Chargebacks are an inevitable part of selling things online. In fact, 63% of companies saw equal or higher levels of fraud year-over-year versus 2018. At the same time, there is a limit to how many of them eCommerce merchants can withstand. Eventually, they become too large a problem to ignore. Shops that brush off chargeback detection as just another cost of doing business will quickly find themselves bleeding more revenues away than they are comfortable with.
Getting the chargeback problem under control is difficult because there are competing interests at stake. On the one hand, merchants want to accept as many orders as possible. On the other hand, they don’t want to be giving away their merchandise to cyber criminals. And there is always the risk of going too far in the other direction. Merchants that aren’t careful end up with an eCommerce false declines problem that turns a large number of legitimate customers away.
Chargebacks also present merchants with a number of problems and headaches including higher operations costs, increased fees for processing credit card transactions, and in the worst cases, even the loss of their ability to process credit card transactions at all.
For all these reasons, balancing high order volume with adequate chargeback detection is one of the most important things merchants can do to help their business grow.
10 Things to Look for to Improve at Chargeback Detection
The true cost of fraud for merchants is high — as much as $2.82 for every $1 lost to fraudulent orders. To prevent that loss, the top eCommerce fraud protection solutions use either rules or algorithmic technology to analyze orders. However, there is no absolute or foolproof method for how to prevent chargebacks.
Below is a list of ten data points these solutions often take into account when deciding if an order is legitimate. The presence of any one of them does not by definition mean an order is fraudulent. It just means it deserves additional security before final approval.
- The use of a VPN/Proxy connection. An attempt to hide the identity and location of a purchaser — especially a desire to appear to connect from a “safe” country — indicates deceit by the purchaser.
- Address Verification Service (AVS) showing a billing/shipping mismatch. Merchandise stolen via fraud still needs to reach the fraudster, which means shipping it to a place the fraudster can pick it up, instead of the legitimate address attached to the card.
- New email addresses. The possibility of detection due to over-exposure drives fraudsters to constantly open new email accounts.
- Purchases made from high-risk countries. Areas of the world known for low respect of law where stealing is more common.
- Customers that call to try and convince merchants to ship an order. The vast majority of legitimate customers that get declined get angry, don’t want to deal with the friction in the process, and move on to a different store. Fraudsters will call a merchant directly and attempt to convince them to ship the merchandise.
- High order frequency. Stolen credit cards must be used as often as possible before the legitimate card holder realizes there is a problem and closes them.
- Calling to change the shipping address after approval. Billing/shipping address mismatches cause increase scrutiny, so fraudsters will often wait for an order to be approved, and then call after the fact to change the shipping address.
- Reshipping services. Another method fraudsters use to hide the true destination of the merchandise in order to avoid providing the authorized card holder’s shipping address when making a purchase with a stolen credit card
- Overnight shipping. The faster fraudsters can get their hands on soften merchandise, the less chance they will be uncovered and stopped before it arrives.
- Large orders of in-demand merchandise. Items legitimate customers don’t need in high volume but that have high re-sale value (such as hover boards)
What Types of Ecommerce fraud Should Merchants Lookout For?
There are five main types of online credit card fraud. Here is a brief overview of each one:
- Clean Fraud. There is enough accurate personal or identifying information presented to convince the merchant the legitimate card holder placed the order.
- Friendly Fraud. The legitimate cardholder places the order, then claims the order is fraud.
- Synthetic Identity Fraud. A stolen identity and address builds credit before maxing out cards.
- Triangulation Fraud. The creation of a fake store to move stolen merchandise.
- Account Takeover Fraud (ATO). The use of fraudulently obtained account access to make purchases and/or re-route money within an organization.
Each of these fraud types presents it own detection and prevention challenges. However, in general, there are a few universal methodologies merchants should be aware of if they want to do a better job of stopping fraudsters.
Chargeback Detection Methodologies
Despite the huge nature of the problem — it’s estimated that as much as $48.2 billion dollars was lost to fraud across just eight industries in 2017 — many merchants have a tendency to err towards piecemeal manual review as a fraud prevention solution. There is nothing inherently wrong with this strategy, but there are weaknesses that need to be taken into account.
For starters, review should be undertaken by someone with expert knowledge in chargeback detection. Businesses that think they can save money by truly going it alone invite disaster. Fraudsters are smart, and meeting the dual goals of preventing fraud without declining a large number of legitimate orders is not easy. Merchants wouldn’t let someone with no knowledge of their industry run their shop; they should feel the same way about their manual fraud review.
But even if there is an expert doing review, they need help. Many tools exist that analyze orders and provide insight into the data points (and many more) listed above.
In general, these eCommerce fraud prevention solutions use one of two methods to analyze orders: Rules-based tools and Machine Learning tools.
Rules-based tools will search the data and take note of the presence or lack of specified rule-based conditions. Often, a weight is assigned to each value. Then, merchants can instruct the tool to recommend or automatically approve/decline based on risk tolerance. For example, merchants can say that any order with a billing/shipping address mismatch with overnight shipping should be instantly declined.
Benefits of this system include the ability for internal manual fraud review teams to use it in tandem with their expertise, as well as a total transparency into what is approved/declined and why. However they are static and must be constantly evaluated for efficiency. If chargebacks spike or order approval percentage plummets, it can be a imperfect, time-consuming, and sometimes even inconclusive, process to figure out why and adjust course.
Machine Learning Tools
The other option is Machine Learning/AI tools. These tools use algorithmic analysis of data points to decide if an order is legitimate. Although some vendors make it possible for merchants to reserve final approve/decline authority for themselves, the norm is for automatic decision execution.
The nature of AI tools as complicated technology means they do a constantly changing dynamic analysis to pick up on new/unique fraud patters at a shop quickly. That’s a strong benefit. But it’s balanced against the fact they are almost always built, maintained, and executed entirely off-site from a merchant’s main operations. And although many attempt to provide merchants insight into decision rationale, the layered nature of the decision making tends to limit visibility.
What Do you Do if an Order Is Suspicious?
Getting hit with a chargeback is emotional. It feels like theft, and also entirely seems entirely preventable in retrospect. For these reasons (and others) many neophyte merchants (and even some veteran ones) tend to err on the side of caution and try to receive as few of them as possible.
The problem is that while this strategy does much to make merchants feel good, it is always a mistake. Declining too many legitimate orders leads to tons of lost revenue and customer lifetime value. Ultimately, it is a bad business practice. It favors emotional decision making over the cold, hard calculations of what is most profitable.
In other words, knowing how to prevent eCommerce false declines is an essential merchant skill. There should always be a balance between preventing chargebacks and accepting that some fraudulent orders will slip through the cracks.
Suspicious orders should be reviewed carefully and approved/declined against an informed set of criteria predetermined to strike an acceptable balance.
Conclusion: Be Smart About Chargeback Detection
In 2018, US merchants alone lost over $9 billion to CNP fraud, and it’s not for a lack of trying to prevent it. It’s a real problem merchants should, and do, take seriously.
Nevertheless, merchants do themselves a disservice if they allow circumstances/emotion to impact chargeback detection. True they may may feel better, but will almost certainly actually be doing more harm than good to their business.
Bottom line, no matter what kind of fraud merchants are up against, and irrespective of whether suspicious order view is done internally, with a combination of information resources and fraud prevention tools, or entirely outsourced to a trusted vendor, it must be done deliberately, rationally, and intelligently.
Anything less risks using a strategy that costs much more than it needs to.