If you have a high-risk business, you need a dedicated system to spot payments that are at risk of getting lost. Often, you also need to verify some payments manually and get in touch with the clients to verify their identity. Fraud prevention systems proposed by your bank, your payment service provider and dedicated SaaS companies help you do just that.
The longer answer is that it matters to know the level of risk that your business faces. Then we have laid out the five distinct approaches to fraud prevention. You can settle for one depending on your level of risk. Assuming you need a dedicated system, here is what comes next. Finally, sometimes when you discover a case of fraud, here is what happens.
- The level of risk of your e-commerce service;
- The five ways to prevent payment fraud;
- Choosing the approach that fits your e-commerce;
- What follows if you need a dedicated system;
- You shipped the goods and your are hit by a chargeback.
1. The level of risk of your e-commerce service
|Geography||The level of risk faced by your business depends on the geography of your business.
|Catalog||The level of risk faced by your business depends on your catalog of products:
|Your platform||The level of risk faced by your business depends on your platform:
|Your situation||The level of risk faced by your business depends on the situation of your business:
2. The five ways to prevent payment fraud
|Do nothing||You do nothing! Because you are just starting, or because you are not exposed to fraud —there are, indeed, some types of products that have no "resell-ability" like spare parts from, let's say, a Ford Fiesta of 1988.|
|Use 3D Secure||You use 3DSecure (Visa), SecureCode (MasterCode) or SafeKey (American Express). These are "insurances" that protect your business against payment fraud. However, because these are "insurances", there are rules defining what's allowed and what's not allowed. Most times, you are eligible, but even though you are "insured", you might still have to prevent fraud! That's because you can get excluded if you have too much. Online travel agents (OTA), who are in a very risky business (small payoff, huge risk), need fraud systems on top of this insurance — see with your bank or payment service provider to activate it—.|
|Do it yourself||You are able to do it yourself (DIY), which is pretty handy to get you started and to react quickly; you just need to know how to program your payment flow; but because it's DIY, it doesn't scale. Your expertise will limit you now, but also further down the road. Managing the rules may become a pain, especially if the creator of the rules has left your company and you are left figuring out what this gibberish means.. Right when you need it to change things...|
|Legacy system||You use a legacy system provided by many commercial banks and payment service providers. If you have the basic needs, these systems are conceptually simple and pretty good to start with. Let's say that you simply want to make business in your country, with people holding a card from your country, then it's ok!|
|Dedicated system||You use dedicated systems. Here, there are quite a few options:
3. Choosing the approach that fits your e-commerce service
The context of your business tells whether you are in a low, medium, or high risk business, and hence influences what approach you choose:
|Low||If it's low risk (or you are just starting), then you might go for options 1|
|Medium||If you have a medium risk, then you might consider options 2, 4 and 5 — there are pros and cons for each, notably in terms of conversion…—|
|High||If it's high risk, then you should definitively go for option 5 and a fully dedicated fraud prevention system.|
4. What follows if you need a dedicated system
At this point, it's essential to know how many payments you can review manually (5–10% is common, but, again, that depends on your business). Because of your limited reviewing capacity, you need to prioritise the payments with the highest risk whilst auto-accepting the rest. For this, you use the filtering mechanisms of your fraud prevention system (rule-based, or machine learning-based, whatever), and every day, you will have a series of payments to review.
Still, you won't always be able to know whether to accept the payments or not. You may have to reach out to the customer for further verification. The way you do it depends on where you are located, on the pieces of ID you can request, on your type of business, etc.
Part of this payment verification process is very simple, like managing CRM. You can figure it out by yourself. Others are very advanced and demand expertise notably in digital forensics. Typically, here, it's important to have some expert reviewers at hand.
5. You shipped the goods and your are hit by a chargeback
It is only four weeks after the payment date (in average, but this can be as long as 6 months..) that banks notify you of fraud cases. A lot of time passes between when you ship and when the money is withdrawn from your e-commerce bank account. It can get even worse if other frauds have occurred and you did not spot them in time.
So, the typical next step is to react to fraud cases (or failed fraud attempts) by figuring out what their common denominator is. You make some rules that, are meant to prevent additional frauds of "that type". This means that fraudsters tend to have an edge over you because you are always too late... unless you change fundamentally the way you prevent fraud, which is what some startups are doing.