Serving customers in new regions around the world is an exciting venture for any online business. But it can be a large undertaking for the business’s fraud team.
Part of the difficulty is that fraud strategies cannot be borrowed from other regions, due to significant differences in identity factors. For example, Social Security numbers are a verification factor in the United States, but they’re not available in other countries. With the fraud rate for international orders 1.5 times higher than domestic purchases, according to CyberSource, it pays to know the ins and outs of local identity verification.
We spoke with Jason Macklin, director of payments for EMEA and APAC at Microsoft, who shared these five major cross-border fraud and identity issues businesses face, and ways to overcome them.
Consumer Identity Varies by Region
There is no global standard for customer identity verification and there probably won’t ever be one. In the U.S., shopper legitimacy can be easily verified with name, address, phone, email and/or Social Security number. But using a customer’s home address in Saudi Arabia won’t work because formats vary too greatly. It’s more helpful in this region to know how long the shopper’s email has been in use or to ensure the name provided matches both phone number and email.
Certain countries have an SSN-like identity number in order verification. Macklin recalls encountering the Indian Aadhaar for the first time. “As we grew our company in a country like India, we recognized that there was a national identity scheme called the Aadhaar and that’s their method for online commerce,” he said. “Almost anyone over 18 has an Aadhaar and it was valuable at reducing friction for customers.”
A recent study by CyberSource confirmed 44% of retailers use different fraud strategies when selling in new regions. It makes perfect sense when you consider how widely identity factors can vary across borders. The key is understanding identity data elements in every region and developing the right fraud strategies for each.
Fraud Tactics Constantly Evolve
Fraudsters work around the clock to exploit weaknesses in a retailer’s fraud system. Just as one loophole gets closed, they inevitably will find and exploit another.
“Fraudsters are using reverse engineering risk models” Macklin said. “An interesting example was when our risk team was based in Northern Europe. The team didn’t work weekends and public holidays in their country. Fraudsters identified their country, knew when those holidays were and targeted attacks on those holidays. They knew they had a greater window of opportunity before anyone would come in and start manually shutting down the loopholes they were exploiting.”
Fraud teams must work hard to fight the attacks they know are in play now while also recognizing signs of all-new approaches. Criminals don’t take days off.
Fraud Risk Varies by Region
A country or region’s fraud risk can be determined by a combination of factors, including availability of consumer identity data, security of payment methods and population density. Denmark, Finland, New Zealand, Norway and Switzerland are among the least fraudulent countries. Indonesia, Venezuela, Romania, Brazil and South Africa are currently ranked among the world’s biggest fraud hotspots.
Macklin’s teams have seen particular growth in cross-border fraud in sub-continental Asia, Russia and China. The latter two regions have presented a unique twist on mass account creation. Fraudsters start by creating legitimate-looking accounts using a seemingly real name and real email address that sit dormant for years. Then all at once, they activate them en masse to overwhelm the fraud team.
Knowing local fraud tactics and ways to stop them is a winning strategy when taking on international markets.
Conservative Risk Policies Can Block Revenue
We’ve already reviewed several cross-border fraud strategies that might make you adjust your risk policy to be more conservative. But first it’s important to consider revenue loss. Being overly conservative can inadvertently result in customer rejection or false positives. This is no small matter either: Nearly three-fourths of organizations that track false positives believe up to 10% of orders they reject on suspicion of fraud are actually good customers.
In some cases, entire countries can be blacklisted if the risk of cross-border fraud is believed to be too high.
But Macklin argues that there is a better way. He recommends fraud teams work internally to become seen as revenue generators rather than just a cost center. The goal should always be to reduce false positives and improve a company’s ability to sell products across different markets and borders.
Learning from unsuccessful strategies is a key part of refining your fraud strategy. Ask yourself: What can I learn from past false positives that will make my fraud team a better judge of legitimate accounts in the future?
Multiple Identity Elements Lead to Good Decisions
One of the most valuable tools in fighting cross-border fraud is global consumer identity data. A partner that understands the global identity landscape and can provide unique data points can help you find customers in every region you serve.
For Macklin’s team, global identity data and their associated linkages are vital to their success. “The more data points you can have to run over your risk engine and decision engines, the better,” he said. “Leveraging common ones like IP addresses, device ID, physical address if it’s going to be a delivery and making sure the address is an actual house and not a warehouse, is important.”
The right identity data verification tools allow fraud teams to open their doors to new shoppers without letting the criminals in. Today’s API and web-based services can conduct multiple searches at once and link together real-time identity data for shoppers in every corner of the world.
Tom Donlea is Vice President of Global Marketing for Whitepages Pro