Karim Zaghloul, risk manager at Amazon Payment Services.
As more and more consumers in the region opt to shop online, concerns continue to grow around e-commerce fraud.
According to a survey conducted by Visa, Dubai Police, and Dubai Economy, nearly four-in-10 consumers in the UAE experienced online fraud attempts in the year leading up to July 2021.
The customer is the most obvious and direct victim of online shopping fraud, but there is another party that can suffer devastating consequences as a result of fraud – namely the merchant.
As massive data breaches become more common, the identities, personal information, and card data that fraudsters need are becoming more accessible. As a result, almost every e-commerce merchant experiences fraud at some level.
Merchants that experience high levels of fraud run the risk of incurring expensive fines and chargebacks, and ultimately running out of business due to these losses. This reality makes it crucial to proactively bring merchants’ awareness and understanding of fraud risks up-to-speed and help them to establish the fraud management strategy that best suits their business.
How does online card fraud take place?
To build a successful fraud management strategy, it is important to first understand how fraudsters operate. The first step for hackers is to steal customers’ credit/debit card information and personal details. This information is usually sold to a third party, and not used by the initial hackers.
Once a fraudster obtains the stolen card information, they will usually start testing the cards by making small purchases online to check if the transaction will be processed. Finally, the fraudster uses the cards that passed the test to buy products and/or services that they can then resell offline and often at discounted prices.
Instances of carding – the trafficking of credit cards, bank accounts, and other personal information online – have increased dramatically in recent years; a report by UAE-based cybersecurity company Help AG found a 500 percent increase in risk alerts for carding in H1 2020, as compared to H1 2019.
What is a chargeback?
When the customer spots a transaction(s) on their card that they did not initiate, they can initiate a chargeback. A cardholder can also raise a dispute in connection with a card transaction if they were charged an incorrect amount; the product/service does not match the specifications chosen by the customer and/or the description mentioned on the website; and/or the product/service was not provided or was defective. The merchant is then expected to respond to the chargeback claim with supporting documents based on the type of chargeback raised.
As massive data breaches become more common, the identities, personal information, and card data that fraudsters need are becoming more accessible.
Robust fraud management strategies are a must
If a merchant is found to be liable for a disputed transaction, the transaction amount will be debited from the merchant’s settlement account and a chargeback fee may apply. More importantly, when merchants are experiencing high levels of chargebacks or fraud, the card networks will intervene to place those merchants on programs designed to bring their chargeback and fraud ratios back to acceptable levels.
If merchants do not comply with the standards and thresholds of each program within specified time periods, they start incurring fines that start at $500 and can reach up to $200K depending on the stage of the program the merchant is under.
Unfortunately, merchants implementing weak business operations and fraud management policies and procedures end up running out of business due to the losses they incur on costs of fraud and chargebacks.
Identifying suspicious orders
Identification of a suspicious order varies greatly from one business industry to the other, but there are certain characteristics of a suspicious order that are common across different business verticals. These include orders with amounts highly exceeding the average order amount; large orders of the same item; orders targeting highly priced items; same-day shipping, drop shipping, international shipping, and last-minute bookings; customers using disposable email domains; transactions placed on multiple accounts/cards but shipping to a single address; and multiple transactions on a single card/account over a very short period of time.
The merchant’s dilemma
As an e-commerce company, your passion and focus should be delighting your customers. Dealing with fraud can distract you from core business activities, but ignoring it can deplete your profits. Hence, your main challenge as a merchant is balancing between scaling to meet company growth and periods of peak order volume, preventing friction for the customer, reducing chargeback and fraud losses, minimizing false declines, and keeping the cost of fraud prevention itself down to a reasonable level.
Best practices
In order to effectively manage and minimise fraud, merchants are advised to follow a risk-based approach that caters for the unique risks faced by each business vertical.
Merchants should consider bringing their fraud management activities in-house by building and operating a team of analysts as well as internal software tools to automate some of their workflow.
Instances of carding – the trafficking of credit cards, bank accounts, and other personal information online – have increased dramatically in recent years.
This approach can work well for large enterprises who have the funding and other resources to hire and maintain a large team of analysts, but it is not always a good fit for smaller companies, as the strategy does not scale well and there often isn’t bandwidth to adapt to ever-evolving fraud tactics.
Another approach is to utilise third-party real-time fraud prevention solutions that utilize machine learning to track behavioral patterns of customers to signal high risk transactions to an internal team.
Merchants could also opt to completely outsource their fraud management and submit all orders to a third party for a complete service utilizing real-time fraud prevention systems and teams of fraud management experts.
The beauty of this approach is its scalability with no in-house personnel, nor time spent developing rules or training on tools, which can bring significant cost savings. Besides lower costs, this option is a great fit for merchants doing business in high-risk regions or markets as they can rely on the third party’s expertise and knowledge of the region instead of following the obsolete method of adopting overly strict and blunt tools which dramatically increase false declines and hamper the customers’ experience.
A necessary investment
The methods used by fraudsters will only continue to become more sophisticated and dangerous. In a world where billions of customers are opting to shop online and trusting e-commerce companies with their personal information, it is imperative for merchants to invest in building and implementing effective fraud management strategies to shield customers from being defrauded, and to protect themselves from the heavy costs associated with fines and chargebacks.
Karim Zaghloul, risk manager at Amazon Payment Services
Follow us on
For all the latest business news from the UAE and Gulf countries, follow us on Twitter and LinkedIn, like us on Facebook and subscribe to our YouTube page, which is updated daily.
By Karim Zaghloul
More of this topic
Why fraud management must be a priority for every online merchant
As massive data breaches become more common, the identities, personal information, and card data that fraudsters need are becoming more accessible
As more and more consumers in the region opt to shop online, concerns continue to grow around e-commerce fraud.
According to a survey conducted by Visa, Dubai Police, and Dubai Economy, nearly four-in-10 consumers in the UAE experienced online fraud attempts in the year leading up to July 2021.
The customer is the most obvious and direct victim of online shopping fraud, but there is another party that can suffer devastating consequences as a result of fraud – namely the merchant.
As massive data breaches become more common, the identities, personal information, and card data that fraudsters need are becoming more accessible. As a result, almost every e-commerce merchant experiences fraud at some level.
Merchants that experience high levels of fraud run the risk of incurring expensive fines and chargebacks, and ultimately running out of business due to these losses. This reality makes it crucial to proactively bring merchants’ awareness and understanding of fraud risks up-to-speed and help them to establish the fraud management strategy that best suits their business.
How does online card fraud take place?
To build a successful fraud management strategy, it is important to first understand how fraudsters operate. The first step for hackers is to steal customers’ credit/debit card information and personal details. This information is usually sold to a third party, and not used by the initial hackers.
Once a fraudster obtains the stolen card information, they will usually start testing the cards by making small purchases online to check if the transaction will be processed. Finally, the fraudster uses the cards that passed the test to buy products and/or services that they can then resell offline and often at discounted prices.
Instances of carding – the trafficking of credit cards, bank accounts, and other personal information online – have increased dramatically in recent years; a report by UAE-based cybersecurity company Help AG found a 500 percent increase in risk alerts for carding in H1 2020, as compared to H1 2019.
What is a chargeback?
When the customer spots a transaction(s) on their card that they did not initiate, they can initiate a chargeback. A cardholder can also raise a dispute in connection with a card transaction if they were charged an incorrect amount; the product/service does not match the specifications chosen by the customer and/or the description mentioned on the website; and/or the product/service was not provided or was defective. The merchant is then expected to respond to the chargeback claim with supporting documents based on the type of chargeback raised.
Robust fraud management strategies are a must
If a merchant is found to be liable for a disputed transaction, the transaction amount will be debited from the merchant’s settlement account and a chargeback fee may apply. More importantly, when merchants are experiencing high levels of chargebacks or fraud, the card networks will intervene to place those merchants on programs designed to bring their chargeback and fraud ratios back to acceptable levels.
If merchants do not comply with the standards and thresholds of each program within specified time periods, they start incurring fines that start at $500 and can reach up to $200K depending on the stage of the program the merchant is under.
Unfortunately, merchants implementing weak business operations and fraud management policies and procedures end up running out of business due to the losses they incur on costs of fraud and chargebacks.
Identifying suspicious orders
Identification of a suspicious order varies greatly from one business industry to the other, but there are certain characteristics of a suspicious order that are common across different business verticals. These include orders with amounts highly exceeding the average order amount; large orders of the same item; orders targeting highly priced items; same-day shipping, drop shipping, international shipping, and last-minute bookings; customers using disposable email domains; transactions placed on multiple accounts/cards but shipping to a single address; and multiple transactions on a single card/account over a very short period of time.
The merchant’s dilemma
As an e-commerce company, your passion and focus should be delighting your customers. Dealing with fraud can distract you from core business activities, but ignoring it can deplete your profits. Hence, your main challenge as a merchant is balancing between scaling to meet company growth and periods of peak order volume, preventing friction for the customer, reducing chargeback and fraud losses, minimizing false declines, and keeping the cost of fraud prevention itself down to a reasonable level.
Best practices
In order to effectively manage and minimise fraud, merchants are advised to follow a risk-based approach that caters for the unique risks faced by each business vertical.
Merchants should consider bringing their fraud management activities in-house by building and operating a team of analysts as well as internal software tools to automate some of their workflow.
This approach can work well for large enterprises who have the funding and other resources to hire and maintain a large team of analysts, but it is not always a good fit for smaller companies, as the strategy does not scale well and there often isn’t bandwidth to adapt to ever-evolving fraud tactics.
Another approach is to utilise third-party real-time fraud prevention solutions that utilize machine learning to track behavioral patterns of customers to signal high risk transactions to an internal team.
Merchants could also opt to completely outsource their fraud management and submit all orders to a third party for a complete service utilizing real-time fraud prevention systems and teams of fraud management experts.
The beauty of this approach is its scalability with no in-house personnel, nor time spent developing rules or training on tools, which can bring significant cost savings. Besides lower costs, this option is a great fit for merchants doing business in high-risk regions or markets as they can rely on the third party’s expertise and knowledge of the region instead of following the obsolete method of adopting overly strict and blunt tools which dramatically increase false declines and hamper the customers’ experience.
A necessary investment
The methods used by fraudsters will only continue to become more sophisticated and dangerous. In a world where billions of customers are opting to shop online and trusting e-commerce companies with their personal information, it is imperative for merchants to invest in building and implementing effective fraud management strategies to shield customers from being defrauded, and to protect themselves from the heavy costs associated with fines and chargebacks.
Karim Zaghloul, risk manager at Amazon Payment Services
Follow us on
Abdul Rawuf
Abdul Rawuf More by Abdul Rawuf
Latest News