Fighting Ecommerce Fraud

Key factors to consider when choosing your fraud prevention solution

Something that all businesses have in common is the need to confirm the validity of the payments they receive in exchange for goods and services. If you make a sale to someone who uses a stolen method of payment, it's likely you will face a financial liability when the victim of the theft complains about the unwanted charges against their account.

Luke Pond
Technical Director at Astound

Most digital commerce operations will choose to adopt fraud prevention technologies in order to avoid chargebacks and other penalties imposed by their payment provider. It’s also possible that engaging with the fraud prevention process can increase revenues by relaxing acceptance restrictions that were formerly too strict. However, the operation of these services can be a tricky balancing act—each business must find a way to deny suspicious attempts to purchase while not inconveniencing their real customers in any way. Business continuity itself may depend upon choosing the right fraud prevention partner.

Across our 3,000 ecommerce projects and over 20 years, Astound has completed multiple implementations of many different third-party solution providers that handle fraud prevention and revenue optimization for ecommerce sites implemented on Salesforce Commerce Cloud and other leading platforms. The four most popular among our clients are Riskified, Signifyd, Kount, and Sift.

In addition to these specialized fraud analysis vendors, it’s also very common for customers of the Cybersource or Adyen payment gateways to make use of their integrated fraud detection systems (Cybersource Decision Manager and Adyen Risk Management). Usually, Cybersource and Adyen customers do not implement an additional layer of fraud detection beyond the built-in payment gateway tools. They see an advantage in combining the enhanced customer data from fraud detection together with the subsequent payment transaction data. Some innovative vendor solutions do exist for a multilayered approach, however, such as Signifyd’s ability to reprocess and resubmit declined transactions from Decision Manager.

How to Choose a Partner

Choosing the right fraud prevention partner is primarily a business decision driven by contracts, pricing, and the need for specialized services. A detailed crowdsourced competitive analysis of the four standalone vendors can be found on the G2 website. The picture that it paints is consistent with Astound’s experience as an implementation partner: the four systems are mostly equivalent in terms of functional capabilities. In this survey, Kount appears to have a slight edge in overall ratings from reviewers in midmarket businesses, as compared to the other three vendors. However, Signifyd and Riskified have more reviews, which may be more important than the precise ratings achieved. The only feature identified as a differentiator here is bot mitigation, which is only offered by Signifyd and Riskified.

Another way to learn about the vendors is to compare and contrast the sales information they provide specifically for Salesforce Commerce Cloud implementations, which can be located at the SFCC Partner Marketplace.

Evaluating the pricing models and their applicability to your specific business is likely to be the key decision-making factor in your selection of a fraud prevention solution. Beyond that, you should try to get a good understanding of each vendor’s client engagement mechanisms and make sure that the vendor will commit to providing regular support from an expert fraud analyst to help fine-tune the implementation after it launches.

How to Get It Working

The technical process of implementation within an ecommerce site is similar across the vendors. Regardless of which vendor is chosen, the following integration points need to be implemented by software developers within the ecommerce site:

  • Sending “fingerprinting” data prior to payment attempts
  • Sending order information to request fraud detection before attempting a payment authorization
  • Placing an order on hold if it was marked for review by the fraud vendor
  • Receiving updates from the fraud vendor on the decision status for held orders
  • Including details about the fraud check within the exported order data

During our implementation process, Astound relies on either the client or the fraud vendor to complete the configuration of the fraud detection rules. The specifications for the data transferred to the fraud management vendor are already known and implemented within the vendor-provided source code, but it’s possible to enhance the default implementation by providing additional business-specific data points that could influence the payment decision.

Other Concerns

An important part of a fraud management implementation is reviewing the different payment methods accepted from the perspective of their potential to attract fraudulent use. Credit card transactions are expected to be the most concerning payment type due to the business exposure to chargebacks, and are always the prime candidate for fraud detection. However, whether or not to perform fraud checks for PayPal transactions or other payment methods that your site may rely on is a business decision that could impact the fraud management vendor selection and influence how the implementation is done.

Some of the sales literature mentions potential other uses aside from payment acceptance, including user account creation, rewards redemption, alternate payment referral, and so on. Omnichannel support is also a question––would the identified use cases be relevant in the context of sales channels aside from ecommerce? You should perform an analysis of whether these types of AI-based trust-scoring systems may be useful elsewhere within your customer-facing business processes.

What Happens After Implementation

Once a vendor integration has been completed and transaction processing with them has begun, there is always an ongoing need for the business to monitor and tune the third-party system. Any of these companies should provide a customer success contact who is incentivized to improve business outcomes by carefully observing and modifying the rules determining the fraud scoring and decision-making behavior. It should be possible to run experiments and check the revenue impact of different settings or rules within the system. Investing the time and effort into tuning the rule set could lead to significant revenue improvements, no matter which vendor has been chosen.

Want to take a deeper dive into Astound’s knowledge of the fraud prevention vendors mentioned in this article, and the benefits they bring their customers? Get in touch today.

LET’S TALK

We’d love to connect and discuss how we can power your digital transformation.
Get in touch
© 2024 Astound Digital. All Rights Reserved. Privacy Policy Terms of Use