GATEWAY BASICS
Fine-tune your risk management
In this chapter you’ll learn:
-
How payment data is used to prevent fraud
-
How to increase conversions with Dynamic 3D Secure
-
What’s coming in 3D Secure 2.0
In this chapter we’ll explore how to maintain the balance between blocking fraudsters and letting legitimate customers pay unhindered.
The next step along the payment flow is risk. This is when your risk system assesses the transaction to check for fraud.
Fraud is a pain for any business
According to the 2018 AFP Payments Fraud Survey conducted by J.P. Morgan, 78% of organizations were hit by payments fraud in 2017.
As your businesses grows, the threat only increases. Naturally the temptation is to ramp up your risk settings to keep fraudsters out. But this comes at the cost of your conversions as you’re more likely to block legitimate customers accidentally (this is known as a false positive).
Risk management is both a science and an art, and it’s important to find the right balance between security and your conversion rates.
Use data to block fraudsters, not shoppers
Research company Edgar Dunn & Company (EDC) found that 24% of businesses reported that more than 10% of the transactions they rejected as fraudulent were actually legitimate customers.
So how do you get the balance right?
Best practice is to use data from multiple sources. The more data that’s collected, analyzed, and linked, the more likely you are to spot fraudsters.
Here’s an example.
It’s common for fraudsters to use stolen credentials across multiple businesses. They can test a credit card at a music streaming site in the US and then use it to purchase an airline ticket from Germany to Japan. The trick is to work with a risk management solution that spans multiple markets and industries. That way a single fraudster can be tracked across multiple accounts on its platform.
"To minimize false positives, you need to understand the user pattern — how much they spend, how frequently, etc. You should remember the user’s last local payment method. Also, inform users that 3D Secure is for their protection. As a matter of fact, some users actually prefer 3D Secure for security purposes.”
Make use of Dynamic 3D Secure
3D Secure is that step in the payment flow when you’re redirected to a “Visa Secure” or “Mastercard Secure Code” page.
It was developed by the major global card networks as an additional security layer. If you use it, the liability shifts from you to the card issuers, so you won’t be liable for any fraudulent chargebacks. But it can also be a conversion-killer, especially on mobile.
The best approach is to use Dynamic 3D Secure, where transactions are assessed in real time and only those that meet agreed criteria will pass 3D Secure.
Some 3D Secure best practices:
Customize your fraud prevention strategy based on your specific business needs (industry, business model, countries of operation, sales channels, customer payment preferences, etc.). So, rather than applying 3D Secure to all transactions, you can use it selectively on high-value or high-risk transactions.
Educate consumers on the benefits of this extra layer of security.
Regularly monitor and re-assess your strategy as market conditions change.
Closely coordinate with your payment partners to better understand the impact of 3D Secure in specific countries or for specific issuing banks.
"Since implementing Dynamic 3D Secure in Germany, we have seen 60% fewer chargebacks. Importantly, it has had zero impact on our conversion rates. It is an effective way of blocking fraud without unnecessarily disrupting the order process.”
3D Secure 2.0
This latest version of 3D Secure will apply from April 2019. It was created to optimize the process and adapt to the fast-growing trend of mobile and the IoT.
3D Secure 2.0 comes with many improvements, including software development kits (SDKs) to support app-based authentication and integration with digital wallets. Importantly, it will eliminate the need for the redirect. The goal is to use richer shopper data during the transaction and fewer password interruptions so secure shopping is easier than ever.
Manage risk with OkePay RevenueProtect
Get smart fraud defense built directly into your payments solution with OkePay RevenueProtect.
RevenueProtect produces a global, real-time “graph” that spans verticals and geographies, allowing us to see trends before any other provider. You can then easily build intelligent rules tailored to your business to identify fraudsters. And, to keep your business up-to- date, our rule-based Risk Engine uses machine learning to learn and optimize risk checks in real time.
We’ll also help you find the right balance with 3D Secure, and ensure you’re 3D Secure 2.0 ready. As a result, your fraud will be down and your revenue will be up.