E-Commerce: Better Transaction Reviews Require Better Data

Tom Donlea

Though separated by many differences, large and small merchants share a common problem: insufficient data to help decide whether to approve an online transaction. Here’s one way to fix that.

The rapid growth of e-commerce has truly revolutionized consumer behavior. Businesses now have a broader reach to a wider audience. Transacting has never been simpler for the consumer. But, by the same token, card-not-present (CNP) commerce has become more complex for merchants. Virtual transacting means a lack of physical credentials, which makes authenticating transactions risky business for merchants.

Because of this complexity, current transaction-review processes aren’t always airtight against fraudsters. They often deny good orders and leave money on the table.

It’s clear that merchants need a better transaction-review process. Studies show that merchants are manually reviewing 27% of their transactions, and, of those reviewed, 75% are ultimately approved. And still, just under half of fraud loss can be attributed to chargebacks.

The difficulty in achieving a more accurate and efficient review process isn’t discriminatory. Both small businesses and enterprise-level companies are dealing with similar obstacles. However, by employing consumer data in a strategic way, all merchants could systematically overcome the inherent anonymity of Internet CNP transactions and gain enough confidence in flagged orders to speed them to clear.

Deeper Diagnostics

All companies are facing the same predicament found in the review process: touching transactions too little or not enough. But there are still pain points that are specific and unique to small merchants on the one hand and enterprise companies on the other.

Small businesses’ biggest challenge is resources. Smaller companies usually can’t afford to build their own custom, automated platform for order review and evaluation. As a result, much of the order analysis falls into manual review or doesn’t get examined at all. In fact, many small merchants don’t pay any attention to fraud until chargebacks exceed 1% of revenue and they are placed on probationary (or high-risk) status by one or both of the major card brands.

Conversely, most enterprise-level merchants will have their own customized platform to perform a deeper automated review, but in most cases it’s still not sufficient. More attempts at verification can often hold up valid transactions and cause businesses to lose out on a sale if there isn’t sufficient, or specific enough, information available to approve a transaction. Depending on the margins generated by a given business model, one mistakenly approved fraudulent order could take a dozen or more good transactions to make up for.

One thing all merchants have in common is that they don’t have enough information to decide whether or not a transaction really needs to be sent to manual review. Addresses, phone numbers, email addresses, and even IP addresses provide clues about the legitimacy of a transaction, but often aren’t enough to determine with certainty whether or not to cancel a transaction.

Even those merchants that use a fraud platform are not likely getting external validation of identity information; the information is only matched against the internal or client records within that fraud platform. Universally, merchants need deeper diagnostics to be able to gain sufficient confidence to approve a flagged transaction.

‘Super White List’

Third-party consumer-data companies can provide additional personal data elements that increase the accuracy and speed of transaction review and, ideally, lead to more approvals. Here are some examples of how this might work, using various pieces of personal information.

Address: Checking that an address on file matches the order request will not always tell the whole story. Fraudsters are quite good at stealing an identity and creating a new address that seems valid to automated review systems. However, is that address receiving mail currently? If not, why not? Could it be a vacant lot? Could it be a UPS Store commercial mail location (or drop site for an organized crime group) rather than an apartment?

These pieces of information could be crucial in determining whether or not the order is real or fraudulent.

Phone: One of the most important means of authentication is a telephone number. However, with nearly half of Americans relying on cell phones, it’s not only imperative to be able to connect a phone number to a person, but also to determine what type of number it is. For example, some merchants believe that a landline number is a strong indicator of fraudulent activity, since so few people still have them and those that do are becoming more likely targets of identity theft.

Email: Verifying that an email address isn’t real can be a major red flag for fraud, but it’s possible to go deeper. Even if an email appears to be legitimate, it’s essential to check for recent activity and the age of the email account. For example, if the email address was set up seven years ago, it’s probably authentic. But if the address was just created that day, or even that week, there’s a high probability that the transaction is fraudulent.

Recently, merchants have seen email accounts that have been “aged” by criminal groups. That is, they were established six or nine months prior to a transaction but not used until now. If a merchant only looks at the creation date of that email, it is likely they will approve a fraudulent transaction. Having multiple perspectives on the same data element is very beneficial in screening transactions.

Name Match: It is not uncommon in today’s American household for several people to be living at the same address without common surnames. It is also not uncommon for many consumers to have multiple versions of a name. Third-party data solutions can provide clues to links that will verify the legitimacy of a transaction and, through so-called fuzzy logic, help merchants match those names to addresses and phone numbers.

Authentication Scoring Systems: Another important factor to consider in authentication is an identity score, which many third-party data providers can offer. This single score brings together various credentials and is weighted differently for physical- or digital-goods transactions.

It’s even possible for a merchant to create a “super white list” that includes customers whose transactions don’t require any review at all (with certain limits, like no major data elements changing). Having a single score to use as a reference can greatly reduce the number of transactions the merchant needs to review. And when review is required, they can expedite the process.

Businesses can implement a third-party application programming interface (API) for the more detailed information that feeds directly into an existing review platform. Having this additional information will allow manual-review specialists to find data more quickly and make more accurate decisions about the validity of transactions.

The result will be fewer transactions that need to be pushed to manual review, and those that are will be assessed much faster. This allows transactions to be sped to clear and the revenue to be recognized more quickly.

While both small and large merchants encounter their own unique challenges, ultimately they both require the same solution: greater quantity and quality of predictive intelligence based on great data. If a merchant can find this in a cost-effective way, it will be well on its way to improving the flow of transactions, increasing customer satisfaction, and growing revenue in a strategic, automated fashion.

Tom Donlea is director of risk services at WhitePages PRO, Seattle, Wash.