Viewpoint: Think Small to Battle Online Fraud

By Rafael Lourenco, ClearSale

Online retailers reject two and a half times as many cross-border orders as domestic orders, according to the latest ThreatMetrix report on digital fraud, but it may be unnecessary for e-commerce players to deny so many cross-border transactions. Although merchants tend to assume that international orders carry more fraud risk than domestic orders, the data doesn’t always bear that out. In fact, merchants who block orders based on country of origin can lose legitimate sales and potential growth while suffering costly instances of domestic fraud. Understanding the relationship of location to fraud risk can help merchants approve more valid orders and reject more fraudulent ones, regardless of location.

Country-level geo-blocking is a common but overbroad risk-reduction practice many online retailers use. In fact, in the EU, as many as one-third of online sales are blocked due to the shopper’s country of origin, something the European Commission hopes to change. Apart from the discriminatory aspects, country-level geo-blocking may cost merchants more than it saves them because some countries regarded as high-risk by online sellers have comparatively low rates of attempted fraud, depending on the product category in question.

A good example comes from Chinese luxury consumers, who have high legitimate transaction rates, a preference for cross-border shopping, and a tendency to permanently drop merchants who falsely decline their orders for high-end goods. When merchants decline such orders based on the shopper’s home country, they lose revenue from the sale and potential revenue from an ongoing customer relationship. Writing off an entire country’s business based on generalized fear of fraud is not a sound business practice for growth-focused merchants.

The counterpoint is that it’s also unwise to assume that all parts of a country are equally low-risk. The U.S. offers a strong example of why treating all domestic orders as equally safe can be a costly mistake. A 2016 Experian study identified highly variable risk areas across the country by ZIP code. Florida, Oregon, and Delaware are the states with the riskiest zip codes in the nation for fraudulent CNP purchases, while other zip codes within those same states carry much less risk.

To complicate matters even further, the ThreatMetrix report noted that thieves in geo-blocked countries can and often do hide or fake their location to get around merchants’ country-level order rules and make fraudulent purchases. Location spoofing on an Android mobile device is so easy that many Pokémon Go players do it to find more Pokémon in the game without traveling. The fact that gamers can spoof their own locations in just a few minutes with a GPS-faking app and some online how-to guides demonstrates just how ineffective country-level geo-blocking is for ecommerce fraud prevention.

Even the riskiest locations don’t all present the same type of hazard. For example, the Experian study found that some high-risk ZIP codes were more likely to be the source of billing fraud due to purchases made with stolen payment information. In other high-risk ZIP codes, the danger came from high rates of shipping fraud, thanks to thieves taking delivery of fraudulently-bought goods.

Consider Delaware’s 19801 ZIP code, rated by Experian as the riskiest in the U.S. for shipping fraud as a percentage of total transactions. This risk profile behooves merchants to carefully screen orders with shipping addresses in that ZIP code. An order with a 19801 billing address, on the other hand, carries much less risk than another Delaware ZIP code, 19714. That zip code is ranked by Experience as the nation’s 2^nd riskiest location for billing fraud relative to the local total of transactions. Orders billed to 19714 should therefore get more careful screening than those billed to 19801.

The bottom line is that location-based fraud screening must look at small areas rather than whole countries. This type of fraud screening tool should also be updated continuously and include data on the different types of risk present in each area. The technology is available now to provide this level of detail, protect merchants from fraud, and protect their relationships with legitimate customers regardless of location.

Rafael Lourenco is the vice president of U.S. Operations at ClearSale, a card-not-present fraud prevention operation that protects e-commerce merchants against chargebacks. The company’s flagship product, Total Guaranteed Protection, is an end-to-end outsourced fraud detection solution for online retailers. Follow on twitter at @ClearSaleUS or visit http://clear.sale/

In Viewpoints, payments professionals share their perspectives on the industry. Paybefore presents many points of view to offer readers new insights and information. The opinions expressed in Viewpoints are not necessarily those of Paybefore.