While revenue for the online retail sector continues to grow, behind the scenes, retailers must deal with the escalating costs of managing fraud.
When processing online orders, organizations must decide whether to accept, reject or review a given order. They are also faced with the unsettling fact that a certain number of orders accepted could be fraudulent and lead to chargebacks; and, conversely, some rejected orders might be valid and that revenue will not be realized—nor will the purchaser be likely to return.
As such, leveraging the right tools to help verify online identities and transactions is more important than ever.
Minimizing online fraud while managing the delicate balance between valid order acceptance and false-positive rejects can quickly become complicated and costly.
Typically, companies initially rely on manual review of a disproportionate number of orders, chewing up both time and resources that could otherwise be dedicated to increasing sales and customer satisfaction.
According to CyberSource, merchants spend 52 percent of their fraud-management budgets on manual review staff. Rather than consume human resources with labor-intensive fraud-prevention activities, companies need a cost-effective, front-line defense that marries virtual- and physical-world knowledge to improve, protect and automate order processing.
This guide discusses how retailers can leverage Internet Protocol (IP) Intelligence—the wealth of information gleaned from a customer’s IP address—into order decision-making to reduce fraud, automate the review process, and increase the number of valid, accepted orders.
This, in turn, enables organizations to improve profits, build consumer confidence, and preserve the shopping experience for the online channel.
Online Identity Verification Lies at the Intersection of the Virtual and Physical Worlds
In the process of online identity verification during one-time transactions, such as card-not-present (CNP) purchases from an e-tailer, companies have adopted and deployed many methods to protect themselves from fraud.
Some have implemented solutions such as risk-based decision engines that incorporate Address Verification Service (AVS) checks; third-party data verification solutions; and other variables that indicate risk in determining whether to approve or decline a transaction.
While these systems are highly valuable within an overall fraud-prevention scheme, some also have a relatively high cost per transaction. So how can merchants cost-effectively improve order acceptance rates and reduce fraud without incurring outrageous order verification and chargeback fees?
For the last several years, global studies of online merchants have consistently found that incorporating IP Intelligence (with its geolocation capabilities) was one of the top most effective tools for fighting online fraud in e-commerce.
Geolocation technology automatically identifies the geographic location of the device from which an order was placed. It provides additional data to compare against other order information and acceptance rules to help calculate the fraud risk associated with the transaction.
Today, the greatest threats for digital merchants are:
- CLEAN FRAUD – A transaction that passes a merchant’s typical checks and appears legitimate, yet the transaction is actually fraudulent.
- ID THEFT – When someone pretends to be someone else by assuming that person’s identity, in order to obtain some kind of benefit.
- FRIENDLY FRAUD – Occurs when consumers make an online purchase with their own credit card and then issue a chargeback after receiving the goods or services.
- PHISHING – E-mails that trick people into providing personal information to unauthorized individuals who use it to commit identity theft.
- BOTNETS – A collection of compromised computers under the remote command and control of a criminal, used as a vehicle to facilitate other online fraudulent activities IP Intelligence delivers the data necessary to expose the anonymity or lift the cloak of fraudsters. By leveraging IP Intelligence within a fraud-prevention framework, companies can marry the virtual world and physical attributes to make real-time decisions on the validity of online customers and transactions.
IP Intelligence Data Complements Multi-layer Fraud Management, Provides Early Intervention
At some point, each retailer must determine its own tolerance for risk and loss. As an organization matures, it must understand that corporate goals and objectives will change so its tolerance for manual review, fraud, and lost orders will more than likely adjust as well.
So how does a company balance the cost of these systems? The answer comes from two fronts: Reducing the number of transactions that flow to more costly transaction verification systems and streamlining the manual review process for suspect orders.
IP data, which includes geolocation and VPN/Proxy identification, provides a solution that complements current multi-layered processes designed to stop fraudulent transactions. By filtering out a high percentage of transactions in real time based on an organization’s risk tolerance threshold—and at a much lower cost per transaction—online merchants regardless of size can start to balance the inequity that exists between fraud losses and fraud-prevention costs.
Most importantly, IP data provides the information necessary for each retailer to determine the outcome of a transaction—whether blocking a transaction, moving it to the next step in identity verification, or sending a transaction to another review process.
IP Intelligence technology accurately and non-invasively identifies the location of website visitors down to a ZIP and postcode level worldwide in real time. Acting as a first line of defense against online fraud, Digital Element’s NetAcuity solution uses a customer’s unique identifier−an IP address−to uncover information including location, anonymous proxies, domain name and some other 30-plus attributes referred to as “IP Intelligence.”
Because NetAcuity relies on IP-based connections to return information about devices, it makes it an ideal fraud-prevention tool that works invisibly across multiple screens, without interfering with the online experience.
By adding an additional layer of protection to validate or verify user location, NetAcuity is a key component of mission-critical fraud, compliance and security applications. This allows retailers to improve and automate decisioning on transaction risk by comparing the information customers enter about themselves against where they actually originate their transaction in the virtual world.
Smarter Rules Lead to Improved Decisioning
Building smarter rules around fraud detection and automating the process is proven to increase detection rates, reduce false positives and improve the customer experience.
IP Intelligence can be used to automatically block suspect traffic, request verification (via email or SMS) or flag suspect activity for further internal review.
Geography is part of the fraud-detection landscape and smart merchants take it further than just location, by using Digital Element’s advanced intelligence parameters to identify proxies, virtual private networks (VPNs), residential proxies, anonymizers, tors, mobiles, Internet Service Providers (ISPs), domains and hosting centers. By providing more than just geography, Digital Element’s IP Intelligence can identify a greater number of suspicious connections.
Examples of rules that can be employed:
1. COUNTRY OF ORIGIN
A company trading internationally will often block common high-risk fraud countries such as Nigeria, India, Pakistan and Russia. Additionally, if a user is known to reside in a specific country, access to an account from another country could be deemed suspect. A basic “registry scraped” system will not be able to accurately determine the location of a user.
Also, free IP data cannot identify if a visitor is masking the country he or she is accessing the Internet from (via a proxy or anonymizer), allowing potentially fraudulent activity to take place.
2. BILL-TO AND SHIP-TO
If the bill-to/ship-to locations and IP address do not match, an automated red flag can be passed for further review, or the account holder could be asked for verification via an email or text.
3. DOMAIN NAMES
Known fraud domains and suspicious Internet locations such as public Wi-Fi hotspots, Internet cafes and university/colleges should be taken into account.
4. PROXIES
Understanding the type of proxy a visitor is connecting to the Internet with, such as anonymous, transparent, residential, VPN, corporate, public, or education, and whether these proxy services offer fraud-friendly features, can trigger fraud alerts.
Responses to the type of proxy can vary depending on what type of proxy it is, for example an anonymous proxy may warrant a greater score than a corporate proxy. By identifying connections that obscure the end user location or those that seek to portray a connection from an “acceptable” city or country can now be easily categorized.
5. HOSTING
End-user traffic should generally not be seen from hosting or data centers as these types of facilities are designed for traffic to pass through, not originate from. Some cloud browsers do use these centers, but services are patchy and not widely developed. A review with other customer relationship management (CRM) data is highly recommended before order acceptance is confirmed.
6. HOME, BUSINESS AND ISP
Additional layers of intelligence can be added that identify whether a connection is from a home or business as well as which ISP the customer uses. The data can be used to build profiles of previous connectivity to assess differences or anomalies over time.
Based on the results of these rules, educated decisions are made such as whether to: continue to process the transaction; proceed with additional identity checks such as out-of-wallet challenges; stop the transaction from further processing; or send the transaction for manual review.
As the first or an early step in the identity-verification process, deploying NetAcuity saves organizations time and money by identifying fraudulent activity before transactions are passed to more costly verification checks or sent for manual review.
Customers deploying this solution have reported up to a 90-percent lift in identifying and stopping fraudulent activity before it happens.
IP Intelligence Cuts Online Fraud Losses and Reduces Prevention Costs
As mentioned previously, return on investment can come in many forms, from decreases in human capital costs by reducing the number of transactions that hit the manual review process to a straightforward reduction in fraud losses.
Merchants processing 1 million transactions per year can save nearly $300,000 in total fraud-management costs by employing IP Intelligence. With reductions in both the fraud and manual review rates, organizations using IP Intelligence can expect significant savings in the related costs. This type of return on investment provides organizations with the ammunition to justify the cost of new, upfront fraud-prevention tools.
Mobile Is Driving Demand for Faster and More Efficient Check-outs
Mobile commerce is expected to exceed $710 billion by 2025. With an ever-increasing share of online transactions moving to mobile, fraud in the mobile channel is affecting merchants more than ever before.
Mobile subscribers currently outnumber Internet users by almost three to one. And, of those mobile users, 80 percent are more likely to be on a Wi-Fi network due to speed, convenience or cost.
Using a mobile device for ecommerce and completing the purchase still creates an IP connection, making Digital Element’s NetAcuity solution a viable front-line fraud-management solution to help identify genuine customers at the earliest opportunity.
NetAcuity can accurately determine the Wi-Fi location and the types of proxy being used, so the same rules apply.
