In this section, we will explore how to maintain the balance between blocking fraudsters and letting legitimate customers pay unhindered.
The next step to tackle in the payment flow is risk. We are at the point when your risk system assesses the transaction to check for fraud.
Fraud is agony for any business
According to the 2019 AFP Payments Fraud Survey conducted by J.P. Morgan, 81 per cent of companies were targets of payments fraud last year, showing that no industry is immune —This is up from 70 per cent in 2018.
As your business grows, the risk only increases. Naturally, you would feel tempted to ramp up your risk settings to keep fraudsters out. But it would not be the best decision, as this comes at the cost of your conversions because it is more probable that the system will block legitimate clients accidentally (this is called a ‘false positive’).
Risk management is not straightforward: it is both a science and an art, and it’s crucial to find the right balance between security and your conversion rates.
You can use data to block fraudsters, not shoppers
The research company Edgar Dunn & Company found that 24 per cent of businesses reported that more than 10 per cent of the transactions they rejected as fraudulent were later found to be from legitimate customers.
How to get the risk/conversions balance right
The best practice is to gather and use data from multiple sources. The more data that is collected, analysed, and linked, the easier it is to spot fraudsters.
How would this work?
It is a common practise for fraudsters to use stolen credentials across multiple businesses. They can test a credit card at a music streaming site in the US and then use it to purchase an airline ticket from France to China. The best approach is to work with a risk management solution that spans multiple markets and industries —that way, a single fraudster can be tracked across multiple accounts on the same platform.
Use Dynamic 3D Secure
3D Secure is the step in the payment process when the checkout redirects you to a ‘Visa Secure’ or ‘Mastercard Secure Code’ webpage.
The major global card networks developed the scheme as an extra security layer. If you use it, the liability moves from you to the card issuers, so you won’t have the economic liability for any fraudulent chargebacks. But the extra step can be a conversion-killer, especially on mobile.
The best practice is to use Dynamic 3D Secure, where the platform assesses transactions in real-time and only those that meet agreed criteria would pass through 3D Secure.
Some other 3D-S best practices:
- Customize the fraud prevention strategy to your specific business characteristics (industry, business model, countries of operation, sales channels, customer payment preferences, etc.). So, instead of applying 3D Secure to every transaction, you can use it selectively on high-value or high-risk transactions.
- Educate your costumers on the benefits of this extra layer of security.
- Regularly examine and re-assess your strategy as market conditions always change.
- Closely coordinate with your payment partner/s to better understand the impact of 3D Secure in specific countries or for specific issuing banks.
3D Secure 2.0
This latest version of 3DS will legally apply from December 2020. It was created to optimise the processes and adapt to the growth of mobile and the IoT.
3DS v2 comes with many improvements, such as Software Development Kits (SDKs) to support app-based authentication and integration with digital wallets. More importantly, it will eliminate the need for redirection. The idea is to use richer shopper data during the transaction, and fewer password interruptions, so secure shopping is easier than ever.
What is the PSD2 SCA?
The Revised Payment Services Directive 2
The Revised Payment Services Directive is a European regulation that creates a more open, competitive, and secure payments landscape across Europe. SCA requirements are a part of the PSD2.
Strong Customer Authentication
SCA is a requirement of the PSD2. It’s a combination of 3 elements to authenticate a payment:
- something you know,
- something you own, and
- something you are.
I.e., a password, your phone, and your fingerprint.
3D Secure 2
3DS2 is an authentication solution that creates better shopper experiences while reducing fraud. Your customer gets a simple step in the payment process to allow the issuer (bank) to check that they are who they say they are. In some cases, authentication can be skipped due to exemptions.