What is Fraud Scoring?
Fraud Scoring is used by merchants in the “card-not-present” market place (eCommerce sites) to determine the level of risk associated with each order. There are a set of validation checkpoints that the order runs through (like: does the billing address match the shipping address? Is it a high dollar order? Etc.); each checkpoint gets a score based on where it falls on the spectrum of liability. Merchants use the total score either to reject, review or accept orders.
Order fraud scoring acts as a net; routing orders that appear suspicious to a queue for additional screening.
An example of how Fraud Scoring works:
One of our clients configured over 200 different fraud points to tailor their fraud scoring. The exact settings are kept secret to minimize exposure to hackers. Scoring happens as the customer places an order, without interfering with the customer’s checkout experience. The customer will continue through the checkout process without any knowledge of the scoring and receives the normal order confirmation.
In the system, if the fraud score is below the configured threshold, the order is evaluated and then either sent to the fraud holding queue for review or continues to fulfillment. Orders failing to pass the fraud evaluation are reviewed by customer service staff and are either approved (which sends the order on to fulfillment), or declined. Declined orders are canceled in the system and a notification is sent to the customer notifying them their order has been cancelled. If the order automatically passed fraud scoring, there is no further action required and the order will be processed and submitted to the ERP within a few seconds of submission.
With all of this going on behind the scenes, you might be wondering how it affects the shopper’s experience; do they get held up in check out, have to wait, etc.? The shopping/customer experience will not change due to the implementation of fraud scoring. The check-out process will continue as it did prior to fraud scoring. Payments are not captured at the time of order submission; they are captured at the time of product shipment.
Some things to consider:
- How often are the fraud scoring models updated? Good and bad purchases should help determine data points and fraud patterns. If you’re scoring off of an old model, then it’s predicting fraud based off of that old data. Models updated monthly or even on a transaction basis are looking at more recent patterns.
- Does the service help you identify why an order scored the way it did (i.e. country inconsistency, can’t verify address, on a bad list, high velocity and volume, etc.)?
- Does the service allow for manual reviews by the fraud-review team?
- Do you, the merchant have the ability to tune and change the service to meet your unique needs?
Fraud scoring can be implemented several different ways...
The order review steps can be written in a set of configurable workflows that are managed within the eCommerce system. This approach typically requires application development and configuration management but there are no recurring service fees.
Third party service providers like CyberSource provide fraud scoring services. In this model, the fraud evaluation steps and criteria are managed by the service or through an administration console. This approach typically requires some level of system integration and a monthly or per-transaction fee schedule.
In either case, order screening typically occurs prior to the order logging in the ERM or CRM system.