I’m willing to bet you know someone who’s fallen victim to credit card fraud – if you haven’t done so yourself.
In the first six months of this year alone, there were a record-breaking 89,000 cases of
fraud in the UK, with payment card fraud totalling
$21.84 billion globally.
Hackers are becoming more sophisticated. They can now get stolen card data in bulk on the dark web, and then test it to see which can be used to commit fraud. The origin of fraudulent payments can normally be traced back to a data breach of an organisation.
Take
Equifax as an example. The US-based consumer credit reporting agency suffered a hack that compromised 143 million people’s data. Equifax then directed customers to
a spoofed customer support page, demonstrating just how easy it is to mimic a website.
With all these threats, it’s tempting to batten down the hatches and ramp up your risk settings. But this comes at the high cost of damaging your conversions. Today it is more important than ever to find the balance between blocking fraud and keeping customer
friction to a minimum. And data holds the key.
Businesses have a wealth of data at their fingertips to identify and block fraud. You just need the right tools to help you spot patterns and stop fraudsters in their tracks. Here are a few examples:
Behavioural analytics to stop card testing
Fraudsters are getting good at using data to test and validate stolen cards. But two can play that game. Data can help you spot suspicious behaviour on the payment page, like completing the entire process in a few seconds. You can then use this to trigger
additional risk filters like 3D Secure, which we’ll come to in a minute.
Connecting data points to track fraudsters
With data science and machine learning, you can start predicting fraudulent behaviour before it happens. To do so, you must stop seeing transactions as stand-alone entities. There’s a lot of valuable data that can be clustered with a transaction to get a
holistic view of the shopper, including email addresses, login credentials and card details.
The more data is collected, analysed and linked, the better. For example: It’s common for fraudsters to target businesses across verticals, testing a card at a music-streaming site in the US and then using it to buy an flight from Germany to Japan. This
is why it’s important to work with partners that have visibility across the whole payments value chain (e.g. combining the role of PSP and acquirer with a global presence). The more data the more robust the fraud defense.
Find the right balance with 3D Secure
3D Secure has a bad reputation, usually known as the ‘conversion killer’. But with PSD2, comes the need for strong customer authentication and 3D Secure will soon be mandatory for many transactions. The trick is to use 3D Secure dynamically, using a rules-based
approach. For example, you can use risk-based authentication (like behavioural analytics and device fingerprinting) to determine which transactions should go through 3D Secure. You can also use performance-based factors related to geography, since some markets
3D Secure actually has a positive impact on conversion.
To make things even easier, 3D Secure 2.0 will soon be out. This comes with a number of improvements, like letting you host the authentication on your own site, which eliminates the dreaded redirect.
There are many ways you can combat fraud. And, crucially, tools now exist that automate the process, so you don’t have to spend hour’s manually reviewing transactions. It’s important to work with the right technology partners, capable of accessing and processing
data in real time. With this you can reduce your fraud, while rewarding loyal customers with seamless payments.