21st Century Virtual Crime
EP Magazine, November, 2011
Online fraud is a topical issue, especially given the rise in online retail and, increasingly, the use of mobile prepaid coupon shopping. Recent research indicated that 71 percent of British and 42 percent of American consumers expressed an interest in having coupons delivered to their mobile handsets,with many predicting this trend to accelerate in 2011/12.
We asked Mike for his views on the trends and steps that can be taken to ensure both an awareness of an inherent problem and also the risks faced.
The hotel model up to this point has been to reserve online. But in this instance, while a customer will give their credit card details to secure the booking, the payment transaction takes place in person and so become a card present transaction. In contrast, online travel booking websites make prepaid bookings, or card not present (CNP) transactions, and it is in this area that risks of fraud significantly increase. However, in the hotel space and other hospitality sectors there is a trend towards more prepaid services increasing the number of CNP transactions.
To what extent is online fraud increasing? What is the scale of the challenge?
It’s no secret that online commerce has grown dramatically throughout the last few years, with a significant increase in online offerings from both pure play online traders and traditional ‘bricks and mortar’ businesses expanding their online presence. In fact, during 2010 and early 2011, internet spending accelerated in stark contrast to in-store spending.
Online merchants need to be applauded for the efforts they have put in place to prevent fraud. However, as criminals identify these barriers, many have adopted new practices that are less likely to trigger alarms. The challenge for business is to detect and prevent these practices in order to limit the effect on their bottomline, without offending their honest customers.
With online retail spending increasing, what can retailers do to prevent fraud, especially in CNP transactions?
Many leading online retailers are deploying automated risk management solutions to guard against fraud. This allows them to:
· Identify fraudulent behaviour and transactions
· Increase the accuracy of fraud detection
· Decrease the demand on internal resources
It costs a lot to attract new customers; the last thing you want is to make it difficult for genuine customers to transact. So it is important that retailers put asmuch emphasis on the customer experience as they do preventing fraudulent transactions. It’s worth noting that as the leading retailers are increasing their lines of defence, fraudsters are turning their attention to smaller operators who may not have the same level of protection. In many ways, the hotel industry is at the start of its e-commerce journey and is in much thesame place as retailers were some seven or eight years ago. In the rush to move online, some retailers did not put in place robust fraud prevention solutions up front and lost a lot of money in the process.
Aren’t consumers more aware of the problem, and so have an expectation of fraud prevention steps?
I’ve been in the UK office since March, and it is interesting to note that customers do have a level of tolerance for additional checks on their transactions, and this is something we see in the UK and Europe. In general, people expect a few more checks and balances.
How important is technology versus human intervention for preventing fraud?
A mixture of technology and training needs to be the basis for recognising and preventing online fraud. If you have an online business model where your product is delivered instantly, such as downloading music or software, then you need to rely solely on technology to prevent fraud. On the other hand, if your business is one where you have a period of time between making a purchase and delivering the goods or service, such as hotel booking, a mixture of technology and human review is most effective.
One of the worrying elements of online fraud is the sophistication of the perpetrators. What are your views on this in terms of both managing fraud and the risk that this presents?
There’s no doubt that online commerce is becoming more complex, with businesses expanding the number of payment channels they offer and methods of payment they accept. Simultaneously, the perpetrators of fraud are developing their skills in order to exploit new technologies. As a result, companies’ monitoring and fraud prevention techniques should be as comprehensive as possible. It’s more important now than ever for companies to have holistic risk-management solutions in place that can guard against fraudulent transactions across all channels.
What is meant by a holistic risk management solution?
Access to all of the data possible when monitoring transactions is key when it comes to online fraud prevention. All information, from basic contact information topayment method to capturing the IP address, and even previous gift receipts, is very relevant when it comes to deterring fraud. A holistic approach involves screening purchases as they are made, prioritising in order to identify thehigh-risk transactions, reviewing all the available data in a single view and then resolving by approving or denying the transaction.
Mike Long, vice-president, EMEA at Accertify
Mike Long has 20 years’ experience in e-commerce fraud prevention, financial fraud investigations, business process improvement and product development. He began his career in 1990 as a certified public accountant with KPMG. He has served as Director of Forensic Accounting and Fraud Investigation Services at Kroll Inc., PricewaterhouseCoopers and KPMG, where he conducted and directed domestic and international financial fraud investigations.
In 2002, Mike was hired by Orbitz LLC. to build and direct all fraud prevention and risk mitigation efforts. Under his leadership, Orbitz deployed a highly comprehensive and integrated technology solution to screen transactions forpotential fraud.
Mike recently left his long-held position of chief product strategist at Accertify Inc. to head the Accertify EMEA operations. He was an original member of the Merchant Risk Council in the US and served on its board of directors. He currently serves as an advisor to Europe's Merchant Risk Council's board of directors.