[B-SIDE Podcast] Spotting online fraud, stopping it in its tracks

December 20, 2021

1 2 minutes read

With the holiday season in full swing, there’s going to be a lot of opportunity for online fraud during e-commerce transactions.

“Merchants are so focused on growing as quickly as possible, that they forget to put the right fraud tool,” said James L. Melon, country manager of fraud prevention services company Vesta. “The need is [only] realized when they get exposed from fraud attacks. Merchants make up for this by selling more volume, but it’s like pouring more water into a leaky bucket.”

In this B-Side episode, Mr. Melon tells BusinessWorld reporter Patricia B. Mirasol about reputational risks and red flags that online merchants should watch out for.

TAKEAWAYS

Fraudsters are targeting digital wallets.

The two main types of fraud are account fraud, where a fraudster steals account information such as bank details through links laced with viruses; and transaction fraud, where account information stolen from the dark web is used for online purchases.

Card testing, Mr. Melon said, is particularly tricky, as it can be done in one or more cards and can fly under the radar of merchants.

A card testing attack occurs when fraudsters — having acquired partial or full card credentials — employ digital tools to submit authorization requests on e-commerce sites. JP Morgan Chase, a financial services holding company, says the main objective for such attacks is to reveal the card’s missing security elements.

“Increasingly, fraudsters are targeting digital wallets more now,” said Mr. Melon.

Vesta’s 2021 data show that 2 in 3 Filipino shoppers (69%) prefer to use e-wallets when purchasing online

Merchants risk their reputation as well as their revenue.

Sophisticated or not, businesses lose revenue on several fronts from payment frauds, including:

The acceptance of bad transactions – This results in high fraud rates, high bank charge fees, as well as “the unquantifiable but very important” reputational risk.
The rejection of good transactions – Caused by rule-based engines, this mistaken treatment — also known as false declines — results in low approval rates. “If there is a P50,000 limit on daily transactions, then what happens to the legitimate customer who wants to purchase more?” asked Mr. Melon. “Customers, including myself, will not hesitate to go other stores with better checkout experiences.”
Customer friction – If the rejection of good transactions is from international cards, then Filipino merchants miss out on revenue opportunities. Mr. Melon pointed out that 10%–20% of transactions in the country are done through international cards.
Operational inefficiencies – A company’s resources are better spent growing the business rather than putting out cyber fraud-related fires.

Don’t sacrifice security for speed.

The rate of attempted cyber fraud in Southeast Asia is 12 times greater than the global average, according to research by Vesta. The reason for this, Mr. Melon said, is because e-commerce in the region is growing at a much faster rate than mature markets.

He offered three tips for merchants who wish to combine speed and security in their operations: understand fraud and acceptance rates; integrate machine learning to have more data points that improves the speed of decision-making; and do away with static rules.

“Don’t measure fraud and acceptance rates in isolation,” he said. “Work with technology partners that can calibrate in real-time the difference between good and bad transactions.”

This, he added, can strike the balance between maximizing the approvals of legitimate sales, while blocking the bad ones.

Recorded remotely on Nov. 9. Produced by Paolo L. Lopez and Sam L. Marcelo.