We write about e-commerce risk management and fraud prevention quite often on this blog, and for a good reason. Understanding the risks associated with the processing of credit card payments on your website and developing a solid strategy to limit your fraud exposure is what will ultimately determine your success, or the lack of it, in preventing fraudulent transactions. You may employ all of the latest fraud prevention tools, as well you should, but if you don’t understand what makes you vulnerable to attacks, you are unlikely to achieve great results.
At UniBul Merchant Services we tell our clients that their fraud prevention efforts are unlikely to succeed if they do not seriously commit themselves to the cause. This is crucial, because you have to match the persistence and resourcefulness of those intent on breaking through your defenses. Moreover, you have to be prepared to repel the attacks on a continuous basis. Think of it this way, this is not a one-time offensive, but rather a sustained siege.
With that in mind, I recommend that your risk management strategy includes the following components:
Create an Official Risk Management Post in Your Organization
You have to show everybody in your organization that you are serious about risk management and there is no better way of achieving this goal than giving someone the authority and budget to lead your fraud prevention efforts. Consider implementing the following procedures when creating a fraud prevention position or department:
- Make it a senior position. That way you clearly demonstrate that fraud prevention is your organization’s highest priority.
- Clearly define responsibilities within your organization for detecting and reviewing fraudulent transactions. Risk management should not be the domain of a single person or department within your organization. Everyone needs to be involved and to understand their responsibilities.
- Keep chargeback management separate, but promote cooperation with the risk management department. Larger organizations typically have separate departments to deal with chargebacks and fraud. This is the right approach, as the causes for each of these issues are often unrelated. However, cooperation is important, as one of the most common causes for chargebacks is fraud.
Monitor Risk Management Performance
You have to measure the effectiveness of your risk management strategy, in order to know if you are on the right track. In particular, your fraud prevention efforts will become more effective if you track areas like:
- Total fraud volumes as a percentage of your total sales. Set targets and stick to them. The goal should be for your fraud volumes to decrease over time.
- Fraud recoveries as a percentage of your total fraud. If your fraud prevention efforts are producing results, your fraud recovery rate should be gradually increasing.
- Speed of reviewing and making decisions about suspicious transactions. Your customers expect payments to be processed quickly, so you don’t have much time to investigate suspicious transaction characteristics. Yet, you have to evaluate the transaction risk the best you can, so your fraud prevention procedures must be streamlined enough to reconcile the two opposing needs. There are plenty of tools out there to help you automate the process.
- Number of complaints from customers regarding legitimate sales. This area is especially important, as you don’t want to antagonize legitimate customers. As your organization becomes more experienced in handling suspicious data, such complaints should decrease. Set targets and monitor their achievement. Whenever you receive such a complaint, address it immediately and explain to the affected customer that the inconvenience is caused by your efforts to protect his or her personal information and that you are doing your best to better identify fraud signals.
You are unlikely to ever completely eliminate fraud. However, if you develop a solid risk management strategy and work hard on improving it, your fraud rate will gradually decline, bringing down your chargeback rate in the process. Just remember that fraud prevention is a process and you will never be done with it. The moment you let up, you will quickly lose hard-won ground.
Image credit: Webanywhere.co.uk.