opinion

By Malcolm Clifford
September 04, 2007

Striking the balance between fraud prevention and customer service

Malcolm Clifford assesses a range of fraud prevention methods and considers how to strike the balance between successful fraud prevention and efficient customer service.

Fraud is still a major issue for retailers and consumers alike.  Recent changes to the way that fraud should be reported means that consumers are no longer able to report cases of fraud directly to the police; instead reporting fraud directly to banks or retailers.  This change, aimed at cutting back on the administration surrounding the reporting of fraud cases, enables banks and retailers to 'batch up' incidences of fraud into more coherent cases for investigation.

The fragmented nature of fraud reporting prior to this rule change very likely led to a lack of focus from the police, so the change certainly appears to be a positive step for the industry.  It improves the level of control in deciding which cases are worthwhile referring to the police and pursuing, but in doing so it also puts additional onus on fraud departments to investigate and combine details of confirmed fraud as well as supporting any ongoing police investigation.

However, it is vitally important therefore that companies are clear about the need to reassure a customer that a complaint is being taken seriously, acted upon, and satisfactorily pursued.  Namely that it will usually be referred to the police for a criminal investigation, and that all reasonable measures will be pursued to catch the criminal.  The problem is that when it happens, fraud feels very personal.  The transactions hit your personal account, remove your personal money for a period of time, or perhaps you find out about a fraud perpetrated in your name when a company chases you for money you don't owe.  All of these instances can cause a great deal of distress, and whilst the actual difference in the new rules may not be material to the consumer, it is probably not how the consumer will see it.

Whilst strong fraud procedures can reduce losses to individual fraud attacks, the overriding impact is usually one of displacement.  So as each vulnerability is tightened up, such as has been evidenced recently with chip and PIN reducing the amount of face-to-face fraud at retail outlets, fraudsters change their line of attack to other forms of fraud, such as transactions where the cardholder is not present; and sure enough, this type of fraud is currently increasing year-on-year.  The most effective cure for fraudsters is criminal conviction, and it is to be hoped that the new regulations will have a positive impact in that respect.

But investigating cases, providing information and support for police puts pressure on the resources of the fraud team.  It is really important therefore to be able to focus effort on those cases where losses to the company can be reduced and to enable adequate consideration of cases which need referral to the police for a criminal investigation.

This pressure is perhaps a positive one, as it helps to provide a focus on how best to target available resource.  There are a very broad range of fraud solutions available, and it is best to combine these into several layers of protection, since it gives them an incremental impact.  Different solutions have different strengths and weaknesses.  For example, checking to see if any customer details are the same as those for a previous fraud loss (mobile phone number, address etc.) will catch the fraudster who has tried it before.  A profiling approach to identify what types of transactions and characteristics are indicators of likely frauds will uncover cases even if it is the fraudster's first attempt.  Looking at customer characteristics and comparing information for consistency, coherence and rationality is another approach.  Putting together solutions covering these approaches will give the best protection, and be more effective at preventing fraud.

But just flagging up a referral list is missing an opportunity.  In many cases we see rule-based fraud referral systems creating work lists with very high false positive rates (i.e. a large number of cases must be worked to find each fraud).  Deciding which referred cases have the highest likelihood of being responsible for fraud losses obviously involves an understanding of where fraud has come from in the past, and the application of analytical techniques in the respect is invaluable since it provides an ability to quantify the likelihood of fraud, and thus determine a work priority.  By combining rule-based referrals with predictive models in this way, it is possible to reduce workloads typically by about a third with little or no reduction in the number of fraud cases discovered.  This means either cost reductions or, more likely, the ability to target the resource to a different task where it will be more effective.  As a by-product, the customers who are no longer referred may well experience an improvement in the overall service in terms of reduced timescales or fewer contacts or requests for additional information.

This type of information-led approach is strengthened by the availability of good quality data on past fraud experience.  Sharing information through CAIS and various other user groups has proved one of the most effective ways of combating fraud in the past, and it promises to be just as effective in the future, with an increasing amount of information available which can be shared.  Many organisations, whether big or small, find that pooling data in this way enables them to reap greater benefits through much stronger fraud models based upon a wider experience.

Fraud risk today is increasingly affecting a much more diverse range of organisations including mail order companies.  With the liability for cardholder not present fraud sitting with the retailer, companies trading on-line or via telephone are particularly exposed.  With a much higher degree of anonymity, this is an attractive opportunity for the fraudster and is being increasingly utilised to the point where it now constitutes nearly half of card fraud and according to APACS, costs industry GBP212m per year.

The credit card companies have tried to address this with the services like Verified by Visa and Mastercard Securecode which confirm additional details from the customer at the time of authorisation, whilst these measures make things more difficult for fraudsters they do not mitigate the liability of the retailer.  With only a small amount of information available at the time of the transaction, it is important to make the most of what you have; the nature of the goods or services being purchased, the regular purchasing habits of that customer as well as address level data are all important factors in determining the potential of fraud.  Unfortunately, some measures which are considered necessary to protect against fraud can have a negative impact on customer service, for example, only permitting goods to be delivered to the cardholder's home address as verified by the card transaction.

To combat this, we have seen excellent results with postcode level indicators of the likelihood of fraud used on the addresses supplied by a customer using both generic and bespoke models.  In the case of a generic model used for an on-line electronics retailer the score was able to identify 50% of frauds in the top 10% of the file, and 80% of frauds in the top 20%; this was improved by developing a bespoke model based upon the company's own file of previous fraud cases.  These results were further enhanced by adding other rules such as understanding the relationship of home address to delivery address, and comparing various factors about them.

This type of approach benefits from being very easy and quick to implement, whilst providing a quantifiable assessment of fraud risk which can route higher risk transactions which feed into an additional verification procedure or alternative delivery options.  Even if this leads to an outcome of declining to deliver to a particular address, at least it changes the restriction from being a rule for all customers, to being one which applies only to a small minority of cases.  The retailer in question delivered not only fraud savings, but an improvement in delivery times to the customer as a result of the work.  It also ensured the company's policy of delivering to alternative addresses customers/choice of locations in most cases could be continued cost effectively.

It is this elusive combination of increased control of fraud risk without impact to customer service which will define the success of fraud policy and fraud solutions in the future.  More and more customers are experiencing credit card transactions being declined whilst an outbound fraud check is carried out, or are unable to have goods delivered to their preferred location, or are receiving extra communications or requests for information which slow down application procedures.  This is often done on auspices of protecting the customer, but this doesn't stack up on closer examination, as the supplier organisation retains ultimate liability in most cases.  The frequency of these events, which have a significant impact on customer experience and customer conversion, can be reduced by making the most of the fraud solutions available, whilst retaining the customer's confidence in the industry's commitment to drive down fraud in the long term.

click here to view a PDF of the article as it appeared in the magazine

click here to download Adobe Reader for free