View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Comment
October 6, 2014updated 04 Apr 2017 4:05pm

The risk of a zero tolerance approach to fraud – do merchants do enough to target fraudsters?

A zero tolerance approach to fraud is increasingly necessary, especially for high net worth goods businesses; yet high fraud-risk sectors can’t afford a zero tolerance approach to fraud as it can mean losing huge portions of business. Anna Milne looks at how merchants can fight back

By Anna Milne

A zero tolerance approach to fraud is increasingly necessary, especially for high net worth goods businesses; yet high fraud-risk sectors can’t afford a zero tolerance approach to fraud as it can mean losing huge portions of business. Anna Milne looks at how merchants can fight back

Merchants need to be able to push through as many transactions as possible without having to turn away bona fide customers due to incompetent fraud detection measures. Traditional screening measures don’t seem to be cutting it, however, in terms of distinguishing between fraud and non-fraud.

Until not so long ago, most fraud detection software was fairly basic and the real judgments on fraudulent activities were made manually. Believe it or not, even up until around seven years ago, this was often the case. The exponential growth of online and mobile payment channels has made it very difficult for merchants, banks and card issuers to keep on top of fraud detection in the increasing number of transactions.

Transactions go through card issuers’ screening processes initially, whereupon they are authorised or declined. A false negative is when fraud goes through either undetected or is deliberately pushed through.

The latter might be when a fraud alert goes off due to unusual transaction location yet the customer has informed the bank of being elsewhere so it is a false alarm. A high false positive rate results in inconvenienced and unnecessarily high (not to mention futile) investigation efforts. A zero tolerance approach tends to mean high false positive rates, hence high income losses and disgruntled customers: not ideal.

One of Alaric’s clients, First Rate, a large business operating within the high fraud risk sector of currency exchange- was turning away a major proportion of its business due to not having a system in place that was able to distinguish risk from legitimate behaviour.

In the interest of balanced reporting, First Rate operated a zero tolerance approach and acted fast to implement software equipped to deal with today’s omni-channel payments landscape as well as today’s slippery fraudsters. As a result, it turns almost no business away due to fraud.

"It’s a trade-off between fraud tolerance and acceptance of genuine customers," says David Brunsdon, head of financial crime prevention at First Rate.

A company effectively selling money is very attractive to fraudsters because transaction value is relatively high and of course cash is much easier to deal with than goods.

When customers receive an efficient service in these markets, what they don’t realise is just how much work goes on behind the scenes, beyond the streamlining of customer service and deep into the underworld of fraud intelligence. The first a customer might know about an aborted transaction due to fraud might be the decline of a card (a false positive), whereupon they will contact the service provider and in no uncertain terms inform it of its mistake.

The problem for merchants is two-fold, explains Brunsdon – identifying the fraud and not rejecting customers in the process. The traditional view of many merchants is that by being overly rigorous in fraud control, potentially a lot of good business can be lost. Fraud control is a health factor- you don’t want to have fraud or losses or acquire a lot of fraud for card issuers either.

The bottom line is to get as many genuine orders through as possible. If good customers are rejected, they are much more inclined to take their service elsewhere. For a merchant of any size, having spent a lot of time and money recruiting those customers in the first place, this is highly destructive, he explains.

Fraudsters are intelligent and it’s hard to say who is in front at any given time. Fraudsters seek to establish a modus operandi that is successful and fraud controls are adjusted, leading to the next generation of fraud attacks. Both sides get more and more sophisticated and organised by the month.

"It’s an intellectual arms-race"

Recent Europol analysis indicates that the same criminals are still active in this market after many years and, after being arrested, they often return to the business within a few months.

Interestingly though, the human element is indispensable. "We can’t be complacent. Technology isn’t the complete panacea to fraud, there is a human element. A lot of faith has been put in biometric and two-factor authentication but neither has really worked out.

Technology can only be part of the solution. Chip and Pin had been very successful in combating certain types of fraud but then the fraudsters just moved off into other areas, it’s like a water balloon, if you squeeze one section, the water moves elsewhere," says Brunsdon. Even the highest functioning self-learning fraud detection software still relies on human analysis. "A lot of expertise invested in those individuals. They are experts."

The focus on customer retention is reflected in banks. David Divitt, fraud, crime and risk consultant at Alaric, says "in the last year there’s been a shift from banks being most concerned about fraud losses to being most concerned about customer satisfaction and customer relationship and that’s a direct impact of customers being annoyed about aborted transactions. It comes down to policy at the bank and losing a customer is much worse than losing money to fraud".

How can the traditional, back-seat image of merchants be challenged?

Banks these days are incredibly diligent, says Divitt but can change with more cooperation and a proactive stance from merchants. Brunsdon believes merchants need to be more proactive within the card payment arena and that this isn’t recognised by the industry as a whole.

The banks and service providers tend to underplay the role that the merchant has (and reducing the illegal income of criminals may not always be a number one priority for banks; they ultimately make a profit out of new banking products and services, whoever the customer).

The banks’ attitude is ‘what do the merchants know about it, after all it’s our customer’. The key is for merchants to develop strong working relationships with card issuers and collaborate on combating fraud. There is a level of cooperation that can be exploited. Not for every merchant of course, just those in the sectors where fraud is an issue, such as financial services and airlines-not in selling beds, for example.

If merchants and issuers worked more cooperatively, a very low false positive ratio indeed could be obtained. It’s not to say it’s not happening but it should be happening to a greater extent.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Electronic Payments International