Fraud should not be accepted as part of the "cost of doing business"
By Alex Zeltcer
I’ll be the first to admit that dealing with digital goods fraud, especially payment fraud, is taxing.
It can be a crippling blow to your business. I would know, as me and my business partner Ziv experienced this firsthand.
Some years ago, we lived the nightmare of having 40% of our sales being fraudulent within the very first week of running our own online gift card business. Perhaps even worse was the feeling of being powerless to stop it.
If we hadn’t developed a way to address the growing fraud levels (the foundation from which nSure.ai was born), eventually, we would have had to shut down our business. It was that big of a problem.
Unfortunately, for many merchants, it still is.
The very nature of high-risk digital goods makes them a fertile ground for fraud.
Digital gift cards, top-up and prepaid cards, software and game keys - all of these present an attractive target to fraudsters. These can be easily penetrated as they are delivered immediately, and fraudsters can quickly resell them. Merchants don't have the time (or luxury) to vet each payment before a product is shipped, as opposed to when a physical shipment is involved.
As a result, fraud happens swiftly and silently.
In turn, many digital goods merchants are leaving a lot of money on the table out of fear.
They see it as the "cost of doing business", as something that simply comes with the territory.
Sometimes the cure can be worse than the disease
As overwhelming as fraud can be in the digital goods space, some merchants make the wrong moves. In fact, the measures they put in place end up being equally or more damaging.
Because a lot of money is lost through inadequate fraud prevention, not just through direct fraud.
By inadequate fraud prevention, I mean frequent examples such as:
- Blocking all IP addresses except their country’s
- Accepting only credit cards from “safe” geos such as the US and EU
- Implementing a ‘register today, buy tomorrow’ policy
- Adding friction to the buying experience by introducing unnecessary unfriendly interface elements such as captcha
There’s a lot to digest here.
This isn’t 2010. As a digital goods merchant, you can no longer afford to just blacklist certain geos and hope the problem goes away.
Yes, some areas really do carry higher rates of fraud. And yes, you will probably catch a few beginners, lazy fraudsters in the act - but that’s it.
Not just that, fraud has advanced to highly sophisticated levels and nowadays comes in many forms.
IP blocking is old news and there is no shortage of ways to circumvent it, from using a proxy server to VPNs, P2P anonymizers, and more.
The principle is the same when you whitelist credit cards from specific countries and/or regions.
Once again, the idea is good in theory: accepting online transactions on a global level exposes merchants to CNP (card-not-present) fraud, creating new risks.
On the surface, whitelisting certain credit cards provides a smoother experience for returning customers and saves merchants the effort of reviewing orders for fraud.
In reality, this is simultaneously creating a massive problem: false positives, wrongly identifying legitimate customers as potential fraudsters.
Just how massive are we talking about here?
Well, our own research showed that in the first half of 2021, out of over 10 million transactions worth almost $400 million in value, 4 out of 5 declined payments came from real customers.
Considering that the industry standard decline rate fluctuates between 15% and 20%, only 4% of the total declined transactions were actual fraud. The rest - lost revenue from both existing and potential new customers.
Also, one of the more “optimistic” forecasts shows that by the end of the year, the loss of revenue from false positives will be almost half a trillion dollars.
To make matters worse, policies such as ‘register today, buy tomorrow’ add unnecessary friction to the buying experience.
Be honest - would you buy from a shop where you had to wait half a day/day to purchase something?
With digital goods, where expected delivery is immediate, you likely wouldn’t.
Some merchants aren’t even aware of the damage they are doing with their fraud protection strategy. Unless they closely examine each transaction, they can’t know if what they blocked was legit or not. That scope of manual review is neither cost-friendly or scalable.
To say that they don’t care would be detached. I’m certain they simply don’t know better.
Still, the fact is that most merchants flat out drive away honest customers by default because it’s the "cost of doing business".
They got used to it, but all they really do is create friction, lose money, and fail to fully protect themselves.
It’s important to act fast and proactively
I firmly believe that digital payment fraud isn’t and shouldn’t be the online merchant’s problem. Compared to their peers who sell physical goods, digital goods merchants are in an unfavorable position.
Still, they should know better. They need to if they want to survive the harsh reality.
Too many digital goods merchants haven’t updated their fraud protection methods to properly address cybercrime. They’re just masking reality and essentially, paying a hidden tax of sorts by sacrificing a lot of potential sales in the name of fraud protection.
There is no time to wait for financial regulation. There is no time to wait and hope things sort out by themselves. That won’t happen anytime soon. Things are going to get a lot worse before they get better.
What will happen is rejecting all the good, genuine customers will result in losing them to a huge global ecosystem of competitors, primarily Amazon.
It shouldn’t be this way, especially when digital retailers can protect themselves with AI-driven real-time fraud protection. Thanks to advancements in AI, sophisticated tools can cross-reference and validate databases, examine behavior patterns, and more to that accurately separates digital fraud from legitimate customers.
In times like these, keeping up with fraudsters without hurting the customer experience is becoming ever so vital for digital retailers - more than ever before.