{"url":"https://www.clear.sale/blog/how-fraud-prevention-changes-as-businesses-grow","title":"How Fraud Prevention Changes as Businesses Grow","tldr":"As small ecommerce businesses grow into middle market & enterprise organizations, they have to consider how their fraud prevention tactics should change. ","markdown":"Growing a business is like parenting – just when you think you have the hang of it, a new growth milestone is hit … and you have a new set of issues to handle.\n\nSmall and medium ecommerce businesses want to hit these milestones, expand into new markets and increase sales. But that growth comes with a different set of fraud challenges … which must inform how your business approaches fraud prevention.\n\n##\n\nLike most SMBs, your main priorities may have been preventing fraudsters from hurting your business and avoiding chargebacks.\n\nAs your business grows, however, the focus shifts to understanding customer patterns and expectations, keeping up with trends, and managing through layers.\n\nTo light your way through the process, we’ve created this short guide.\n\n#### Drawing on our expertise in ecommerce fraud at all stages of business growth, we’ll share with you:\n\n- The different types of fraud you’ll face as your business grows\n\n- Why so many enterprise ecommerce retailers lose more to fighting fraud than they do to fraud itself\n\n- The traps SMBs need to watch for as they evolve their fraud prevention strategy (with plenty of tactical advice on what to do instead)\n\nLet’s get started by looking at how fraud changes as businesses evolve from small to midsize business (SMB) all the way up to enterprise-sized.\n\n## Small Business & Enterprise Ecommerce Fraud Are Different\n\nEcommerce fraud schemes morph and change as fraudsters become more experienced and better at their craft. Regardless of business size, one of the most common fraud concerns is account takeover (ATO) fraud.\n\n### Account takeover (ATO) fraud impacts all businesses\n\nATO fraud happens when a fraudster uses a victim’s Social Security number, email address, or login credentials to take over their account. That includes checking and savings accounts, brokerage, and even loyalty accounts.\n\nIt’s no wonder that ATO fraud is rampant in the ecommerce space, accounting for [every fifth login attempt](https://blog.clear.sale/account-takeover-fraud-all-that-e-commerce-merchants-must-know) and 13% of U.S. ecommerce fraud costs in 2021.\n\nFor small businesses, the biggest issue with ATO fraud is the chargebacks that inevitably result.\n\n### How chargebacks impact small ecommerce businesses\n\nIf you’re lucky enough to have never faced a chargeback, here’s a quick overview: A customer finds a purchase they don’t recognize or remember and immediately contacts their payment processor to dispute the charge. The payment processor investigates the transaction, asking the business for proof that a legitimate purchase was made. If the proof isn’t compelling or if the purchase was actually made by a fraudster, the company has to refund the transaction amount and pay the processor a fee called a [chargeback](/blog/chargeback-reversals-how-to-win-a-chargeback-dispute).\n\nIf your chargeback rate gets too high — more than 1% — the fees increase and you can be placed on a [chargeback monitoring program](/blog/what-is-the-visa-chargeback-monitoring-program) or become classified as a “high risk” merchant. Those fees eat away at revenue very quickly … and can devastate a small business.\n\nBut as your business grows, chargebacks tend to become part of the cost of doing business. Enterprise ecommerce businesses are still concerned about chargebacks and keeping their rates as low as possible, but they know a “zero-chargeback” goal isn’t realistic after reaching certain volumes.\n\nBesides, they have bigger fraudulent fish to fry, in the form of policy and return abuse.\n\n### Policy and return abuse are major concerns for enterprise businesses\n\nFor nearly 60% of enterprise businesses, [refund abuse](https://bit.ly/3xW2V4D) is increasing. And it’s increasing overall at a cost of up to [$15 billion in losses per year](https://www.forbes.com/sites/forbescommunicationscouncil/2020/02/19/many-unhappy-returns-how-consumer-abuse-leads-to-retail-revenue-leakage/?sh=32718efe6d25).\n\nNot every fraudster knows how to perpetrate return abuse — it’s the calling card of an expert fraudster. They spend time studying businesses’ policies to learn exactly where the loopholes exist, creating tactics to exploit them.\n\nSome of the most common types of return abuse include:\n\n- Stolen merchandise returns – Shoplifters return stolen merchandise for the full price.\n\n- Receipt fraud – Criminals use stolen or fake receipts to return merchandise. Even more clever, they may purchase a product on sale at one store and return it to another for a higher price.\n\n- Employee fraud – Also known as “insider fraud,” employees help fraudsters return stolen goods.\n\n- Price arbitrage – Fraudsters purchase similar products that are priced differently and return the cheaper one at a higher price.\n\n- Switch fraud – Criminals purchase a replacement product and return the damaged or defective item.\n\n- Bricking – Fraudsters purchase and strip an electronic product, then return it without the valuable components intact.\n\n- Wardrobing – Criminals purchase products (often apparel) to use or wear once and then return.\n\nAs your business grows, you may implement buy online, pick-up in store (BOPIS) services, which are subject to fraud as well.\n\n### BOPIS fraud has become more rampant\n\nBuy online, pick-up in store (BOPIS) shopping allows customers to place their orders on your ecommerce site and then pick their orders up at a later time or date at your brick-and-mortar location. This convenient service was wildly popular during the pandemic when consumers weren’t able to shop in stores.\n\nFraudsters have also taken advantage of the BOPIS trend because it presents yet another opportunity to make money and/or steal goods. In fact, BOPIS fraud [has recently increased up to 250%](https://paymentsnext.com/buy-online-pickup-in-store-bopis-fraud-is-up-250-why/), forcing businesses to spend additional time distinguishing between suspicious and legitimate orders.\n\n### Enterprise ecommerce companies leave money on the table with false declines\n\nIf your first reaction to these additional fraud threats is to simply turn up the volume on your online fraud filters, you’re not alone.\n\nThat’s a mistake many enterprise businesses make as well.\n\nThey try to combat fraud by being more cautious, assuming any suspicious transaction is fraudulent. And that opens them up to one of the biggest fraud prevention concerns for enterprise ecommerce businesses: false declines.\n\nWe often hear from enterprise clients that they have fraud “under control” because their chargeback rates are reasonable and they’re making money.\n\nThe problem is they’re also [losing money](/blog/balance-revenue-fraud-prevention-enterprise-ecommerce-merchants) – money they don’t know about.\n\nEnterprise businesses often use wide-sweeping filters and rules that automatically decline transactions based on factors such as address mismatches, transaction amounts, and other factors that may not necessarily be fraud.\n\nAnd because their fraud teams tend to work independently (unless they need reinforcements from other departments when transaction volumes peak), they often turn away perfectly good transactions before even considering that they might be valid, creating a large number of false declines.\n\nHow big is this “large number”? Consider that about [58% of false declines](/blog/5-ways-to-reduce-online-credit-card-false-decline-rates) are actually valid transactions.\n\nAnd it gets worse: When shoppers are declined, especially in younger generations, they *don’t*respond well. We’ve found that [40% of customers](https://www2.clear.sale/consumer-attitudes-infographic-2021)experiencing a false decline never come back to that business, and about 34% complain about their experience on social media.\n\n## The Risks of Keeping a Small Business Fraud Mindset\n\nReturn fraud and false declines on top of ATO fraud are a lot to think about, which can make some small businesses choose to just stick with the status quo on their fraud prevention efforts, no matter how much their business grows.\n\nNot a great idea for a number of reasons.\n\nIf you want to grow your business into the enterprise space, you must think like an enterprise business, especially when it comes to fraud.\n\nIn that vein, there are some traps to avoid:\n\n### 1. Being overzealous with deny and allow lists\n\nNo doubt, you’ve probably read somewhere about the age-old practice of creating deny lists (formerly blacklists) and allow lists (I.e., whitelists) as a shortcut to fighting fraud.\n\nDeny lists automatically decline transactions associated with specific names, addresses, email addresses and select other factors, for a variety of reasons. Often, it’s because of previous fraud attempts, unruly customers and fired employees. Allow lists are usually full of VIPs and company executives who expect to have their transactions approved.\n\nThe issue with deny lists is the decline happens before *any* analysis of the transaction.\n\nIf any element in the transaction has a hit in the deny list, the order is declined, so you learn absolutely nothing of value from that transaction. That’s a big mistake.\n\nAt ClearSale, we’ve spent decades learning about fraud and fraudsters by analyzing transactions and detecting patterns. Without that analysis to improve your fraud intelligence, a deny list puts you at risk of declining good customers (often, fraud victims themselves) – again, losing money you didn’t know was available to your business.\n\nInstead of a deny list, we recommend setting up an alert that flags transactions for automatic approval or denial while using machine learning and even secondary reviews to detect suspicious activity and make sure they really should be declined.\n\nSimilarly, using an allow list is risky. If a fraudster gets their hands on any of those VIPs’ or executives’ credentials, they will be kids in a candy store, and you won’t know you’re being robbed.\n\n### 2. Not doing homework before entering new markets\n\nAnother mistake small businesses make as they grow is not doing research about new markets before expanding, especially international ones. Without doing that research, you’ll struggle to delight customers … when you’re not struggling to keep fraudsters at bay.\n\nHere are some examples:\n\n- You need to know that the biggest concerns in Mexico, Chile, Ecuador, Uruguay, Argentina, Peru, Colombia and other LATAM countries are false declines, to the tune of about 50% of all transactions.\n\n- You should research which languages are spoken and if translation is necessary for your website, app, and chatbot. Another important bit of research is slang and vernacular. If your website is full of both, even ESL speakers in other countries may miss the point of “clever” content and move on without making a purchase.\n\n- Consider shipping challenges in countries like Australia as well as GDPR requirements in European countries such as Spain, France, Germany and the United Kingdom.\n\nFinally, think hard about which [payment options](/blog/e-commerce-payment-processing-options-for-enterprise-merchants) to offer in different markets. If you’re doing business in China, Singapore, [Hong Kong](/blog/ecommerce-fraud-risk-hong-kong), Japan or [Vietnam](/blog/country-profile-a-guide-to-ecommerce-in-vietnam), you need to lean heavily on [digital wallets](/blog/know-the-difference-between-digital-wallet-and-credit-card-chargebacks). In the [United States](https://www2.clear.sale/country-profile-united-states), consumers want choices and lots of them, from credit cards to digital wallets to a host of alternative payments.\n\n### 3. Only considering industry-specific fraud trends\n\nSmall businesses also forget to look across industries as they grow to determine fraud trends.\n\nWhether or not you plan to expand outside your current industry, there’s a lot you can learn from fraud trends in other industries. Any type of expansion or growth should be paired with a full analysis of what could happen:\n\n- What are other industries seeing in fraud trends?\n\n- How are fraudsters finding opportunities to try new tactics?\n\n- Are new channels being exploited, and how?\n\n###\n\n### 4. Trying to do it alone\n\nOne of the biggest mistakes small businesses make as they grow is trying to do it alone. Making the shift to an enterprise mindset isn’t a matter of turning a switch.\n\nInstead, it’s a combination of slow creep and sudden jolts where success can happen faster than anticipated, especially in the current ecommerce environment. And when a business has to scale their approval process and fraud protection faster than they anticipated, they run the risk of setting off on the wrong path.\n\n“You have to build a process that can adapt and scale to fit your business as it grows, because it may grow much faster than you anticipated. For example, your filters may be optimized and you have an ad hoc analyst on hand … but what happens if one of your products goes a bit viral and business doubles in a week?”\n\n- Rick Sunzeri, Director of Enterprise Accounts, ClearSale\n\nTo appropriately scale your fraud prevention efforts, you need resources. For example, we had a client that was closer to middle market and wanted to expand internationally. They did the appropriate research about superior customer experiences, operational differences, and financial factors. But they weren’t sure what to do about fraud.\n\nWe helped prepare their growing fraud analysis team for international traffic by training them on how it would differ, the unique signatures of fraudsters in other markets, and what to do about it.\n\nThis is why it’s so important to choose the right partner for growth.\n\n## Choose the Right Fraud Prevention Partner\n\nAt ClearSale, we have a number of advantages that can help businesses scale and grow without having to reallocate resources before they’re ready.\n\n### We’ve seen it all\n\nClearSale has worked with companies of all sizes around the world, including those in the most high-risk areas. That wealth of knowledge and experience makes our data analysts and fraud specialists more likely to recognize unique fraud patterns across industries and channels.\n\n### Superior data analytics\n\nWe thrive on data and data analytics. Our team leverages transaction data to help companies make key business decisions. To do that, we bring the power of data analytics to understand your specific customer base and their purchasing habits, as they compare to consumers around the world.\n\nBy doing so, we can see fraud patterns as they emerge and our system learns from those patterns.\n\n### Continuous machine learning\n\nWe screen every transaction with artificial intelligence and machine learning, which helps [fine-tune fraud models](/blog/how-to-set-cutoff-points-automatic-approvals-ecommerce-fraud-prevention) based on customer behavior. Transactions that meet all criteria are automatically approved, and suspicious transactions are flagged for additional review.\n\nWhat many businesses find fascinating is *how* that machine learning happens:\n\nWhen we first start processing a company’s transactions, our system will apply what it “knows” about fraud within the industry, the region and the world. But the real magic happens as the system processes more and more transactions and we rerun fraudulent transactions post-decline to teach the system what fraud looks like for *your* business.\n\n### Secondary review for high-risk transactions\n\nHigh-risk transactions that seem suspicious undergo a secondary review process in which one or more of our 1,500+ fraud analysts review the transaction and buyer details and may even reach out to customers to confirm purchases.\n\nThis hybrid approach of machine learning and secondary review helps identify high-risk patterns within 30-90 days. From there, fraud detection rises to another level so we can approve more transactions and decrease false declines, while keeping your chargeback rate as low as possible.\n\n### Resource augmentation as needed\n\nHiring has become a challenge. Filling open positions in a fraud analysis team as your business grows will take time. So you may want to augment your team with expert resources who can provide training, help establish [best practices and policies](https://blog.clear.sale/7-essential-tips-for-enterprise-ecommerce-merchants), and offload transaction reviews during peak seasons.\n\nWith the massive increase of transactions and fraud over the last few years, ClearSale has become further poised to help companies recognize fraud as they grow.\n\nTo learn more about how ClearSale has helped other companies fight fraud and maximize revenue as they grow, our team is available."}