fraud manager does everything well and does their job, there’s no applause. But if something goes wrong, they get reprimanded for subpar work. Their ongoing work to minimize fraud is rarely recognized the way it should be. The entire perception of the fraud team’s effect and role needs to be modified and measured accordingly. So, we’ve come up with a new KPI - one we hope will make everyone more effective and impactful in the fight against fraud. Why a Fraud Manager Should Be Glorified Here is the simple truth that often gets ignored: The diligent work of the fraud team translates to extra money for the company. As it happens, businesses care far more about what they’re losing as opposed to what they’re gaining. This is only natural. In psychology and behavioral economics, there is a name for this - loss aversion. Fraud managers are pressured to take extra precautions to keep fraud at bay, resulting in rejection of genuine customers, harming user experience, and leaving a lot of money on the table. Our point is this: Instead of the fraud manager being conceptually responsible for decreasing the amount of chargeback and fraud in general, they should just as much be held responsible for getting people in, so to speak. In other words: it’s about time we give them the credit for actually increasing the bottom line. Here’s what we have in mind. Introducing a New KPI: The Revenue of New Fraud Suspect Shoppers Gained For every business, one of the most important metrics is customer acquisition cost (CAC) because it helps calculate the overall value of a customer and the resulting ROI of an acquisition. Stating the obvious, right? What isn’t obvious is measuring the acceptance rate of new shoppers in spite fraud. By all accounts, it should be. For example, a digital goods merchant can have a cushy 0.2% chargeback rate and a decline rate of 15%, which is roughly the average decline rate in this segment. But when talking about the decline rate for new customers, the average is around 25%. That’s simply what happens. The tendency to decline new consumers is always higher than it is to decline their long-term peers - ones you have an LTV on, know transaction history of, and other data. So, imagine all the first-time buyers who recently snagged up a gift card, discounted coupon, and such, beyond the holiday season. Each and every one of them can become a loyal customer and even a brand advocate. Too many are getting declined. It’s time to invert the pyramid and measure this from the bottom up, calculating the impact of fraud manager’s performance on the bottom line through a “hidden” KPI: the revenue of new fraud suspect shoppers gained. How? We suggest the following formula: % of new visitors that were onboarded instead of rejected within a specific time frame * their lifetime value. Let’s say that just 5% of new customers are added on a monthly basis through the deeper discovery of the root causes of fraud: poor customer experience, inadequate fraud protection tools, inefficient merchant operations, or any other issue. Multiply that 5% with the customers’ lifetime value and voila - the narrative changes. It’s about how much money the company could have lost but didn't due to the aforementioned action. The fraud manager is actually impacting the company’s top line through a certain amount. Add the gross margin to the mix and you also get an understanding of how the bottom line is impacted. They literally bring money that is otherwise lost for absolutely no good reason. Where Is the Catch? There isn’t any. What we’re saying is an observation of industry peers who are privy to the inner workings of mid/large companies and their fight against payment fraud. A simple change can make a huge difference. Think about the way this shift in approach could improve the way employed fraud professionals perceive themselves. It would do wonders for their motivation and heighten their sense of belonging to a company that fully values their expertise. Too many businesses operate under the misconception that their anti-fraud initiatives are designed for one function alone: loss prevention. Cybersecurity is a team sport where everyone has to work together to keep up and stay afloat. Successful fraud management can’t happen without everyone - the fraud team, technology - playing a role in properly responding to fraud, not just detecting and preventing. We say this because the fraud team can’t do it alone. They need the right set of tools to improve their efficiency, something that will detect fraud quickly and accurately in real time. Artificial intelligence, in other words. It can reduce the time usually spent investigating each case and improve the accuracy by providing actionable insights to make a decision where it’s needed. This not only translates to less fraud but also to less customer friction. Now, this is a sensitive area due to technology’s power to be a game-changer - and a job changer too. While adequately trained AI models are effective at preventing fraudulent activity, the human touch is always going to be needed. There’s always going to be a need to still view the alerts and perform analysis to understand why a customer or transaction was flagged. Plus, someone needs to take care of training data availability and accuracy, as well as make sure that the right processes are adopted so that AI models can improve over time. By understanding this, the fraud team will have a clearer idea of how the AI model learns and works, and ultimately - helps diminish fraud. The reality is that a fraud manager is expected to act a certain way because they operate within the confines of fraud losses. They need to realize their true position within the system - as heroes who can save the day over and over again simply by thinking bigger. Image credits: https://www.quotemaster.org/loss+aversion#&gid=1&pid=3 https://pxhere.com/en/photo/1625828