Geographic mobility is great. It allows newly-minted adults to move away from home for college, and gives families the opportunity experience other cultures firsthand via international vacations. Ecommerce is also great. By turning the world into a global marketplace, anyone can order anything – from snacks to sneakers – from their own homes or workplaces, from almost any connected device.
What’s not so great is how the movement of people across borders (and even within them) confuses the manual processes and automated systems that online merchants rely on to block card not present (CNP) fraud. When inflexible rules collide with common life events like traveling and post-secondary education, the people caught in the middle often get their legitimate ecommerce purchases declined because they are misidentified as a fraudster. When good orders get rejected, merchants leave money on the table, money which can’t be recouped via chargeback protection – an otherwise invaluable and necessary asset in ecommerce fraud prevention.
The cost of false declines
How much money are merchants losing to false declines? According to a study put out last year by Javelin, 19% of the total fraud costs across all merchants last year were due to false declines. This isn’t a static problem, either. That same study reported that from 2016 to 2017, false positives for digital goods increased 25%, while physical goods saw a 27% increase. On average, merchants suffered $1 million in fraud losses during 2017. Given that false declines account for about a fifth of that, each merchant lost about $200,000 to false declines alone.
It doesn’t have to be this way. By looking for links between data points in an order instead of evaluating each piece of information without context, ecommerce companies can increase their revenue by accepting more good orders while at the same time keeping fraud rates low. To illustrate this, let’s analyze two common false decline scenarios: international college students shopping online from or near their university, and workers placing orders from their computer or mobile device while on the job.
The difficulties of college CNP fraud analysis 101
College students in general pose a challenge for CNP fraud prevention:
- Their shipping address and credit card billing address very often don’t match, resulting in an AVS mismatch, which normally may indicate a fraudulent order.
- The geographic location of their IP address won’t match their credit card billing address, yet another potential sign of fraud.
- If a fraudulent order has ever been placed from the university’s network or used a dorm or building address belonging to that school, there’s a chance the entire university might be on a fraud blacklist, forever.
International students add even more wrinkles:
- If the student placing the order is from a country other than the UK or Canada, an AVS match can’t be used to approve the order since AVS is only supported for cards issued to those two countries and the U.S.
- Some merchants categorically reject all orders with an international card automatically.
Why shopping at work can end in frustration
Even after they graduate and land a job, the frustration of false declines will follow them to the office if they shop online from their work computer. That’s because many companies utilize proxy servers – technology also used by fraudsters – to help secure their corporate networks. In addition, the geographic location of the IP address (and shipping address if they want the order delivered to their workplace) won’t match the billing address. Finally, if they travel away from both home and their workplace for an extended business trip but still VPN into the corporate network, then there won’t be a match between the IP location, shipping address (the hotel they’re staying at), and billing address. That many mismatches will cause some rule – and scoring-based fraud prevention systems to reject the order without manual review.
How can merchants avoid these false declines?
These common cases can be dealt with if both fraud analysts and automated fraud prevention systems put a greater emphasis on connecting the dots between the data points. Many times, the picture which emerges is that of a legitimate order.
Let’s take the office shopper first. The first crucial link to make is between the IP address and the owner of that domain (the company). Once that is established, then resources like LinkedIn can be used to connect the shopper’s name to that company (e.g. the company listed as the shopper’s current employer). Also, resources like Google Maps or the company’s website can be used to determine if the shipping address is in close proximity to a verifiable location of the company.
To avoid rejecting good orders from college students, the review process should verify the order details and the identity of the shopper via social media. Does a Facebook profile with the shopper’s name currently list the city in the shipping address as a current residence? Does a recent post mention the very contents of the order? By asking these questions and others, merchants can drastically cut their losses due to false declines of university student orders.
Social media isn’t the only data source which can corroborate the details given in such an order. A third-party IP service like Maxmind will report the owner of an IP address. If that owner is Purdue University, then that’s a strong indication the order is a legitimate one. What if the student is doing their shopping from an off-campus site, like a nearby apartment? In that case, merchants can check to see that the email address used ends in “.edu”. If so, then that order is very likely a good one.
Linking. Connecting. Matching. Verifying. All these words mean the same thing when assessing an online order. By performing those actions merchants will experience more of these words as well: revenue, performance, and profit.