The Digital Strongbox – Securing Your Payment Data with Point-to-Point Encryption

Shahzad Khan, Senior Director, Global Acquirer Processing, CyberSource

Whenever money travels from one point to another, theft inevitably follows. Throughout history, it’s been common for pirates and brigands to stake out well-traveled commerce lanes to intercept valuable traffic.

Today’s Digital Commerce Lanes

In today’s world, this kind of physical heist is rare, and when it does occur, the novelty makes it highly newsworthy. But that doesn’t mean it has disappeared. Increasingly, this kind of “highway robbery” is migrating to the digital lanes of commerce, where bits of data can be intercepted without the need for ships, cannons, or bandits in black hats.

The More Things Change

Historically, merchants, bankers and others took steps to guard their valuables against theft in the form of caravans, armed escorts, safes and strongboxes. Today, armored cars are a common sight in cities across the world, and stand as a modern representation of an age-old practice.

In the digital age, while the tools differ, the same paradigm still applies. Instead of strongboxes and military escorts, encryption is used to secure valuable data in transit.

Point-to-Point Encryption

The PCI Security Standards Council (PCI SSC), a standards body established by card brands calls this Point-to-Point Encryption, or P2PE. P2PE is a terminal-based encryption standard, where payment data is encrypted within a point-of-sale (POS) payment terminal. This encryption safeguards card data from modern-day hackers and brigands as it moves through your network and on to a decryption and processing gateway.

On the List

In order to meet the PCI SSC standard, a P2PE solution must meet three high-level requirements:

• Card data must be encrypted using strong cryptography
• Encryption must be performed in a PCI P2PE-approved hardware device
• Decryption must not be possible within the merchant environment

Solutions that have been validated by the PCI SSC as meeting its P2PE standards are referred to as “listed” solutions. Solutions that have not been validated, but provide similar functionality, are commonly referred to as “unlisted” solutions.

Unlisted solutions hold a degree of uncertainty, as there may be no way for you to know whether a solution provider has fully addressed the controls that constitute the PCI P2PE standard. They may also mean a lot more effort on your end, in the form of needing to perform a thorough compliance assessment and potentially needing to implement additional security measures.

With a listed solution, you have the confidence of meeting the criteria of the PCI P2PE standard. Furthermore, you can substantially reduce your PCI compliance requirements, saving you a great deal of time and effort.

CyberSource Point-to-Point Encryption

In order to bring you the security and compliance benefits of Point-to-Point Encryption, we are now offering our own PCI-validated P2PE solution. CyberSource P2PE helps protect payment data across all segments of your network, and prevents unencrypted transaction data from touching your systems.

To learn more about securing your data with Point-to-Point Encryption and our own P2PE solution, check out our ebook, Securing Payment Card Data in Flight.

Missed MRC Vegas 2018? Check Out What We Covered

Ron Buchanan, Enterprise Sales Leader, Visa

Every spring, around 1,500 eCommerce professionals and merchants, representing over 450 companies in more than 30 countries, converge on Las Vegas for MRC’s flagship conference. Over four days, attendees get a chance to learn about the latest innovations in fraud prevention, payment processing, technology, cybersecurity and financial services.

We were there this year with subject matter experts Scott Boding, VP of Product Management, and Joe Salerno, Senior Director of Client Insights, who spoke with attendees about the latest in payment innovation, particularly augmented intelligence and its role in fraud management and prevention.

Augmented intelligence describes the power of maximizing human intelligence with technology – giving us the ability to scale the essence of what makes our analysis and decision-making still very valuable in fraud prevention and management. In contrast, artificial intelligence implies displacing human intelligence, eliminating the ability to guide and even overrule the machine learning, if necessary. Scott spoke to the value of augmented intelligence in his session, “Artificial Intelligence Gets You So Far. Augmented Intelligence Can Get You Further,” exploring the benefits of combining machine learning with human judgment to fight fraud.

CyberSource employs this philosophy in our Decision Manager and Rules Suggestion Engine solutions, which have helped merchants detect more fraudulent transactions while increasing acceptance of good orders, making for happier customers and less operational waste. The solutions work together to bring machine learning into the realm of rules creation. Rules Suggestion Engine uses the outputs of Decision Manager’s advanced machine learning models as inputs into the rule creation process, suggesting new fraud rules to consider. The basis of the Rules Suggestion Engine is the merchant’s unique transaction data, and the merchant can test the proposed rules using Decision Manager before implementing them in a live environment. So, the merchant is the ultimate decision-maker, and able to maintain the flexibility to set and adjust rules based on expertise, category context and automated inputs derived from transaction history.

At MRC, one of our merchants, CMT, brought to life its experience with Decision Manager as well as Managed Risk Services, sharing how these solutions have bettered the customer experience of its NYC taxi riders. In the session “Taking Fraud for a Taxi Ride,” CMT Group discussed how it reduced chargebacks by 92%!

Additionally, CyberSource’s Joe Salerno discussed how merchants are approaching eCommerce payment management not just as a necessary task, but also as a strategic function and competitive differentiator. In his session, “Global Payments Survey: Winning through eCommerce Payments Management,” he emphasized the challenges they face, the best practices they employ and the benefits they are realizing. Insights are based on the recent global study capturing attitudes and practices of 484 payment specialists from mid-market and enterprise level organizations. The highlight of the session was a panel discussion with payments experts sharing their perspectives on the study’s findings, including commentary on improving performance. The full results of the survey will be available in the coming weeks.

If you made it to MRC, we hope you enjoyed the conference and learned as much from the conversation as we did. For those of you in Europe, we will also be at MRC Dublin from May 14 through 16, and hope to see you there. In the meantime, we will share our latest insights and innovations on CyberSource Viewpoints.

How to Accept Payment from a Fridge (and Other Problems You Can Solve with Smart Tokens)

Justin Fraser, Head of Enterprise & Alliances Sales, CyberSource

I never thought 15 years ago that I’d be talking about the best way to accept a payment from a domestic appliance. But that’s how I started a talk I did at a recent event. It goes to show just how much things have changed in the world of payments. And how they’re going to keep evolving.

Ok, not many of us are shopping via a voice-activated smart home just yet. But what we do expect is to buy what we want when, where and how we want. And for it to be both easy and fast.

It’s a fact merchants can’t ignore. To thrive they need to offer smooth payments. Let’s take an example. Say you’re a retail group with multiple sub-brands. What if you could instantly recognize customers, whichever of your businesses they interact with? And because of that, you could allow them to pay with a tap of a button or card, or a scan of a fingerprint? Potentially, you’re going to get more payments and more loyal consumers.

It’s All About the Token

So how does the retail group make this possible? Through tokenization. This is when you turn sensitive data into a code that you can safely use across the internet or wireless networks. It sits in place of the original details, which can remain locked away. There’s a clear security reason for tokens. But people soon latched on to them as a way to speed payments. There’s no need to keep re-entering details, so it makes the customer experience much better.

This dual purpose has made tokens critical to ecommerce today. Let’s put it in perspective with a stat. Amazon Prime is tokenizing consumer card data today. And of the US households with internet, just under half have an Amazon Prime subscription.¹ That’s a lot of people benefiting from an effective tokenization strategy.

The Key to Future Payments

So, tokens are already a key part of payments. But the IoT will make them even more important. In the future, we’ll live with billions of connected devices. And we’ll be able to use them to pay or accept payments. But to make this a seamless experience, we’ll need to call instantly on saved data and process it securely.

Tokens will be integral to these payments, whether someone’s restocking their smart fridge, calling out a shopping list in their car, or accepting an offer to buy a product they see in their VR headset.

Smart Devices Demand Smart Tokenization

As the IoT explodes, Visa expects to see a ten-fold increase in its network, leading to 30 billion ways to pay and 400 million ways to be paid.² That’s a lot of tokens to manage. So, it won’t just be about using tokens but managing them well.

The best token management services will standardize token formats and payment types. This will help you adopt any new channels that emerge. And it will make it far easier to analyze data and the behavior of individual customers. Smart token managers will also store information in highly secure data centers.

For a merchant, this kind of approach makes two exciting things happen.

• First, you keep the currency of trust. Trust is at the heart of payments based on stored data. So, data loss is devastating. Loyalty that may have taken years to build can disappear in seconds. Tokens can help you earn and protect hard-won trust.
• Second, you make transactions invisible. The best service is the service you don’t even notice. It’s effortless―so nothing detracts from the experience. Tokenization can make this possible across channels, brands, and payment methods.

Tokens have a major role to play in the best customer experiences. If you’d like to learn more about what your business could do with them, take a look here.

1 - Statista, July 2017. Available at: https://www.statista.com/statistics/504708/amazon-prime-subscription-households-usa-share/

2 - Visa, Operating certificates and Visa Networks, CY2016

The 2018 Global Airline Fraud Management Report: Emerging Payment and Fraud Management Technologies Appear Poised for Takeoff

Fernando Souza, VP Global Merchant Solutions, CyberSource

Payment fraud affects every industry, but not necessarily in the same way. Each industry has certain nuances in transaction patterns, technology adoption, customer behavior and other factors that should be taken into consideration.

Airlines are one such industry, with digitization changing every aspect of the customer experience, from booking and check-in to security, boarding, and even in-flight entertainment. In the 2018 Global Airline Online Fraud Management Report, we put 112 airline companies under the magnifying glass. These airlines represent full-fare and low-cost carriers from around the world, and provide a glimpse into nuances of the airline industry, as well as nuances between different carrier types and across different geographic regions.

To explore how trends have played out over time, we kept the underlying methodology consistent with the 2014 study wherever possible.

Key Findings

Among the findings in this report:

• Credit and debit cards are the most common payment method accepted through direct sales channels, but they also exhibit far and away the highest “above average” fraud incidence for all airlines, at 27 percent.
• Mobile phone payments are taking off, with mobile revenue quadrupling since the 2014 study.
• Bookings rejected or canceled due to suspected fraud have increased slightly, from 3.4 percent in the 2014 study to 3.8 percent. North American-based airlines have the highest rejection rate, at 7 percent, while Asia Pacific carriers only reject 1.7 percent of bookings.
• Revenue lost to payment-related fraud is also up slightly, from 1 percent in the 2014 study to 1.2 percent.
• Manual review rates fell from 27 percent in the 2014 study to 18 percent in the current report.

Booking Direct

While full-fare carriers (FFCs) remain buoyed by a high travel agency booking volume (31 percent of revenues) largely fueled by corporate travel, the overall trend is clearly toward increased direct bookings, whether on an airline’s website, via mobile payment, or through call centers, airport kiosks and ticket counters. Taken together, direct booking accounts for 55 percent of overall passenger revenue.

As more bookings flow through direct channels, airlines must take on increasing responsibility for payment acceptance and fraud management. This includes not only credit and debit card payments, but new payment methods, as well.

Mobile revenues have quadrupled since 2014, and show no sign of slowing down, particularly in the Middle East and Asia Pacific regions¹. Online wallets such as PayPal and WeChat Pay also are finding increasing acceptance, and both payment methods have “above average” fraud incidence rates that are a fraction of traditional credit and debit cards.

The Future of Airline Fraud Management

When we asked airlines about the challenges they face in managing payment fraud, their answers revealed a bias toward the future. The top three challenges cited were²:

• Lack of resources
• Keeping up with new fraud management technologies
• Identifying and responding to emerging fraud attacks

Each one of these challenges is related to readiness for the next iteration of the digital economy, and signs indicate that airlines are already taking steps to address them. For example, airlines seem to be embracing new fraud management technologies. Manual review rates are down to 18 percent, compared to 27 percent in the 2014 study, a sign that investments in automated screening are paying off. Still, there is room for improvement. At present, only 12 percent of manually reviewed bookings are canceled³. Moving forward, increasingly sophisticated machine learning solutions should be considered to further optimize the screening process and free up time and resources that could be better used elsewhere.

Airlines also should be advised to take steps to accommodate the rise in mobile payments, from embracing tokenization, to more readily adopting new payment methods and exploring new validation tools, including biometric indicators. Fingerprint readers and facial recognition are already making inroads in other aspects of air travel, and are increasingly available features in mid- and high-end smartphones, making them a natural fit for mobile payments.

Overall, airlines appear to be doing a good job keeping fraud rates and costs in check. But they should seek solutions that allow them to optimize their resources, respond more rapidly to new technologies, and automatically detect and get in front of novel new fraud techniques.

CLICK HERE to read the full 2018 Global Airline Fraud Management Report.

1 - Mobile channel revenues reported by respondents was less than 2% in 2014 and this year it is 7%. Q. Please estimate the percentage of passenger revenue booked through the following sales channels for the full year 2016. Base: Airline companies N=110

2 - Which of the following have been your biggest challenges related to e-commerce fraud? Please select up to three. Base: Airline companies N= 110

3 - Q. Which of the following have been your biggest challenges related to e-commerce fraud? Please select up to three. Base: Airline companies N= 110

Is Fraud Manager Still a Fitting Job Title?

Andrew Naumann, Vice President, Product Management - Merchant Solutions, CyberSource

You’re a fraud manager. But how do you describe your job to people? I used to think the answer was fairly simple: someone who protects a business from the damaging effects of fraud.

But times have changed. In our digital economy, payment acceptance is just as important as fraud prevention. And this means you—and your fellow fraud managers—have a bigger business role to play than ever before.

A brave new digital world for fraud managers

It’s no secret that companies are embracing new business models to stay competitive. Because today’s customers want things now. They want to make online purchases without interruptions, anywhere in the world, from any device and at any time. And if they can’t transact in a few clicks after deciding to buy something, they’ll likely go elsewhere.

This makes fraud a much trickier beast for us to tackle. Mobile is quickly changing buying behavior, which means you should have different fraud rules in place for mobile and PC-based transactions. Fraudsters have more advanced tech for carrying out attacks. And they can easily compromise more personal details by hacking accounts that hold information stored on file.

This complex fraud landscape means that fraud-prevention measures—and fraud managers—are having to change. Fraud managers should be involved with the business as it introduces new business and payment models. Your input is crucial in making sure the payment experience allows the business to grow and stay competitive. You now have a broader role to play.

And you’ve got a tough balance to strike.

Walking the tightrope of profit and protection

To help business growth while keeping customers secure, there are three key objectives that businesses need to balance:

Maximizing revenue. Reducing false positives, accepting more good orders and reviewing them faster to give customers a better experience.

Minimizing fraud loss. Making detection as accurate as possible to reduce fraud rates and chargebacks.

Minimizing operational costs. Finding efficient ways of streamlining and automating the review process.

Focus too much on any one of these and you could be in trouble. A very low fraud rate, for example, could be a sign that you’re being overzealous with your fraud-detection rules. Genuine customers might get caught in the crossfire. And that could be bad news for your brand.

For fraud managers, it’s all about finding the right balance between these three objectives. And there’s no single “right” approach. It will vary depending on the economy you’re working in. Software companies, for instance, often have large enough margins and product volumes to take on a little more risk and drive more revenue. But the same can’t be said for sellers of upmarket handbags. They have to be more cautious, because their margins are smaller, and the losses they make from fraud take longer to recoup.

Getting the balance right is particularly important when growing into new markets. Fraud levels vary from one region to the next. So you need to know how much risk to take on as you expand into new territories.

From threat to opportunity

So what does this mean for the evolution of your role?

Fraud managers have always been gatekeepers; that hasn’t changed. But competition is fiercer than ever in our digital economy. And your job isn’t just about keeping out the bad customers any more. Welcoming good customers is important—and holding on to your best customers is even more important.

To give the good customers the best experience, you need data that shows you how good customers behave. You need to know when fraud’s not happening. Armed with the right data, you can help shape better, more seamless payment experiences. And if you get these experiences right, more accepted payments and business growth will surely follow.

Now you’ve got a bigger business role to play, perhaps it’s time to rethink how we talk about fraud managers.

Discover what other CyberSource experts are saying about the evolution of fraud management by reading our insight report, Managing Risk. Meeting Expectations.

Download the report >

Taking Fraud for a Taxi Ride

Keep reading

CyberSource Brings Machine Learning into the Realm of Rules Creation with the New Rules Suggestion Engine

Scott Boding, Vice President, Product Management, CyberSource

Generate Fraud Rules Based on Historical Data

It is important for you to monitor your fraud strategy as fraudsters continually change their tactics. But how do you identify potential new fraud rules based on historical fraud patterns?

CyberSource Rules Suggestion Engine draws on your unique transaction data to automatically present recommended rules that can augment your existing fraud strategies. As well, each suggested rule is accompanied with appropriate metrics to help you measure its performance against the selected transaction data.

Capitalize on Machine Learning

CyberSource has extended the capabilities of CyberSource Decision Manager beyond transaction scoring by now bringing machine learning into the realm of rules creation. Rules Suggestion Engine uses the outputs of Decision Manager’s advanced machine learning models as inputs into the rule creation process, suggesting new fraud rules to consider. Incorporating machine learning models helps increase the effectiveness of your fraud rules, enabling you to fine-tune your fraud strategies.

Stay One-Step Ahead

With Rules Suggestion Engine, CyberSource is enhancing the analytical capabilities of Decision Manager beyond Decision Manager Replay. You can help meet the changing requirements to stay one-step ahead of fraudsters and accept more good customer orders.

Test the Impact of Suggested Rules before Implementing

Rules Suggestion Engine, in conjunction with Decision Manager Replay enables you to test any proposed rule against historical data. With Decision Manager Replay, you can measure and understand the effectiveness of a particular fraud rule before implementing it in a live environment.

CLICK HERE to learn more about our Rules Suggestion Engine and how it can help you optimize your fraud management strategies.

Master the Fraud Management Balancing Act

Andrew Naumann, Vice President, Product Management - Merchant Solutions, CyberSource

Fraud management is a balancing act…of balancing acts. As a business, you must weigh customer expectations of a seamless shopping experience against the need to protect yourself and your customers from fraud. You also have to minimize fraud losses without being so cautious that you end up sacrificing revenue due to false positives. And of course, you have to juggle all of these considerations while keeping operating costs as low as possible.

The state of fraud management

In our 2017 North America Online Fraud Benchmark Report, we dove into this tension and explored how businesses are faring in the ongoing effort to reduce fraud and accept more good customer orders.

Overall, businesses are succeeding in containing direct fraud loss (i.e. chargebacks, credits issued due to fraud), and fraud losses have stabilized over the past few years at just under 1 percent of total revenue^1,2. With the overall loss rate holding steady, now is a good time to focus on optimizing your fraud management processes and reducing indirect fraud losses, such as revenue lost due to false positives or higher operating costs associated with more manual review of orders.

From holding ground to making progress

How do you make progress against indirect fraud losses? Where do you even start? It’s not like you can just press a button that says “Reduce False Positives”. Optimizing your fraud screening process is more like stepping into a control room packed with levers. Which ones should you pull? Which ones should you leave alone? Are some combinations better than others?

It helps to understand what those levers – your fraud detection tools and rules – do, and when and how to use them.

CyberSource 2017 North American Online Fraud Benchmark Report

When asked, our respondents selected address verification services (AVS), card verification number (CVN) and device fingerprinting1 as the most effective fraud detection tools These are just a few of the tools you can tap, however, and the best combination varies from category to category and even business to business.

So how do you determine which tools to use, and how to configure them? It may seem like a shot in the dark, but it doesn’t have to be. Our Decision Manager platform includes the industry’s first fraud tuning analytics tool, Decision Manager Replay. With Decision Manager Replay, you can test different rule sets against historical data to better optimize your screening models. This is a great way to better understand the interplay between different rules, and the impact different combinations can have on your fraud management efforts.

Kind of makes you wish Decision Manager Replay could be applied to other aspects of life, doesn’t it? Unfortunately, we’re not quite there yet.

Reducing reliance on manual review

Once your automatic screening models are optimized to keep direct fraud losses in check while minimizing false positives, you can further fine tune them to reduce the number of orders going to manual review. In some cases, human oversight is critical, but it’s also costly, and if you’re manually reviewing too many orders, it can be inefficient and quickly consume a large part of your fraud management budget.

CyberSource 2017 North American Online Fraud Benchmark Report

Just how big of an issue is this over-reliance on manual review? Well, 79 percent of respondent businesses from the US and Canada reported that they conduct manual reviews, and on average, they manually review 25 percent of all orders. Of those, fully 89 percent end up being accepted. That’s a clear indication that more orders are being reviewed than necessary. Clearly, there’s still plenty of room for optimization¹.

By relying on automated screening designed specifically for your business and continually assessing your fraud strategies, you can make your entire fraud management process more efficient and save your manual reviewers for the only the most ambiguous orders.

How does your business compare?

While businesses are generally holding the line against online fraud, there is room for improvement in:

• Optimizing automated screening
• Turning away fewer genuine customer orders by generating fewer false positives
• Reducing the number of orders flagged for manual review

Curious to see where your business stands? We’ve developed a Fraud Benchmark Tool to help you see how you stack up, and identify areas where you may want to make adjustments to your fraud management process. CLICK HERE to answer a few key questions and find out how your fraud metrics compare to your peers.

• 1. CyberSource 2017 North American Online Fraud Benchmark Report
• 2. CyberSource 2016 North American Online Fraud Benchmark Report

How loyalty and account takeover fraud can affect your business

Denise Burkett, Omni-Channel Payments and Fraud Specialist, CyberSource

I’ll admit it. I may not always take my own advice. So, when I advise people what they should do to keep their accounts safe, I feel a little guilty. Because while I know that I’m meant to use different passwords with all my loyalty programmes, I’m probably using the same password for each of them.

And then I remember that I’m not alone. A survey highlighted that around half the consumers out there use the same password across other accounts¹. It gets worse. Only about one in five people change their passwords once a quarter². Other research suggests that almost half use passwords that are five years old³.

So, when I was asked recently to take part in the CyberSource webinar on loyalty and ATO fraud, I felt that I could add real value. That’s not just because I’ve been in the industry for longer than I care to remember. It’s because I know the pitfalls first-hand.

Loyalty fraud – a risky business?
There’s a huge amount of value – more than $238 billion in one 2015 estimate⁴ – sitting on the books of airlines, hotels, and other programme owners. Loyalty fraud is a growing risk for every merchant with a loyalty programme.

It’s also really easy to have multiple loyalty cards. I’ve one for my grocery store, one for my beauty rewards scheme and a whole range for airlines and hotel chains. Last time I counted, I had at least eight, and I’m not the worst offender out there. It’s difficult to keep tabs on them all. And remember, because people use the same password, it can be a case of break into one and you break into them all. That makes it tempting for fraudsters. They see it as a weak point in many companies’ fraud management. If people aren’t protecting their passwords, it means they’re not taking control of their own security. If that’s the case, then who will? You guessed it.

Consumers such as myself see points as found money which I can use to take my husband on holiday, but fraudsters take a different view. To them, points and miles are real money that’s easy to steal, and that makes it worth their while.

Looking beyond the Me, Me, Me
­­­­It’s easy to be selfish and think only of the financial damage that I – and other consumers – could suffer. In fact, account takeover, or any other type of fraud, for that matter, may be damaging to consumers. But it’s even more harmful to businesses. One of the biggest challenges, for example, has always been attracting and keeping customers. And in today’s disruptive environment, it’s even tougher.

If customers see that someone’s compromising their accounts and the company’s unable to prevent it, they’ll take their business to the competition. The loyalty you spend years building up can be gone in seconds.

If loss of reputation means loss of customers, what should you do about it? Well, really, you should look at treating loyalty points in the same way as you do cash. I’d suggest that you screen every purchase that’s made with points, just as you would if they were being paid for by cash or credit.

During our webinar, we pointed out two or three things that you should consider right away. One of them was that you should look at some kind of account takeover protection service, so that you can screen any activity in accounts at critical points such as address changes, points transfer and so on. Another was to put something in place so that you can determine whether orders are genuine or not. You should also make sure you don’t limit yourself to looking at orders. Check out whether activities are fraudulent any and every time customers transfer or spend loyalty points or miles as well.

In my view, if you can successfully fraud screen loyalty programs, you’re likely to minimize the risk of your customers – and your business – losing out. Why not watch the webinar and discover how to reduce the impact of fraud on your business?

¹Deloitte, Loyalty Data Security. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/consumer-business/us-aers-managing-the-risks-of-rewards-pov-singles-101614.pdf. North America

²Op.cit.

³https://www.entrepreneur.com/article/246902

⁴ “Loyalty points fraud: A real risk for a virtual currency", Ryan Yuzon, Director of Consulting, RFi Group, April 30, 2015. https://www.rfigroup.com/global-retail-banker/news/loyalty-points-fraud-real-risk-virtual-currency.

Digital commerce is growing. Is your fraud management strategy keeping up?

Andrew Naumann, Vice President, Product Management - Merchant Solutions, CyberSource

Brick-and-mortar purchases may still account for the overwhelming majority of total retail sales, but there is no question that eCommerce has emerged as the true engine for retail growth. In the first half of 2017, while physical sales grew by less than 3 percent, eCommerce sales increased by 16 percent, according to the United States Census Bureau¹.

Behind the growth in eCommerce

What’s driving this growth? Well, a little bit of everything. New shoppers continue to feel more comfortable shopping online and in doing so increase transaction volume and put more into their online shopping carts. New online business models are also driving growth in eCommerce. In fact, total U.S. eCommerce sales are expected to grow by a whopping 64 percent from 2016 to 2020, advancing from $385 billion¹ to $632 billion².

Mobile commerce is also driving eCommerce growth, providing consumers the ability to purchase anytime and anywhere. According to our 2017 North American Online Fraud Benchmark Report, mobile commerce sales increased from 25 percent of total online sales in 2014 to 33 percent in 2016³. As mobile channels become more convenient – thanks to factors such as digital wallets, one-click checkout, connected devices that make up part of the Internet of Things (IoT) and more robust and secure mobile networks – mobile commerce has taken off like a rocket. BI Intelligence forecasts that mobile commerce could come to account for nearly half of all eCommerce sales by 2020².

Fraud is up, but loss rates hold steady

While the growth in eCommerce sales has been great for retailers, it’s been accompanied by a corresponding rise in online fraud. According to Experian, U.S. eCommerce fraud rates jumped by 33 percent in 2016⁴. Fortunately, despite that increase, overall fraud loss rates have remained essentially flat, at 0.9 percent in 2016 compared to 0.8 percent in 2015, as reported in our 2017 and 2016 North American Fraud Benchmark Reports^3,5.

The best way to keep your fraud loss rate stable, or even drive it down? Paying close attention to your fraud management strategies and continuously optimizing them to reduce both fraudulent orders and false positives among your legitimate customers.

Fraud management requires a deft hand

Fraud management can often seem like a balancing act. You have to guard against fraudulent orders while maintaining a positive customer experience and keeping operating expenses as efficient as possible.

Furthermore, overbearing fraud prevention policies can cost your business significant revenue. False positives lead to immediate lost sales, as well as a longer-term drag on loyalty and retention. According to Javelin Strategy, 30 percent of eCommerce shoppers stop returning to a merchant altogether following a false positive and order rejection. An additional 36 percent make fewer purchases than they had before the rejection⁶.

Fraud management is critical, particularly for online retailers, and a commitment to continuously improving your process can help you keep your fraud loss rate down, while simultaneously maintaining a positive experience for your customers.

Improving your fraud management approach

What can you do to improve your fraud management process? Your best option is to embrace new advances in online fraud detection. Data intelligence and sophisticated machine learning, paired with robust datasets, can lead to better transaction analysis. This in turn leads to better results and less of a manual review burden.

A fraud management solution should provide automated fraud processes powered by data intelligence, as well as rules you can manually tune to better suit your business or adapt to changing fraud patterns. Ideally, such rules optimization will also feature back-test capabilities that let you game out different strategies on past transactions before you deploy them.

Of course, you don’t have to start your search from scratch.

CyberSource – an established leader

Juniper Research routinely evaluates the fraud detection and prevention landscape, and has recently named CyberSource one of the established leaders in the category.

What sets CyberSource apart? First, the extent of our data intelligence network. Our Decision Manager platform leverages to draw on the more than 68 billion transactions processed annually by Visa and CyberSource. To this massive dataset, we apply advanced machine learning algorithms to find cause-and-effect relationships, and detect nonintuitive patterns, allowing us to extract and constantly update valuable insights to improve transaction analysis and verification. Furthermore, our rules-based engine helps ensure that you are the ultimate decision maker, with the flexibility to set and adjust rules at any time, then easily see what rules were triggered in any decision. Merchants can draw on standard rules and risk models, or customize their own, based on more than 260 fraud detectors, including device fingerprinting and IP geolocation.

Another useful feature of our Decision Manager platform is what we call Decision Manager Replay, the industry’s first fraud tuning analytics tool. With Decision Manager Replay, you can back test different rule sets and optimize your fraud management strategy over time.

You have many options when it comes to fraud management and prevention, and for the sake of your business, it is worth it to do your research. If you’re interested in exploring Juniper’s evaluation of CyberSource to determine if it may be a good partner in your fraud management process, click here to read the full report.

• 1. United States Census Bureau – Quarterly Retail eCommerce Sales – 2Q 2017 https://www.census.gov/retail/mrts/www/data/pdf/ec_current.pdf
• 2. Business Insider – Feb 2017
• 3. CyberSource 2017 North American Online Fraud Benchmark Report
• 4. Experian – Mar 2017
• 5. CyberSource 2016 North American Online Fraud Benchmark Report
• 6. Javelin Strategy – Overcoming False Positives – Sep 2015