Preventing e-Commerce Fraud in a Changing World

You must constantly reassess your way of dealing with fraud and adapt to fresh challenges in the most appropriate way

Liron Damri
Liron Damri

With every dollar lost to fraud representing a $3.08 real loss to the company, it’s easy to see why companies are so eager to prevent e-commerce fraud at all costs. But the best way to do that isn’t necessarily the most obvious approach.

Many companies assume that, in order to combat such a serious risk, they should institute rigid, conservative policies that protect their business as strenuously as possible. However, this kind of attitude comes at a price—one that is higher than most companies can afford.

Fraudsters Are Changing

It used to be the case, not very long ago, that online crooks were fairly predictable, and could be blocked by methods such as cookie tracking, Internet protocol (IP) geolocation or blacklisting email addresses. Those days are gone.

Today’s criminals know all about clearing their cookies, they’re experts at hiding their true location, and they create and discard email addresses faster than your office consumes coffee.

Part of the reason for this is that new technologies make it easy to be a fraudster, even for people who totally lack technical knowledge. Just as you don’t need to have medical training or any scientific understanding to measure your heartbeat using your phone, these professional criminals don’t need to know any more than the average person about their computers, their phones or payments systems in order to steal money from your company. There’s an app for that.

Last month, a new tool called Antidetect was reported that allows fraudsters to avoid browser fingerprinting, find stolen credit card information and make their computer look as though they’re from the same place as the victim, all in a few easy steps. There’s a video of one crook trying it out and the whole process—from start to thank you order confirmation page—takes him about five minutes. Five minutes to make a nice profit, stealing goods he has no right to with money the merchant will never see. Now that’s a fast turnaround.

Flexibility Is Essential

What does this mean for you as a business? It means that rigid rules aren’t going to be enough to protect your company from fraudulent transactions. Fraudsters are fast, agile and creative about their attempts to steal. You need to stay flexible in order to keep up or you may be fighting a rearguard action all the time, struggling to combat methods that were new a year ago, while the fraudsters attacking your site are already using a whole fresh armory against you.

You can’t set your fraud policies and walk away, or choose some rules and leave them be. You have to be constantly reassessing your way of dealing with fraud and fraudsters, adapting to fresh challenges in the way that is most appropriate for you.

Fraud Is Changing

From a wider perspective, the importance of Antidetect lies not in its particular abilities (impressive though they may sound), but in what this product represents. It’s just one example of crime as a service.

In the modern world, companies increasingly rely on software as a service—on-demand software made and maintained by people who know what they’re doing, which businesses can simply leverage to meet their needs. It’s much easier and usually more effective than doing it yourself, and you never need to worry about buying upgrades because upgrading the system and keeping it constantly up to date is taken care of by the provider of the service.

Well, criminals liked this model for all the same reasons that legitimate companies and individuals favor it, and now the dark net (the underworld of the Internet) is structured to provide just this sort of service. There are crooks whose profits come entirely from selling services, technologies and advice to other criminals—who use them, among other things, to steal from online businesses.

Fraud Is Professional: Fraud Prevention Must Be, Too

Modern e-commerce fraud takes place within a context of an organized, professional and sophisticated criminal ecosystem, and online retailers need to understand that and take it into account when it comes to fraud prevention.

That means staying up to date with the latest developments within the environment of fraud and fraudsters, being aware of the methods these crooks use to commit fraud and to avoid detection, and always staying at least one step ahead.

Business Beware

There is one caveat to all of this. It’s easy to get so carried away with the aspect of prevention and blocking fraud that you forget the importance of your real customers, at least when fraud prevention is concerned.

Why would that be a problem? Well, the easiest way to avoid all fraud is by rejecting all orders. It’s not a recommended policy, for obvious reasons, but, in fact, many companies effectively come at the fraud issue from this angle. They prefer to reject orders that look as if they may be problematic than take a risk of loss.

Letting Loss in through the Back Door

What this kind of approach really does is let loss in through the back door. The fraudsters can’t steal from you, but you’re also preventing real customers from giving you their money—and once you rejected them once, you likely lost the customer for life.

Balance is critical in fraud prevention as in so many other aspects of life. You need to find the point of perfect poise between avoiding risk, and encouraging consumers and genuine transactions.

What you really want to do, then, is utilize methods that you can leverage to limit your risk without limiting your profits as well.

Four Steps to Preventing e-Commerce Fraud without Turning Away Consumers

  1. Use technology to fight technology. While it’s true that the criminals have easy access to new software and tools to an unprecedented extent, it’s also true that modern fraud fighting has a truly impressive array of weapons. From behavioral analytics, which can trace the movements of fraudsters on a site and flag them as not being the actions of a genuine customer, to cyber intelligence, which specializes in stripping the carefully constructed mask from the criminal’s virtual face, contemporary fraud prevention has some extremely powerful tools at its disposal. Keep up with the latest tech and solutions, analyze each one from the perspective of growth, as well as loss avoidance, and make sure that you always have the best.
  2. Stay abreast of trends within the fraudster community. Things change fast in today’s world, so make sure that you’re on top of it all. Don’t get caught by a trick that’s been around for a while, be aware of the new technology being developed all the time and learn how fraudsters like to work. This knowledge can help you distinguish between real customers and fraudulent ones, so you don’t let the wrong ones through—but also don’t insult genuine buyers.
  3. Make big data work for you. There’s a difference between how fraudsters like to work in general and the specifics of how they target your site. You have a huge amount of information available to you about both accepted transactions that turned out to be fraudulent (and caused chargebacks), and transactions your system rejected for fraud. Analyze that data on a regular basis, seeking information about when and how fraudsters like to operate when they’re trying to steal from you.
  4. Present a hard target. Fraudsters are professionals, with an eye on their personal bottom line. They want to maximize their profits with the time and resources at their disposal. If your site is serious about fraud prevention and is able to be flexible enough to stay up to date, that news will get about. No crook will want to waste his or her time on a site with great protection when he or she could be going after an easy target.

If finding the right balance sounds difficult, well, it is. But it’s worth it: You’ll see the benefits in both a lower chargeback rate and increased revenue. You don’t have to do everything yourself—there are excellent fraud prevention solutions out there. Research them, choose the one most closely aligned to your business interests and let the experts take some of the burden from your shoulders. The important thing is not that the company itself actively employs these suggestions, but that they are employed on behalf of the company.

Whether you run fraud prevention in house or call in the experts, the key thing is that the company’s fraud prevention stays up to date and flexible, and never forgets about growth.