Card-not-present fraud is a headache for online retailers, but there are ways to get ahead of the game.
Share this article
As an ecommerce company, your passion is selling your product (potentially all over the globe), whether it be handwoven hemp fibre baby-carrying wraps or high-end motorcycle parts. Online order fraud, however, can quickly become your headache.
By utilising the internet’s global bazaar, you’re disrupting long-ossified markets by delivering convenience and quality products. Business realities, on the other hand, can disrupt your business model.
Dealing with card not present (CNP) fraud can distract you from core business activities, but ignoring it can deplete your profits.
Chargebacks - refunds awarded to cardholders who successfully dispute an unauthorised charge on their card - cut into revenue because of the refunded amount itself, the cost of replacing the merchandise which was shipped to the fraudster, and the chargeback fees from your payment processor.
Despite being an unequivocal bummer, managing CNP fraud is a delicate balancing act between reducing chargeback losses, minimising false declines, scaling to meet company growth and periods of peak order volume, preventing friction for the customer, and keeping the cost of fraud prevention itself down to a reasonable level.
It’s not surprising, then, that online merchants have adopted multiple approaches to managing fraud risk, from completely in-house fraud review processes to third-party solutions for fraud prevention in ecommerce.
In-house fraud management
Perhaps the most straightforward way to tackle this risk is to build and operate an in-house team of analysts as well as internal software tools to automate some of their workflow. This team usually includes at least one developer whose job it is to help build simple rules which automatically reject suspicious orders based on certain criteria.
Although this approach can work quite well for large enterprises who have the funding and other resources to hire and maintain a large team of analysts, it’s a bad fit for smaller companies, since this strategy doesn’t scale down well (if your one order review analyst goes on vacation, are you going to stop accepting orders until they come back?).
Another problem for smaller ecommerce businesses is that they just don’t have the operational bandwidth to adapt to ever-evolving fraud tactics.
Inside team, outside tools
A second approach is to use third-party case management tool to augment an in-house fraud team. These tools give a risk score for every order, and internally set thresholds, and then determine which orders are accepted or declined. For “iffy”, less clear-cut orders, the manual review team decides.
In this paradigm, in-house data scientists and developers are required to establish and optimise the case management rules, because these third-party tools don’t come with third-party data. That data science talent is in high demand across many industries, and thus doesn’t come cheap, which can price this approach out of possibility for some etailers.
The Prius option: a hybrid approach
There’s a more hybrid approach to fraud management which leverages an external fraud review service in addition to a team of in-house analysts. In this setup, the in-house team handles most orders, but offloads more challenging ones (like high risk categories such as gift cards) to an external review service.
This approach is very attractive because temporary spikes in the review workload (during peak business periods like promotions or the holiday shopping season) can be shifted outside of the team, which keeps headcount low. These third-party services can also handle tougher orders outside of regular business hours.
Merchants who want to adopt this approach face two main challenges: selecting the right third-party solution for their needs and determining how much of the fraud review pie to divvy up to the internal and external reviewers.
Fully outsourced fraud review
Of course, merchants could completely outsource their fraud management and submit all orders to a third-party fraud management service. The beauty of this approach is its scalability - the more orders come in, the more get sent to the fraud review service.
With no in-house personnel, nor time spent developing rules or training on tools, the cost savings can be significant. Besides lower costs, this option is a great fit for merchants doing business in high-risk regions or markets (like brand-name luxury apparel), where it’s really tempting to adopt overly strict and blunt tools which dramatically increase false declines.
Like the above hybrid approach, a key challenge for online retailers going this route is selecting an outside partner who best meets their unique needs.
Company size, existing fraud review talent, and budget ultimately determine which approach to CNP fraud management is best for a merchant. Picking the right solution will allow you to accurately filter out the scammers from the shoppers, boosting your bottom line by lessening losses from chargebacks.