A holistic risk assessment for online retailers

BY Australian Retailers Association
30 November 2018

The digital landscape is changing, so it makes sense that online fraud is as well. Staggeringly, card-not-present (CNP) fraud has grown at a double-digit annual percentage for the last five years, now representing 85% of all Australian card fraud. The problem isn’t going away, either: with Australian online fraud growing 14% last year alone, accounting for $476 million, it’s clear 2019 will be no different.

Knowing the problem is only half the battle. The Australian Payments Body recommends more merchants put emphasis on verifying the authenticity of the payment. But, how?

Fraud prevention for new eCommerce businesses

Times have changed, fraudsters are highly organised and capable of performing elaborate crimes. In the current digital landscape, many don’t even need to leave their couch to gain access to the consumer data they need to defraud companies.

For example, fraudsters can either purchase email addresses on the dark-web or simply create ones which appear to be legitimate.

As new eCommerce retailers enter the Australian market many are ill-equipped to handle new threats and might not even know of their existence, let alone know how to tackle them. When starting a business, it’s common to only adopt solutions which are legally necessary and leave the more sophisticated, often costlier, solutions to purchase later on down the line.

But, these businesses are using traditional fraud-fighting solutions which often have gaps in their defences that fraudsters can exploit all too easily – gaps that need to be shored up with more innovative and accurate fraud prevention tools.

Email risk assessment

With this in mind, fraud prevention experts are turning to email addresses as an indicator of fraud. Despite popular belief these pieces of data hold so much value, beyond marketing and customer notifications. 91% of email users keep the same email address for at least three years building up a wealth of history.

When analysing this email data, in combination with a multi-layered scoring matrix across hundreds of data points, transactions can be reliably placed into a gradation band of likely fraudulent or genuine.

Email risk assessment should be used as a quick and first line of defence against online fraud. Additionally, when digital identity validation happens quickly, the multilayered system allows companies to take steps to accelerate approvals, automate workflows and optimise processes.

Benefits of multi-layered solutions

In tackling any fraud, but specifically online consumer fraud, it is vital to build a clear understanding of who is behind a transaction. Verifying only standard transaction data like a name or address leaves large and easily exploitable gaps in fraud defences. Retailers, merchants, and payment processors need layered intelligence and accurate validation systems to counter fraud from all angles.

There is benefit in knowing what peers are facing. Intelligence around fraud events and trends allows companies to more quickly identify risky behaviours before they become a nuisance.

In fraud prevention, "networked" tools allow you to access a wider breadth of intelligence from cross-region and cross-industry consortium databases.

These consortium networks allow companies to track velocity, which is the process of identifying suspicious behaviour based on speed and number of associated transactions attempted in a short amount of time. However, there’s an assumption that all "networked" data in fraud prevention works the same.

Dig a little deeper, and you’ll find these networks exist in a silo and are only available for rule-building. With no way to track signals, velocity or compare internal data with network sources to determine high-risk elements, lots of vital intelligence goes un-shared.

It should be said that the same process also works with legitimate customers. When positive behaviours are quickly identified, those customers can be approved with less friction.

However, minimal disruptions to consumers cannot happen until more companies adopt multi-layered verification systems making these processes the norm. Ideally, in the lead up to the holidays, companies should take steps to accelerate approvals, adopt automated workflows, and cut out unnecessary processes. All in all, multi-layered authentication solutions that leverage the accuracy of email risk assessment tools are the way forward and companies of all sizes should not wait to adopt them.

Simple fraud solutions, like verifying name, address, and card details are not enough to combat the problem of CNP fraud. However, given the reliability of email risk assessment, with more than nine out of ten people using the same email address for three years or more, monitoring of global fraud behaviours, and a multi-layered scoring system, businesses can be equipped to handle the complexities of CNP fraud.

Rei Carvalho, CEO of Emailage, discusses the problem of card-not-present fraud in Australia and highlights common solutions Australian merchants can take to mitigate fraud in their business. For more information on Emailage, visit https://www.emailage.com/

New call-to-action


Australian Retailers Association

Founded in 1903, the Australian Retailers Association (ARA) is Australia’s largest retail association representing Australia’s $310 billion sector, which employs more than 1.2 million people. As the retail industry’s peak representative body, the ARA works to ensure retail success by informing, protecting, advocating, educating and saving money for its 7,500 independent and national retail members throughout Australia. For more information, visit www.retail.org.au or call 1300 368 041.

Become a Retail Insider

Join 11,000+ Australian Retailers