Fraud happens, and new ways to commit fraud are always being developed. This is an unfortunate reality for all business. Because of this, fraud prevention has become a tricky and specialized field. Fraudsters targeting webhosts use different methods than they would for a florist, for example. 2Checkout has expert fraud analysts who are experienced at detecting these different methods and figuring out how to dissuade fraudsters in the first place. By assessing your business, your account’s history, and your own needs we can offer reliable, tested, effective strategies to assist you.
One aspect of 2Checkout’s fraud prevention that we’ve mentioned – but not discussed in depth, is our ability to tailor our fraud protections to suit your individual needs. While our normal fraud procedures provide sufficient protection for the majority of our vendors, from time to time a more tailored approach is helpful. Do you ever feel that we are flagging too many valid orders as fraud? Do you ever feel that your product attracts more fraudulent consumers than you expected? We are happy to work with you and offer suggestions to help reduce fraud and allow good sales.
These strategies may be as simple as changing how we review orders for your product or service. It may also be suggesting simple wording changes in your product explanations on your website. We have been doing fraud prevention for nearly 10 years; let us work with you and show you how effective we are.
6 Comments »
+1
-0
Despite fact I’m almost happy with 2CO’s fraud department (my previous sales provider didn’t check anything – it was horrific time with up to 50% fraud/chargebacks rate) – there are some points to improve: database of e-mails used by fraudsters (shared with other providers) like IPs database now. Also could be nice to see some type of insurance against Paypal disputes and for intangible goods with electronic delivery: while risks of tangible goods sellers are almost zero (goods physically delivered with documents = nothing to lose for seller) – I’m losing both money and (extremely valuable) software source codes because I cannot prove my goods were (”electronically”) delivered.
+0
-0
We readily acknowledge many of your points, 3dom.
There are intense privacy issues surrounding sharing any type of personal data — even if it may belong to someone defrauding you.
2CO is an active (ACTIVE!) forum participant in many industry councils addessing the imbalance between brick and mortar (where much data theft originates) and ecommerce channels (where that data is utilized). As card-not-present approaches 50% of total association volume we’re likely to see some changes. Government regulation may also assist.
In the interim, though, there really isn’t any recourse as you appear to recognize.
We’re working hard with PayPal to see how we can upgrade our standing as a merchant with them and how we can work together to assure both customers with legitimate complaints and entrepreneurs like you can be satisfied.
Thank you for your input!
+1
-0
2CO staff -
I don’t know how your fraud review process works exactly, but when we happen to do our own fraud review, we count the number of “fraud indicators” (+1’s) and “legitimate order signs” (-1’s) – e.g., a billing-county vs. country-by-IP mismatch gets a +1, all-uppercase input gets another +1, but an e-mail address visibly “matching” the cardholder’s name (such as first.last@example.org for a person named “First Last”) gets a -1. (Of course, the weights don’t have to be the same, and they may be applied other than by simple addition/subtraction, but that’s detail.)
Here are a few related suggestions / feature requests:
1. If your process (or a part of it) is similar, then my suggestion is to add a “base score” that a vendor could configure per-product. The vendor would need to be informed of just how much the base score affects fraud review – e.g., if we configure a base score of -1 for a low-fraud product, is it equivalent to having 2CO “discount” just one fraud indicator (under my “definition” above)? This does have the side-effect of 2CO having to be a little bit more open about the fraud review methodology – but only a little bit.
2. We’d like to be able to block certain countries-by-IP. As far as I’m aware, 2CO allows for blocking of billing countries, which we found to be of little use (most fraud is committed with stolen card info from other countries), whereas a possible block by IP address would likely work better.
3. We’d like to be able to block specific IP address ranges – e.g., for repeating fraudulent orders by the same person.
4. It would be nice to have a vendor-controlled setting that would make a disallowed-country, etc. order fail “for no obvious reasons” (just like if the card was not valid). Maybe this setting should be per-blocking-entry (e.g., a vendor could disallow orders from certain countries “visibly” – with the buyers notified appropriately – but disallow orders by a known fraudster, such as by IP address range, without revealing that to the person).
5. It would be nice to optionally have the vendor notified of some or all failed order attempts – especially those failing because of explicit blocking by the vendor (e.g., such that the vendor could possibly reconsider).
6. The order notification e-mails currently contain city-by-IP and country-by-IP, but not state-by-IP (for orders from the US). It would be very nice to have the state displayed for easy matching against the state specified for the billing address.
+1
-0
Hi Solar,
Thank you for your comments. You have provided an excellent conversation piece. I will try to answer your questions, but please keep the convoy going and perhaps together we can improve the levels of protection to all suppliers.
To be brief on the scoring of orders. We currently have 230+ different rules turned on that provide scores to each order. Our manual review is dependant on the scoring of the orders.
1. I would like a little more detail from you on this issue. The product that is being purchased is absolutely something we take into account in our manual review. However, you are right, there isn’t an automated scoring rule set for products, only dollar amounts. It is a good idea, but sounds tricky from a technical aspect. This topic deserves some more brainstorming and discussion.
2. Again you are absolutely right. Although we do see fraud come from the same country where the billing address is listed, it is less rare than cross border fraud.
I am not a proponent of blocking IP ranges, or anything else for that matter from having an ability to get an order through. We want to obtain and gather all of that data (good and bad) in order to develop a robust negative list. That said however, in my dream world I want to develop a way for when a “customer” places an order with data in our negative data base, the order looks to go through successfully to that customer, but the supplier never sees it and the order is never sent for settlement. Although, the order and data are captured by 2Checkout to ensure we obtain that negative data for linking to other orders in the system. If and when we build this logic, I’m sure there will be a lot more we can do with it.
3. Same answer to #2
4/5. The common misconception toward Fraud Prevention staffs is that we are here to stop fraudulent transactions. Yes, that is part of it, but it is the easy part. The more difficult part of the job is to recognize an order that looks bad and correctly determine that order’s legitimacy. It is an important aspect of the job to ensure a manageable insult rate. That is to say, we don’t stop good orders! This goes for all Card Not Present merchants. I say all of this because I believe the more difficult we make it on the buyer, the more positive business is stopped.
6. I was unaware of this. I will meet with our Product Development staff to have this resolved. Thank you!
There is a saying in the industry: “Payments and fraud are like breathing in and out. You can’t have one without the other.” And both are forever evolving. All of us who are taking payments on-line will always have fraudulent attempts as an obstacle. Therefore, our prevention practices cannot be stagnant. Our tactics must evolve with the fraudsters’ tactics. Therefore, I am on the same page with Solar in regards to the ways 2Checkout mitigates risk, and the ways 2CO provides increased and dynamic prevention tools and methodology to our supplier base.
We appreciate all the recommendations that we receive from our supplier base. We take them seriously and will work diligently to improve our already robust fraud prevention methods.
Sebbe
+1
-0
Hi Sebbe! Thank you for your prompt and detailed response, and I’m sorry that I was not as quick to get back to this discussion.
I’m not sure what detail you need on this, but I’ll be a little bit more specific. We’re selling software for Mac OS X and Linux. We found that there’s virtually no fraud on the Mac OS X products (could place them at a negative base score), but there’s some fraud on the Linux ones (could keep neutral/zero base score). If/when we add some Windows products, I’d expect their fraud rate to be higher than Linux’s (so they would get a positive base score).
Additionally, higher-priced revisions of a product (the “luxury” ones) incur more fraud (as percentage of total orders of that revision) – and this is not just based on the dollar amount per se, but rather on relative price vs. another revision of the same product. It’s the fraudsters who don’t care how much they spend, so they are more likely to pick the most expensive option of those available.
I think 2CO could start by implementing a tri-state setting (unlikely/neutral/likely as answer to “how likely fraudulent orders are for this product?”) to be considered during manual review (not just 2CO’s opinion of the product, but also the supplier’s) and maybe also affecting the automated scoring (adjusting the final score?)
+0
-0
Hi Solar, thank you for your response. This is a great idea and has a lot of potential. There is definitely more to the process than just what is listed here, which means it isn’t something we can implement easily or promptly. However, this will be on my wish list in the future and I will make the effort to ensure it becomes reality.
We have seen a lot of improvements to the way we detect and prevent fraud, and it is our goal to continue positive growth in this area. I am confident improvements will continue through the months and years to ensure the best fraud prevention is provided to our suppliers.
Thank you so much for your correspondence on this thread and for these great ideas.