For US retailers, rising “Card Not Present” (CNP) fraud represents a clear and present threat. The latest figures indicate that, globally, merchants will lose some $130 billion by 2024 to this kind of fraudulent activity, according to Juniper Research.
While this threat is understood at the industry level, research shows that on the frontlines of everyday commerce, many merchants don’t share the proper level of concern. A new study by Emailage gathered insights from 1,000 small and medium merchants in North America, finding that around half (48.4%) consider their company too small to worry about fraud. One-in-three (38%) do not consider fraud prevention to be a business priority.
For many growing companies, the threat of a fraud attack may seem remote; until an attack occurs, prevention is seldom top-of-mind. However, merchants should know that, as marketing spend and word-of-mouth buzz increases, so will attention from fraudsters.
In failing to invest proactively in the appropriate precautions, small merchants are increasing their fraud risk exposure – a company with few security measures is far more attractive to the fraudster than one with robust controls.
Proactive fraud detection offers strategic and tactical benefits. Strategic benefits relate to your business as a whole and include avoiding chargebacks, payments fraud and card networks with high-fraud-rate procedures.
On the other hand, tactical benefits relate to the ability to prevent repeat fraud offenses and detect fraudulent transactions at their origin. That’s the “sweet spot” where fraud cases are less complex to manage and require less expertise.
First up, let’s talk about the benefits of proactive fraud detection.
The first obvious benefit of proactive fraud prevention is process optimization. If (and, more likely, when) you’re the target of an attack, you won’t have to divert lots of extra resources toward an emergency. You also won’t have to abruptly limit the range of payments accepted to bring your fraud rate down.
Without screening in place, fraudsters are able to penetrate and end up as chargebacks.
One way many companies protect themselves is to enable 3DSecure. This mechanism requires the cardholder to know their card details and pass a security challenge. If the challenge is passed, the 3DSecure ruling shifts the liability of the loss to the issuing bank, thereby protecting merchants against chargebacks.
3DSecure is a sort of insurance policy, so of course, there are limits. One such threshold, which is set by credit card networks like Visa or MasterCard, is that less than 2% of your sales volume be fraudulent. Other factors are considered as well.
Note that Visa plans to lower both its chargeback and fraud ratios this year. We’ll be covering this more next week so be sure to link back.
In the course of normal operations, most merchants will fall well below those limits. However, if your fraud rate crosses the threshold, expect the card network to flag and track your account.
If your fraud rates don’t improve in a given timeframe, your account may lose the protection of the liability shift and further expose you to chargebacks. This way, you’ll stay under the limits defined by the card networks and prevent over 2% of your revenue from being charged back from one day, when you were still protected, to the other, when you were no longer protected. These benefits are strategic in that they relate to your merchant account as a whole.
Tactical benefits also exist.
Fraud attempts are often repeated many times with a similar style that is referred to as repeat fraud offenders. The challenge here is balancing rapid detection with the ability to adapt your detection system in response.
This way, new fraud attempts of the same type are detected and stopped at their onset without the fraudster having any idea why. Proactive fraud detection helps you prevent RFOs and decrease your total number of fraudulent transactions.
Another point to consider is that trying to detect fraudulent transactions in an emergency is generally more complicated than taking a proactive approach before an attack occurs.
The complexity may arise because of technical capabilities, such as your fraud detection system lacking the ability to determine what’s needed to screen out fraud. It will take time before you can add additional layers. Furthermore, the limited design of your IT may also hinder your ability to rapidly and efficiently detect fraud.
If you’re detecting fraud proactively – you’ll be able to eliminate bad actors before they cause chaos. Many tools associated with proactive fraud detection services apply machine learning technologies to determine suspicious patterns in user behavior and predict fraud before it happens.
Finally, more expertise is necessary to deal with emergencies than for situations with adequate planning. The additional complexity and knowledge are likely to lead to cost overruns that are preventable with proactive management of online fraud detection.
I invite you to follow me on LinkedIn
Click here to discover how to get secure, intelligent risk assessment using an email address.