August 31, 2015
Back to the Basics: A CNP Payments and Fraud Primer, Part 3
By Karisse Hendrick, Editor-at-Large, CardNotPresent.com
As kids, many of us dream of becoming a fireman, a ballet dancer, a ball player or a pop star. A card-not-present payments and fraud professional? Not so much. For most, ending up in your current career was a happy accident. There are no college courses that prepare you to set up or manage CNP payment processing, nor are there are any standardized courses on fraud management. Because there’s no clear career path, everyone comes to their job with a varying degree of understanding regarding the plumbing of the industry.
At CardNotPresent.com, we often are asked for a basic explanation of the overall payments process by individuals throughout the ecosystem and at many levels of experience. A review of basic information can help merchants understand the partners they need and help providers better understand the role they play in the ecosystem. Last time we looked at the basics of merchant processing fees. Today, we examine antifraud technology and how to effectively evaluate fraud tools. If this is a review for you, pass it along to someone you think it will help. We have developed an infographic to accompany this article you can print out and refer to often. If you don’t need it as a resource, someone in your organization does.
Evaluating Fraud Tools
The products and systems fraud professionals employ on a daily basis to protect their companies mostly sit within the payment authorization process. Some tools are utilized before the purchase, some in tandem with the authorization process and some post-authorization. Best practices dictate performing fraud prevention methods prior to settling or finalizing a transaction for payment. The accompanying image shows where in the process each category of fraud prevention tool lies and explains each category.
Understanding the Options
The number of fraud prevention tools available to screen card-not-present transactions has exploded in the last 10 years and the quality has never been better. Nevertheless, it is important to learn about new products as they become available and to choose carefully when the time comes. Because fraudsters learn and adapt to each new prevention regime, it is important to continually improve the tools used to verify identities and prevent fraud. The best way to stay informed about new fraud prevention products is to attend industry conferences such as the CNP Expo to meet with representatives from the growing number of companies offering solutions. It also can be helpful to reach out to merchants with similar business models to determine which products work best for their company.
Customize Your Strategy
There is no one-size-fits-all solution for fraud prevention. What may work best for one company may not be as successful for another. Fraud-prevention needs vary based on business model, average transaction size, target market and product/services offered. Just like different companies attract different customers, they also attract different fraudsters and fraud methods. The type of fraud a merchant experiences should dictate the tools selected for your business. Card-testing fraud may be best prevented by capturing device ID information and setting velocity rules to not allow the same device to continually place orders with multiple credit card numbers. Account takeovers, on the other hand, can be prevented through behavioral analytics and device fingerprint information, while standard credit-card fraud can be detected by utilizing identity verification tools. Most business models and companies can derive some benefit from nearly every tool, but how they should be used and which specific providers are best vary based on the factors listed above.
Layer your tools
No one tool can prevent credit-card fraud as effectively as layering multiple services. As fraudsters adapt and change their methods, their goal is to have orders look the same as legitimate transactions. Because of this, it is important to have more than one service evaluating and providing insight into your transactions. Several tools currently available do combine more than one type of service or technology, so it may not be mandatory to have multiple providers, as long as the services provided detect the type of fraud your company is experiencing. Cost should be a factor when considering the number of tools your business employs, especially if the service is charged on a per-transaction basis and the average transaction amount is relatively low. The higher the exposure to risk, the less cost may figure in the calculus used to choose a solution. Many providers offer free trials of their services or a post-transaction review of a large group of your transactions, providing a list of transactions they would have canceled. This can be a great way to know if the tool will be the most effective for the type of fraud experienced, and the overall business model.
Find a balance
While it can be easy to focus only on preventing the losses your business is experiencing, it is important also to find solutions that will not add friction that impacts the experience of good customers, either at the time of checkout or by canceling legitimate orders that may appear risky. Selecting the right tools for your business while also fine tuning the rulesets in fraud scoring systems to find that balance are key. In a perfect world we would all have a 0% fraud rate, however it is more practical to determine an acceptable amount of loss for your business that also enables you to maintain a great customer experience for your good customers.