Fighting ecommerce fraud means merchants must stay a step ahead of evolving threats to protect their customers and their bottom line. A 2020 study we published with Kount and Modern Retail revealed the top four fraud types threatening ecommerce merchants around the world.
Pairing artificial intelligence with manual analysis to efficiently prevent attacks emerged as a major theme throughout the webinar.
“AI can absolutely take some burden off fraud teams,” said Justin Griffin, Senior Fraud Analyst for wellness brand SkinnyFit and its parent company Smashtech. “But I don’t think AI alone can provide all the functions merchants need to fight fraud and avoid the expensive backend costs that fraud causes, such as loss of goods, shipping fees, payment processing costs and eventual loss from chargebacks.”
Griffin shared tactics and strategies that helped SkinnyFit decrease the amount of overall fraud attempts by over 95% since mid-2020 throughout the webinar.
Chargebacks occur when a buyer disputes charges to their credit cards, compelling the bank to force a refund. During a webinar poll, participants said chargebacks was the primary ecommerce fraud type their business experiences, followed by card testing.
The poll results were “consistent with the type of fraud we see from our merchants,” sticky.io’s Director of Data Science and Analytics Justin Shoolery noted.
Shoolery encouraged merchants to examine their transaction data and historical chargebacks to get ahead of this prevalent issue. He said merchants should be weary of:
· Absurdly high average order values — If an average order value is 10 or 20 times higher than normal, fraudsters could be trying to score your merchandise in bulk.
· Risky IP addresses — Certain IP addresses have a higher likelihood of being connected with fraud based on location or if users deploy IP masking.
· Conflicting credit card and shipping addresses — An item being shipped to an address different from the credit card’s billing address could indicate a chargeback in the future.
· New email accounts — Sometimes fraudsters will create entirely new emails to complete a fraudulent transaction.
Shoolery said he has seen merchants reduce chargebacks by up to 40% by heeding these chargeback warning signs and configuring Kount’s fraud detection rules to identify and block possible chargeback attempts.
Friendly fraud is a common type of chargeback. It occurs when buyers dispute legitimate charges without malicious intent, often due to simple forgetfulness.
“I think friendly fraud is one of the most challenging aspects of chargebacks,” Griffin said. He explained how he and his team divide chargebacks into either malicious fraud or friendly fraud because “understanding chargebacks is really the key to mitigating them.”
He also encouraged merchants to ask themselves the following questions when strategizing ways to reduce friendly fraud within their business:
· What is your refund policy? Is it clearly stated on your website?
· Does your business offer 24/7 support? If so, through which channels?
· Which traffic sources are driving friendly fraud to your website?
“I think friendly fraud is unique to each merchant,” Griffin told webinar participants. “Understanding the cause really means looking at the transaction data on a micro-level and reviewing return policies that could potentially exacerbate friendly fraud.”
A detrimental threat throughout many ecommerce verticals, identity theft occurs when fraudsters steal personal information, such as credit card details, email addresses and more to make fraudulent purchases, manipulate traffic or create phony accounts.
“Identity theft is the core of what Kount helps protect against,” said Jamie Kinshella, Kount’s Partner Business Manager and webinar moderator. Kinshella explained it’s all about striking a balance between keeping criminals at bay and ensuring legitimate customers have a great online shopping experience.
With 30% of the survey respondents in the fraud report saying their company experiences issues with identity theft, this type of fraud continues to be pervasive. Kinshella added Kount’s anti-fraud solutions have default rule sets based on verticals to combat identity fraud, but with each business taking on varying levels of risk thresholds, it’s critical to examine data and analyze which strategies are working, then take a proactive approach to safeguard against future attacks.
Bot attacks are any number of malicious, automated efforts to weaken site performance, steal customer data or impede revenue. Shoolery explained fraudsters use bots to test which stolen credit cards can make purchases. They will hit online retailers to test these cards, creating multiple issues for merchants and their customers.
“The transaction fees can get really costly for the merchants. Plus, it’s a drain on resources to refund transactions and manage customer disputes. These are the areas where we see merchants get hit the hardest,” Shoolery explained. He said telltale signs of bot attacks are:
· One device associated with many different credit cards (think upwards of 80 credit cards)
· One device associated with many different email addresses
· A sharp increase in transactions per minute or hour
Griffin added that Kount’s platform enabled SkinnyFit to differentiate between bots and legitimate customers easily when they saw an uptick in bot attacks in 2020.
At the end of the webinar, Griffin shared this parting advice with attendees: “It’s really important to let the data from the transactions guide you in developing the rules and score thresholds to prevent fraud.”