Before you read this article, here is a disclaimer.
This methodology is dependent on the number of transactions your company deals with daily. If the number of your transactions are less and manageable, you can use this methodology with the help of a small team, else you may need to recruit a larger team for higher transaction volumes. If your transaction volumes are high and your business model is highly complex, then some extra investments will be needed (will be covered in part 3 of this series).
This section will be a good starting point for setting up a basic payment fraud management mechanism in your company.
As discussed in part 1 of this series, it is essential to have the following back-end data points at the ready-
Step 1 - Location detection
When a new user signs up on your website, it usually asks for permission to track the user’s location (this occurs as a pop-up on the person’s screen). This is good from an operational perspective because you can use the address that your user has given and the location tracker to ensure that your products are delivered to the right location on time.
There might be some cases where the same user gives different delivery addresses for multiple successive transactions.
In addition, you may notice that some users change their locations multiple times over a defined period of time. One moment they are at location 1, and the next hour they are at location 2 (which happens to be 10,000 kms away from location 1). Unless the users have superpowers, this needs to be marked as suspicious behavior. If you observe this from the location data of any of your users’ transactions, you need to investigate these transactions carefully because it’s quite likely that the user is hacked or the user is employing a VPN (virtual private network) to mask their actual location, also an indication of fraudulent behavior.
The same user may create multiple accounts on your website from multiple devices. They may also make multiple accounts from the same device (which you can track using their IP address data).
While these are good indicators of suspicious user behavior, another layer of checks are required based on a very effective analysis technique as discussed in the next step.
Step 2 - RFM analysis
RFM (recency, frequency and monetary value) analysis is a process where you arrange all the transactional data of your users based on-
You can use the following three thumb-rules to detect suspicious users:
In case the user has not made any purchases for a large period of time, and has suddenly made a large number of successive high value transactions during a very short period of time, then it’s possible that the user’s payment details have been stolen or the user has been hacked.
In case the user makes an unusually large number of purchases within a day or within a week, then it’s possible that the user’s payment details have been compromised or the user has been hacked.
In case the user, who has a history of making only low value purchases, suddenly makes a large number of high value purchases like they’ve won a lottery, then it’s possible that the user’s payment details are being misused by an assailant or the user has been hacked.
In summary, mark your users as suspicious and critically investigate the accounts if a majority or all these factors check out –
Step 3- Extra precautions
To add an extra layer of effectiveness for your investigation, you can do the following –
What to do if you suspect fraud?
Before you flag anyone for fraudulent activity, you need to acknowledge the possibility of false positives. Activities that seem fraudulent might not actually be fraudulent. For example, a person who possesses multiple payment accounts and travels a lot may actually be a wholesaler dependent on your service. Multiple people who use the same payment account might be related to each other. Frequent requests for refunds might be because of operational issues from your vendors. Therefore, as much as it is important to be on the safe side, it is very important to invest proper amount of time in investigating the true nature of these activities that have been tagged as suspicious.
It would be ideal to create a dedicated team or a committee for this purpose comprising of individuals with experience in dealing with financial transactions. This team needs to analyze all your transactions on a daily basis and share daily reports. You can call this team the fraud management team.
If your team notices suspicious transactions by users, you can temporarily suspend the user’s account and contact the user via any channel for their justification. Post the temporary suspension, you need to work with your team and resolve this issue with the suspected users as quickly and as respectfully as possible (ideally within 24-48 hours). You could also ask them for a valid proof of identification.
If not for fraud prevention, these interactions could also be opportunities to understand your customers in case there are any issues that are imminent in your operational value chain and your website.
The next steps
The tools, tips and techniques outlined in this series will help your business proactively avoid fraud. However, if your company has a complex business model or is scaling up, then evaluating the vast volume of transactions for potential fraud becomes a very cumbersome task that small or medium-sized teams will not be able to perform.
Therefore, significant investments are required to make your fraud management efficient from a technical perspective as well as HR perspective. You need to evolve from a fraud management team to a fraud management system.
If you want to directly go to part 3, which talks about the investments required for a robust payment fraud management system, you can access it here.
D. Davis Pinto
Davis is a senior manager (payment risk operations) in the digital operations and platforms (DOP) service line of Wipro. He has over 17 years of experience in the field of payment risk management and currently manages a team with over 1,000 employees that prevents payment fraud on a daily basis. He is an improvement-oriented person with a vast amount of experience in the trust and safety industry and works very hard to meet and exceed the demands of our customers.
Leepika is a senior group leader (payment risk operations) in the digital operations and platforms (DOP) service line of Wipro. She has over 7 years of experience in evaluating transactions for potential fraud, and currently heads a team of more than 150 employees in DOP’s payment fraud management division. She believes in putting herself in the customer’s shoes and keeping up to date with the latest payment fraud trends.
Richards is a marketing executive and a content writer in the consumer business vertical of Wipro-DOP. He is an engineer-turned marketing professional with an avid interest in all things marketing, trust & safety, and the latest technology trends.