By JEFFREY LIESENDAHL, CEO of Accertify, a Chicago-based provider of fraud solutions to merchants for transactions when a credit card is not present
The problem of "shrinkage" is as old as the retail industry itself. Employee theft, shoplifting, organized crime and paperwork errors are well-known negatives for retail profitability.
Surprisingly, identity theft barely registers as a concern to retailers. That's because credit card issuers--not merchants--shoulder the financial responsibility for most credit card losses.
But if retailers aren't worried about identity theft, they should be. Many are expanding their marketing activities on the Internet, where online payment fraud is a thriving business.
Sophisticated criminal networks, many operating internationally, use stolen credit card information to make fraudulent purchases anonymously on the Web. Retailers of all types and sizes are vulnerable, especially those selling high-value merchandise such as electronics, jewelry and airline and concert/event tickets.
In 2007, U.S. merchants lost more than $3 billion to Internet fraud and they spent billions more to combat it. Those losses have been growing by double-digit percentages each year and are a significant factor in eroding retail gross margins.
Retailers that accept purchases online or over the phone face unique challenges and risks because there is no credit card present or customer signature for the merchant's inspection. In contrast to in-store purchases, the online retailer bears total financial responsibility in "card-not-present" fraud. That means the merchant loses the full value of the goods or services sold, along with payment processing fees and the charge-back penalty.
MasterCard and Visa have tightened guidelines concerning acceptable charge-back levels and merchants who exceed them are subject to heavy fines. They could also be placed on a monitoring program and lose the right to accept certain credit cards.
Many businesses focus on managing charge-backs, which occur when a card-issuer reverses a sale due to fraud. But to understand the total cost of e-commerce fraud, retailers should look at the larger picture. Merchants can add millions of dollars to their bottom lines by addressing the total impact of fraud, not just the reduction of charge-backs.
Fraud impacts an organization well beyond the revenue losses tied to charge-backs. There's the expense of running a fraud department and administering fraud claims, as well as the cost of rejecting valid orders that appear suspect.
For many companies, the risk of fraud unnecessarily limits scalability, including the types of merchandise sold over the Internet and to whom. For example, some merchants wind up turning away business. In order to avoid fraud they do not ship merchandise to post-office boxes or sell to online buyers whose shipping addresses don't match their billing addresses.
A specialty retailer may be reluctant to sell MP3 players or other popular consumer electronics on the Web because the items are a magnet for fraudsters. Or, the retailer may be afraid to expand into international markets that are associated with higher fraud rates.
There is also a customer service cost to fraud: shoppers expect to use credit cards without hassle or waiting and customer relationships are undermined when valid transactions are questioned or rejected or shipments are delayed due to suspected fraud.
THE FRAUD UNIVERSE JOURNEY
Several years ago, when I was vice president and corporate comptroller at the online travel agency Orbitz, I was asked to solve a significant fraud problem. I quickly realized that airline tickets were a tempting target for criminals. When Orbitz was still a young company, its fraud losses were approaching $1 million per month and rising at breathtaking speed.
We purchased an automated screening system--the same type used by many online merchants--to catch suspicious transactions. The system screened for risk factors that we associated with fraudulent purchases, such as expensive or first-class tickets and tickets booked less than 48 hours before departure.
On the first day we put the system into use, some 25,000 transactions were flagged as potentially fraudulent--more than one-third of our daily bookings at the time. We found that the majority of orders flagged were legitimate purchases.And we stood to lose good customers by rejecting or delaying confirmation of valid transactions. But separating good transactions from bad ones was like finding a needle in a haystack. Every day, tens of thousands of new transactions were heaped onto the mounting "haystack."
Our fraud analysts had to sort through the suspect transactions to find out which ones were fraudulent. Their job was to contact banks and customers to validate transaction data.
There are many good tools on the market for verifying addresses, card numbers, customer identities and IP address locations. But using all these "point solutions" involved toggling back and forth among a variety of applications and screens of data in order to pull together the necessary information.
The manual processes were so cumbersome that it was impossible to review all the suspicious transactions. Even when we added more analysts, the transaction "haystack" kept growing.
Another challenge was trying to keep up with increasingly sophisticated fraud schemes. Each time we bolstered our defenses, criminals developed new ways of getting around them.
Finally, we found that no single tool was going to solve the problem, so we quit searching for the silver bullet. Manual reviews are a necessary part of fraud prevention but they needed to be faster and more efficient. And we had to be able to keep our fraud-fighting practices and tools up to date.
Our solution was the creation of an end-to-end software platform that integrated all of the functions Orbitz needed to combat fraud. This new workbench enabled us to utilize additional filters for separating valid purchases from fraudulent ones.
Many review procedures were automated and orders were queued for review by their risk profile. The platform gave us control of our transaction data and provided analysts all the information they needed. We could adapt the system on the fly and add new anti-fraud technologies.
This new approach reduced fraud losses 90 percent, while more than doubling our fraud team's productivity. As a result, Orbitz was able to decrease the size of its fraud department and pursue new revenue channels, such as international travel bookings that were especially risky from a fraud standpoint.
Achieving the lowest fraud rate in online travel saved Orbitz millions of dollars annually and helped the company reach its goal of becoming the industry's low-cost competitor.
In today's sluggish economy, reducing operating costs is a key objective for many retailers. Online payment fraud is a prime area for managing costs, especially during a recession. Merchants are already reporting higher fraud rates as criminals become more aggressive and consumers have a difficult time paying their credit card bills.
The retailers that are most likely to succeed are those that reduce their total cost of fraud. Their goals should be to reduce the labor required to screen transactions and to shore up their defenses by integrating their fraud prevention applications.
January 1, 2009
Copyright 2009© LRP Publications