Posted by Julie Fergerson on Wed, May 18, 2011
The pros will use the data from the latest massive database breaches. And, in a sense, merchants should too -- by participating in the PCI Certified service from Ethoca that compiles fraud information for National Cyber-Forensics & Training Alliance (NCFTA) analysis.
Stay up to date: follow Ethoca at @ethocanews
|
Protecting merchants from today’s fraud risks requires today's most advanced fraud screening. Here's how to do it.
There have been so many thefts of payment card numbers that retailers have to consider every credit and debit card number suspect, says Jonathan Penn, an analyst at Forrester Research Inc. Penn who is quoted in a recent article by Don Davis in Internet Retailer. Davis writes,
"'There are new incidents we learn about every week, and there are many others we don’t learn about,' Penn says. 'Anything could be compromised at this point.' Penn says retailers should avail themselves of the latest fraud-fighting techniques that vendors are offering. As examples, he pointed to Ethoca, which aggregates data about fraud from many retailers...."
Penn hit the nail on the head. The pros will use this data. And, in a sense, merchants should too -- by participating in the effort to compiles fraud information for National Cyber-Forensics & Training Alliance (NCFTA) analysis.
Done the right way, sharing credit card transaction data is not only consistent with consumers’ interests – it improves consumer protection from fraud activity. In fact, stopping ecommerce fraud benefits the whole ecommerce ecosystem – consumers, merchants, issuers, and other parties. Doing it requires innovative use of shared data.
Ethoca's fast, secure communications hub enables organizations to reduce their own fraud losses and contribute to catching fraudsters. Something no other anti-fraud tool does. And something that's urgently needed now.
As Davis reported in a January 2011 article on Ethoca's Crosstalk report, a criminal armed with a stolen credit card is likely to use it to make fraudulent purchases at more than one web merchant.
“Our research shows not only the importance of sharing data, but how quickly it needs to be shared in order to be effective, and what kind of difference it makes to share it across industries,” said report co-author Daniele Micci-Barreca, a principal at consulting firm Elite Analytics.
That's why merchants who share data should do so in real-time or near real-time. With speed, digital goods and services can be shut down before fraudsters are able to get or use them.
Using Ethoca's platform, member organizations can compare confirmed fraud information to increase fraud detection. The NCFTA will analyze compiled data for fraud trends and links between cases. As Ken Blotteaux, NCFTA VP of Technology and Tactical Operations Ken Blotteaux said last month, "Ethoca’s PCI Certified technology enables secure collaboration to develop confirmed fraud intelligence.”
For your own sake and the sake of consumers, join in the secure collaboration to stop ecommerce fraud »
Note: stay up to date -- follow Ethoca at @ethocanews.
Posted by Ethoca Technologies on Fri, Apr 29, 2011
|
This new guide covers best practices and precedents for sharing ecommerce data to stop payments fraud - the first such guide for Europe, the US and Canada. Free PDF »
|
By Darryl Green
We've rolled out a new guide -- this one authored by Mike Bradford of Regulatory Strategies -- detailing the precedents and best practices for sharing data to stop ecommerce fraud. I think the top takeaway from it is that it's high time for ecommerce to catch up to other industries on data sharing.
As Mike points out in this first-of-its-kind report, there is a strong public interest argument for data sharing. Done the right way, sharing credit card transaction data is not only consistent with consumers’ interests – it improves consumer protection from fraud activity.
Indeed, stopping ecommerce fraud benefits the whole ecommerce ecosystem – consumers, merchants, issuers, and other parties. Doing it requires innovative use of shared data.
Take Ethoca’s Issuer Confirmed Fraud Alerts™ service for example: leveraging shared data, Fraud Alerts™ automatically delivers confirmed and canceled fraud alerts from issuers to merchants in real time. Months after its debut, users included over 100 of the world’s top internet retailers by volume. It's probably stopping fraud right now, today, that would have resulted in fraud losses. (One user wrote to us that, at his company, it has “assisted us in preventing losses on 40% of the activity that was not caught by our fraud screening system.”)
Ethoca is keenly aware of the need to keep fraud data private and secure while fighting fraud. As experts at fraud detection involving card-not-present transactions, we ask our partners, members and, ultimately, consumers to trust us with their credit card transaction data. We feel a grave responsibility to uphold that trust, and a commitment to privacy lives in every employee of Ethoca; and it is deeply ingrained in the culture of our organization.
The tension between innovation and regulation is particularly evident in privacy and data protection regulations – a key topic of this report. Mike has done a spectacular job in summarizing the global regulatory environment for sharing data and proposing a simplified means of navigating the complexities that arise from trans-jurisdictional compliance.
As discussed here in the Fraud Intel forum, fraudsters figure out how to
circumvent conventional fraud prevention tools as they reach mass adoption. But an approach built on data sharing performs
better over time, due to a network effect. This network effect is a powerful anti-fraud weapon for both merchants and consumers – and, as Mike discusses here, it has been at work for years in other industries. Ethoca just
brought it to ecommerce.
--
Darryl Green is Chief Governance Officer at Ethoca and a co-founder. More »
Posted by Julie Fergerson on Fri, Jan 28, 2011
In 10% of the 25,188 cases of confirmed fraud that Ethoca studied, a single credit card was used to commit fraud at more than one merchant.* |
I just finished work on a new report called “Fraud Attacks Cross Industries,” co-authored with Dr. Daniele Micci-Barreca, a principal at Elite Analytics and an expert in fraud detection applications of pattern recognition and data mining technologies.
Daniele and I collaborated to find out, among other things, how frequently fraudsters attack more than one online merchant using the same stolen credit card. We looked at thousands of cases of confirmed fraud involving 95 merchants that represent 61% of the top 500 Internet merchants (as measured by revenue and as defined by Internet Retailer).
I'll talk about the findings in a Feb. 22 webinar. Meantime, here's one example of what turned up:
- In 10% percent of the cases studied, a single credit card was used to commit fraud at more than one merchant. In other words, one in ten of the credit card numbers that appeared in the dataset had transactions at more than one merchant in the study.
Translation: it's common for fraudsters to hit multiple ecommerce sites.
This finding is signficant because traditionally every stakeholder in a card-not-present transaction has tried -- on their own and with incomplete information -- to distinguish between legitimate and fraudulent purchases. But given how common it is for fraudsters to hit multiple ecommerce sites, it's clear that Rambo-style fraud management won't work as well collaborative fraud management.
Tip of the iceberg
*NOTE: I think what we observed is the tip of the iceberg. We only looked at one slice of data: merchants enrolled in Ethoca's Fraud Alerts program, and, of those, only credit card numbers - no other data elements.
It is likely that merchants not participating in Ethoca’s program also experienced attacks from the same fraudsters, which would increase the estimates. And, if we matched by additional data elements, like shipping addresses, phone numbers, email addresses, or IP addresses, we would likely find more cases of a single fraudster hitting multiple merchants.
At least you're not alone
It's tough to look at how these fraudsters behave and not feel resigned to a certain level of fraud losses. But if merchants collaborate with each other, with banks, and with PSPs we can shrink losses and reduce fraud. I still believe collaboration is the only fraud prevention tool that increases in effectiveness over time – the only one the crooks cannot compromise. It is common practice in other industries, and we need to look at the lessons learned by banks in fighting fraud.
Get report
Webinar sign up
Posted by Ethoca Technologies on Sun, Jan 23, 2011
 The collaborative fraud management approach performs better over time due to a network effect. This network effect got stronger in 2010 and is picking up speed. |
By Steve Frook
2010 was an whirlwind year. A few weeks ago, the Issuer Confirmed Fraud Alerts™ service was nominated by users for the Merchant Risk Council's METAward for the best new innovation in fraud prevention in 2010. And just before that, Ethoca was named one of the 25 most innovative Canadian companies! Most importantly, participants in the Ethoca network collaborated to catch ecommerce fraud that they’d otherwise never have caught.
Fraud Intel articles that struck a chord
Looking at year-end stats, it seems the three most popular pieces we published here in 2010 were:
Some others that struck a chord: Keegan’s articles on the pros and cons of 3D Secure; Julie’s piece on how fraud prevention tactics get less effective with widespread adoption; and Darryl’s discussion of the difference between following the law and earning trust.
Expansion
In March we rolled out the Ethoca360 eCheck Fraud Solution™; introduced the Ethoca360 Signals™ card-not-present fraud service; and launched the Ethoca360 SE data-driven fraud prevention service. Then over the summer, we started 96 companies on the Alerts service. Among the users are 10 of the world's top airlines, 25 top retail chains, 10 of the world's top etailers, the top 2 hardware retailers, the leading digital goods sellers, 4 of the world's largest computer companies, the 2 largest online dating companies, the biggest alternative payments providers, and 10 of the leading consumer electronics retailers. Today, 17 of the top 20 etailers ranked by Internet Retailer magazine are using this system. And in August, we landed Julie Fergerson as Ethoca’s VP of Emerging Technologies.
Honing the business case for collaborative fraud management
Discussions with users, at industry conferences, and with analysts and reporters helped to hone the business case for collaborative fraud management. Keegan presented on it to top online retailers at the Merchant Risk Council Semi-Annual Platinum Meeting in September. Andre discussed data sharing at the MRC’s European e-Commerce Payments and Risk Conference. They both spoke with card issuers in October about the benefits banks can receive from collaboration. And at ATPS 2010, Julie presented on data sharing, and fielded questions from fraud managers at the world's top airlines. Along the way, Ethoca helped Infosecurity, Internet Retailer, MSNBC, Nilson Report, and Pymnts.com with media coverage of online payments fraud during 2010.
Thank you!
Thanks for following Fraud Intel. Watch this space for new pieces on CNP fraud prevention and please chime in!
Receive new blog articles
Follow on LinkedIn
Receive news releases
Posted by Julie Fergerson on Thu, Dec 30, 2010
 When attacking more than one company, crooks complete all their attacks 86% of the time in less than 24 hours. Also, crooks don’t stick to just one industry. We saw crooks who targeted airlines also try to buy from computer electronics retailers and apparel retailers on the same day. Subscribe today so you get an email when the next report comes out. |
Coming soon: new report to tell patterns identified in 25,000 confirmed fraud cases
Ethoca’s Issuer Confirmed Fraud Alerts achieved great adoption by eCommerce retailers in Q4. Our customer base now represents 61% of all eCommerce retail transactions (as ranked by Internet Retailer).
Now that we have insight into so many confirmed fraud cases -- over 25,000 in just the past 3 months -- we are able to analyze what the criminals are up to and strengthen our fraud detection systems.
Soon we'll publish a new report with observations and analysis of the criminal activities. Here is a preview:
Attack speed
Observation: When attacking more than one company, crooks complete all their attacks 86% of the time in less than 24 hours.
Takeaway: That means fraud prevention tools, data sharing, any scrubbing that is done, must be real-time or near real-time to catch the crooks activities.
Cross-industry targeting
Observation: Crooks don’t stick to just one industry. We saw crooks who visited airlines on the same day also attempt to purchase from computer electronics retailers and apparel retailers.
Takeaway: So data sharing in a given industry is helpful, but surprisingly, the crook was more likely to go to other industries than to target attacks in the same industry.
Stay tuned - new report on the way
Look for our announcement about our research in the coming months. We will provide links to subscribers to access the new report as soon as it is available. Meantime, happy New Year!
Questions or comments? Please post below.
Posted by Keegan Johnson on Thu, Dec 16, 2010
 Good news: Online consumers are spending about 12 percent more this holiday season than last. Bad news: Cybergangs are active too. Now is the time to invest in innovative card fraud detection and prevention. |
As part of a team working to stop online shopping fraud, I tend to focus on the bad things fraudsters do to online merchants and banks. Today let's talk about some good news, and look at why 2011 may be the year for a great leap forward in CNP fraud management.
$1 Billion spent online at least one day this week
Consumers are spending around $1 billion online at least one day this week, according to a story in Internet Retailer. More shoppers visited stores and websites over the Black Friday weekend -- and spent more -- this year than they did in 2009, according to a National Retail Federation survey. This year 212 million shoppers took part, up from 195 million last year. And the average shopper spent $365.34, up from last year’s $343.31. Total spending reached an estimated $45.0 billion. Department stores and clothing stores saw gains, while discounters saw a slight decline in sales.
Online spending holding steady at about 12 percent
"Americans continue to demonstrate a significantly greater willingness to spend online this year than in seasons past,” comScore chairman Gian Fulgoni told Internet Retailer.
On Cyber Monday, online sales were up 19.4 percent, with consumers boosting the average order value from $180.03 to $194.89, an increase of 8.3 percent. ComScore reported $11.64 billion in U.S. retail e-commerce spending for the first 26 days of the November–December 2010 holiday season. That’s up 13 percent from the same period last year.
Even Thanksgiving Day -- traditionally a lighter day for online holiday shopping -- saw a 28-percent increase to $407 million.
But popular retail sites attract cybergangs too
Unfortunately, frausters are visiting popular retail sites, too. Sophisticated fraud systems deter the vast majority of attempted fraud, but cybergangs are always inventing new card fraud schemes.
A few months ago, police in the UK arrested a pair of teenagers linked to a massive cybercrook forum. The eight-month investigation dug deep into a global Web forum with almost 8,000 members. The police found 29 forum topics about such things as phishing kits, tutorials and sites that have been carded. The fraudsters were buying and selling passwords and PINs, exchanging malware and sharing advice on how to avoid detection. Police recovered more than 65,000 compromised credit card numbers.
2011: the Year of Collaboration
If fraudsters are collaborating to steal from issuers and merchants, issuers and merchants need to synch up to thwart them. With the proper protocols in place, collaboration enables issuers and merchants to benefit from one anothers' transaction experiences while not sharing the data itself. Merchants stop more fraud losses, card issuers slash fraud management costs, and consumers have a safer environment in which to shop.
That's why I'm looking forward to 2011, when issuers, merchants, and other stakeholders can make a big leap forward in collaborative fraud prevention.
Learn more
See how Ethoca enables real-time collaboration between card issuers and online retailers, and download a PDF with our top six anti-fraud tips for the holidays.
Posted by Julie Fergerson on Wed, Dec 01, 2010
In this 6 part series, Ethoca offers tips for merchants based on the top fraud trends observed this year.
Getting multi-channel right
The big trend among retailers is to go multi-channel, and criminals are following right on their heels.
By 2011, the internet will play a role in 45% of all retail sales according to McKinsey & Company highlighting the rapid shift of traditional retailers to multi-channel. They project that growth rates at retailers who get multi-channel right will be more than 100 basis points better than those who don't, with larger profit margins resulting. (Source: October 2009 McKinsey Quarterley: The Promise of Multichannel Retailing.)
The US Census Bureau quarterly reports on eCommerce sales show that while overall retail sales have been falling since even before the recession began (**note: early returns this year indicate that retail is experiencing a big rebound with sales up across the board, but the largest gains are coming online), online sales have been increasing since the beginning of 2009 – that is, through out most of the economic downturn. Those kinds of returns and have been driving most traditional retailers to multi-channel sales as fast as they can go, and driving investment in online and MOTO channels in particular.
Fraudsters are channel hopping
Where the money goes, crime follows, and fraudsters are channel hopping more than ever. And, technology is making it easy. Because of Voice Over IP technology, fraudsters can place orders by telephone just as easily as over the internet. Fraudsters have been seen testing one channel, and then using the other to exploit holes found in fraud detection systems.
So, once a crook is identified, make sure that your negative lists and link analysis is applied across all channels, and that rules are tuned accordingly to detect fraud wherever it occurs in your stores. And then, make sure the same fraud checks and best practices you have in place for the Internet are applied to your call centers.
Top 6 anti-fraud measures for online merchants:
- Be unfriendly to friendly fraud. More >>
- Be careful not to flag repeat customers as suspicious when they don't have a digital fingerprint. More >>
- Monitor cancelled orders triggered by fraud screens, and the resulting call center complaints to maximize revenues More >>
- Test fraud rules to make sure you are able to catch coupon fraud. More >>
- Tune fraud screening processes to handle very high AVS mismatch rates resulting from gift cards. More >>
- Ensure your fraud rules are multi-channel. More >>
Download a PDF of all tips >>
Posted by Julie Fergerson on Fri, Nov 19, 2010
In this 6 part series, Ethoca offers tips for merchants based on the top fraud trends observed this year.
Tuning fraud screening processes
Gift cards are quickly becoming the number one present, which means they will be heavily used immediately after the holidays.
AVS rules do not work with gift cards, so if you haven't accounted for this, you will end up with a huge spike in orders being referred for manual review right after the holidays. You can avoid this by tuning your fraud screening processes now.
Plan for a high number of AVS mismatch and no match responses after the holidays and make sure your fraud rules support it. Some merchants even program in by gift card bin range to bypass their AVS check. But, whatever you do, don't let the success of your gift card program become a fraud management nightmare.
Top 6 anti-fraud measures for online merchants:
- Be unfriendly to friendly fraud. More >>
- Be careful not to flag repeat customers as suspicious when they don't have a digital fingerprint. More >>
- Monitor cancelled orders triggered by fraud screens, and the resulting call center complaints to maximize revenues More >>
- Test fraud rules to make sure you are able to catch coupon fraud. More >>
- Tune fraud screening processes to handle very high AVS mismatch rates resulting from gift cards. More >>
- Ensure your fraud rules are multi-channel. More >>
Download a PDF of all tips >>
Posted by Julie Fergerson on Thu, Nov 18, 2010
In this 6 part series, Ethoca offers tips for merchants based on the top fraud trends observed this year.
Coupon fraud soars
Coupon fraud is expected to set new records this holiday season. Earlier this year, the Wall Street Journal reported that coupon fraud increased by 14% from 2008 to 2009. The actual number of fake coupons redeemed rose to 10 basis points, or 3.3 million coupons out of the 3.3 billion issued. However, Coupon Information Corp, a non-profit organization that monitors fraud for food companies reported 198 fake coupons in the first quarter of 2010, more than the total number of counterfeits detected in the previous decade combined.
The problem is exacerbated by the increasingly common publication of online coupons for consumers to print at home, and prevalence of very sophisticated graphical editing tools which enable creation of highly realistic fakes – virtually undetectable unless you know what to look for. Online coupon fraud is that much harder to detect, and growing even faster.
Testing your ruleset
Rumors of black Friday deals have been circulating in the coupon communities for at least a couple of months. Work with your marketing team before the holiday season starts and test your ruleset to ensure you catch coupon fraud, but also allow valid coupon deals to flow through the system easily.
Top 6 anti-fraud measures for online merchants:
- Be unfriendly to friendly fraud. More >>
- Be careful not to flag repeat customers as suspicious when they don't have a digital fingerprint. More >>
- Monitor cancelled orders triggered by fraud screens, and the resulting call center complaints to maximize revenues More >>
- Test fraud rules to make sure you are able to catch coupon fraud. More >>
- Tune fraud screening processes to handle very high AVS mismatch rates resulting from gift cards. More >>
- Ensure your fraud rules are multi-channel. More >>
Download a PDF of all tips >>
Posted by Julie Fergerson on Thu, Nov 18, 2010
In this 6 part series, Ethoca offers tips for merchants based on the top fraud trends observed this year.
Carefully monitor cancelled orders triggered by fraud screens, and the resulting call center complaints, to maximize revenues
Measure the number of orders you cancel, and monitor throughout the holiday season how many frustrated consumers call into the call center to ask why their order was canceled.
On average the “customer insult rate”, or the rate at which legitimate customer orders are wrongly challenged or cancelled, as measured by call center complaints results in about a .16% loss in revenue. Some merchants perceive this as quite low, but that means $1,600 lost for every million in revenue, which can be quite substantial when every dollar matters this holiday season.
Moreover, at least half of those whose orders are wrongly rejected simply give up after the first try, and take their business elsewhere, so the call center complaints significantly understate the true customer insult rate.
Tune your review process to keep this number as low as possible.
Top 6 anti-fraud measures for online merchants:
- Be unfriendly to friendly fraud. More >>
- Be careful not to flag repeat customers as suspicious when they don't have a digital fingerprint. More >>
- Monitor cancelled orders triggered by fraud screens, and the resulting call center complaints to maximize revenues More >>
- Test fraud rules to make sure you are able to catch coupon fraud. More >>
- Tune fraud screening processes to handle very high AVS mismatch rates resulting from gift cards. More >>
- Ensure your fraud rules are multi-channel. More >>
Download a PDF of all tips >>