Acro Commerce Q&A — Secure online payments & fraud prevention

Matt Gomez, Director of Business Development at Acro Commerce sits down with Eric Hartwell, Partner Manager, at Signifyd and Matt Vega, Director of Fraud Strategy & Chargebacks, at BlueSnap to talk about payment security and fraud prevention for retail and B2C companies doing online sales.

WATCH THE SESSION

Timestamps of note:
02:40 — What does payment security entail?
03:47 — What are some best practices for payments and how they are processed?
06:11 — What does the overall fraud prevention industry look like?
08:25 — Aside from pure volume, have there been any changes due to COVID specifically?
10:51 — What are some examples of rules and machine learning that can be put into place to prevent fraud?
13:30 — What are some tactics companies employ in online fraud prevention, and what resources does that need?
17:08 — Are there signals that fraudsters can pick up on to know a site employs fraud prevention?
20:34 — From a retail point of view, what types of fraud are you seeing most?
25:15 — What kinds of fraud are companies like Signifyd most worried about?
31:24 — Are there specific verticals in B2C/retail that are more prone to fraud?
32:35 — As an online retailer, what services should I be looking for to protect myself and my business?
 

Listen to this post by using the player, or subscribe using Spotify, Apple Podcasts, or Google Podcasts.

---

Key takeaways from the conversation

Best practices for secure online payments

Matt Vega, director of fraud prevention at BlueSnap, suggests that online retailers have a payment processor in place with great security, but that for good fraud prevention, a strong fraud prevention partnership is important. By partnering with an established company such as Signifyd, machine learning and technical expertise are already in place. You don't have to spend money building the tech and improving it.
A network effect comes into play when you partner with a company that supports thousands of other online merchants. Those merchants are feeding data into the system and therefore the artificial intelligence is constantly being refined and improved, making the protection more accurate.
Using a payment processor with the latest security features and partnering with a 3rd party fraud protection company will give you best-in-class fraud prevention.

Standards used to prevent online fraud

• Rules engines: these are effective at hard blocking specific behaviour. For example: if the shipping address for an order is more than 100 miles from the billing address listed for the credit card, block the transaction.
• Proper use of AVS (address verification system) through payment gateways. The use of the AVS is not effective on its own for gauging fraudulent activity but is good to use as a data point for machine learning provided by 3rd party partners.
• Machine learning: supervised and unsupervised machine learning is incredibly good at finding abnormalities within datasets and identifying patterns. Machine learning will locate tactics and targets that can slip through rules engines.

Three common fraud prevention strategies

1. Allowing all orders to come through. Prepare for chargebacks. This is essentially opening the floodgates and hoping that the majority of your online users are honest. You will need to have someone on staff that is diligent and dedicated to dealing with chargebacks. This is time-consuming and potentially requires a lot of investigation time to defend against chargeback abuse.
2. Manual review of orders. With this method, rules and filters are used, but orders that meet certain parameters are flagged and sent for review. The review of those orders would need to be done by an individual or team of individuals, depending on the size of the company. The risk with this is that the shipment of orders could be delayed due to the manual review process.
3. Automatic declines. This method also uses rules & filters, but rather than manually reviewing orders that fall outside of the acceptable parameters, they are automatically declined. The risk in this method is that there is the chance that your may be declining orders that aren’t fraudulent.

Each of these methods, when performed in-house, has drawbacks and limitations. Having a third-party partner that can perform these checks for you helps improve customer experience and reduce fraud.

Most common types of fraud

Friendly fraud: the order comes in and looks good. The fraudster receives the good or service, but tells their bank that they did not receive the good or service and initiates a chargeback. These are the most difficult to stop and require a lot of investigation to refute.

Subcategories of friendly fraud include returns fraud and stolen identity fraud.

Returns fraud: an order is placed, but the client initiates a return. The client then returns the original packaging, but with garbage or a substitute weighted item of no value in the packaging. What the fraudster is counting on is that the refund will be issued before the box is ever opened, If this happens, the vendor cannot re-submit the payment, and is out the cost of the product that was not returned.

Stolen identity: this category is generally used in lower value fraud and quick ship items. This is seen often in one-off fraudster attacks.

Fraud for hire: there are now services out there that will allow fraudsters to place an order with their card, capture the payment, and then do a refund scam that could include defrauding the company issuing the credit card, or the online merchant by various means. Common forms are returns abuse as noted above, but on a larger scale, and reseller abusers, where the service will take the product and resell it, but claim a return or fault against the online merchant.

Professional fraud networks: These are highly sophisticated and merchants will generally not know they are getting hit. These networks will use account takeover tactics, use sophisticated malware, spoof device IDs, and spoof device fingerprints. They will use information collected in cyber attacks, data breaches or purchased on the deep web. Occasionally, hostile governments will even fund these fraud networks to destabilize online commerce.

How to prevent fraud in business

Fraud is going to happen in any business. Building partnerships and using the right tools to help mitigate most fraud tactics is the best strategy for keeping your business profitable. Leveraging vendors like BlueSnap for payment processing and Signifyd for fraud prevention and indemnity is a way that retail and B2C companies can protect themselves while benefiting from the big data and technical expertise that they possess.

If you would like to speak to our panellists directly about this topic, feel free to reach out.

Acro Commerce — Open source ecommerce strategy & technology analysts and development agency

Matt Gomez, Director of Business Development — Email | LinkedIn

BlueSnap — Online payment solutions

Matt Vega, Director of Fraud Strategy & Chargebacks — Email | LinkedIn | The Fraud Technology Podcast

Signifyd — Ecommerce fraud protection and prevention services for companies

Eric Hartwell, Partner Manager — Contact | LinkedIn