Card issuer, payment processor and fraud specialist Retail Decisions Inc. (ReD) estimates that in the two weeks prior to Valentine's Day 2010, fraudsters spent 36 percent more per transaction online than did legitimate shoppers. The average, legitimate online consumer spent $158 in that two-week period, while fraudsters using stolen card data averaged $211. It seems it wasn't just the season of romance, but a lovely time for greed and larceny as well.
According to ReD Chief Executive Officer Carl Clump, that is the sort of regrettable reality that makes global fraud experts like ReD necessary for online retailers. Clump said merchants with an Internet presence need a fraud prevention partner that has a wide perspective on fraud.
ReD operates in the United States, the United Kingdom, South Africa, Australia, Germany, Japan, Korea, China, India and South America. We have "quite a comprehensive network, and that's one of the benefits we bring," Clump said. "Fraud is a global phenomenon, and we see fraud on a global basis. I think we must have seen transactions from probably about 150, 160 countries during the course of last year."
Clump noted that data ReD culls from the 150-plus Level 1 international merchant businesses - such as Wal-Mart Stores Inc., Royal Dutch Shell PLC and FedEx Corp. - that use ReD's fraud prevention services afford the company unique insights into current trends in fraud worldwide.
"For example, when fraudsters would buy flat-screen TVs, it used to be late in the evening," Clump said. "Now we see fraudsters buying flat-screen TVs during the lunchtime rush when [workers] go online and shop online."
Clump deduced that the high-volume of transactions occurring during the noon hour gives fraudsters camouflage for illegal purchases. Another ReD insight into fraudster behavior concerns East Asia.
In China, where ReD handles fraud prevention for airlines China Air Ltd. and Hainan Airlines Co. Ltd. as well as for two prominent travel agencies, Clump noted a distinct trend has developed.
Traditionally, fraudsters bought business- and first-class tickets because "if you're buying a fraudulent ticket, you might as well travel in style," he said. "In China what we see is that fraudsters actually buy economy-class tickets. And, again, it's due to the volume of traffic in that economic area."
ReD cites Lexus Nexus data that said the cost of fraud to retailers exceeds $191 billion a year in the United States. Fraud is increasingly occurring in card-not-present environments, namely the Internet and MO/TO sales.
The reason is that card-not-present transactions typically do not have the level of security afforded by in-person transactions, for which customers making purchases with credit cards have to show identification or, in the case of debit cards, input secret PINs.
Since it is harder to perpetrate fraud in the brick-and-mortar world, fraudsters gravitate to environments where security is lacking. "The next weakest link in the chain is the online world, because in the online world, you can't use a PIN," Clump said. "And you don't give your PIN over the phone when you buy something because the whole point of the PIN is you keep it secret. And so that's why fraudsters target the online world."
That is why Clump expects online fraud to skyrocket in Australia. In November 2009, Visa Inc. announced that to curtail fraud Down Under, it would begin the migration to chip and PIN technology for all Australian Visa cards. But that move will likely result in fraudsters shifting over to the online channel to perpetrate their schemes.
"I expect to see a lot of card-not-present fraud emerging in Australia," Clump said. "That's very much a focus for us."
Clump advised never to underestimate the cleverness of fraudsters. Two years before the United Kingdom implemented the chip and PIN standard to bolster data security at the POS, card-not-present environments had already become a major source of fraud. "What I'm saying is that the fraudsters had already changed their strategy," Clump said.
Merchants are often not so quick to change their fraud-fighting strategies. Through in-house developments, some merchants can keep fraud to acceptable levels. But as their businesses grow, via the online channel for instance, their methods may not be economically scalable. Many large, established merchants have come to realize that outsourcing fraud prevention is the way to proceed. But many have not.
Clump has found that certain businesses are reluctant to expand internationally because of fraud concerns. "For a retailer to be able to sell their goods internationally, globally, into a global marketplace, that has to be fantastic," he said. "The sad thing is that some of these retailers don't like taking international transactions because they think they are far too fraud prone. And indeed they are fraud prone.
"But, with ReD, we can help them overcome that. We can help open up the international markets to them. They can be confident about trading internationally."
To protect merchants against fraud, ReD offers two main products: ReD Shield and ReD Prism. The former is ReD's end-to-end security solution designed primarily for online businesses; the latter is ReD's artificial intelligence application embedded in ReD Shield but also sold separately to banks.
While ReD can provide pieces of a security solution to businesses, its main objective is to offer the complete, end-to-end service: verification, data screening, fraud scoring, identity proofing, analytics, case management, payroll authentication and so forth. However, ReD does not take a one-size-fits-all approach.
"I think it's critical to have a good understanding of a particular merchant," Clump said. "If you talk to two department stores, what they'll tell you about is how they're different from each other.
They have different pricing policies. They have a different target customer. Their product strategy is different. They have a different approach to risk. And as an expert for a prevention company, you need to understand all of those components."
For example, an online flower shop, with heavier traffic around Valentine's Day and other holidays, will have a different fraud pattern from that of a garden supply store, he noted.
ReD bases its solution for any given business on the data supplied by that business. ReD analysts crunch the data to pinpoint the individual drivers of fraud for that business. "We effectively become ingrained in the business from a risk perspective," Clump said. Then ReD builds a solution with parameters and strategies specific to the client.
One aspect critical to every company's fraud prevention program, however, is balancing high-catch rates with low-insult rates. The trick is to "catch" as many fraudulent transactions as possible, while minimizing the number of legitimate transactions mistakenly identified as bogus. "It's important that you don't insult too many customers," Clump said.
When a valid customer is flagged as a potential fraudster, the customer will often never buy from the offending Web site again. "So it's very, very important to have the insult rate be very, very low," Clump said. "And the insult rate we have is indeed very, very low. It's typically better than what a merchant will have when they do their own fraud prevention."
According to Clump, it's not uncommon for a retailer that implements its own fraud management system to stop between 6 to 8 percent of domestic transactions from going through, even though the actual fraud rate is only 1 or 2 percent. "So these retailers are really turning away up to 6 percent of good business, and nobody can afford to do that," he said.
It is agreed that stopping fraud altogether is not a realistic goal. But Clump said the average fraud level for retailers that use ReD's services hovers around 0.3 percent. Clump pointed out that in China, where ReD has a reseller agreement with card processor ChinaBank Payment, merchants expect a fraud rate of 0.1 percent.
Clump said this severity is a product of China's relative newness to online payments. As e-commerce has exploded in China, retailers have experienced the detrimental effects of fraud. Their first response, therefore, has been to eliminate just about all fraud rather than tolerate an acceptable level of it. "They can actually afford to see a little more fraud than that," he added.
Coming from an expert on the front lines of fraud prevention, the idea that a little fraud is not a bad thing is a definite sign of the times.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Regional Managing Director, North America
379 Thornall Street, 7th Floor
Edison, NJ 08837
Web site: www.red-usa.com