|
Fraud.net |
|
|
|
|
March 16, 2015 Issue |
||
|
The Most Powerful Name In Corporate News and Information |
|||
|
Collaborative Online Payment Fraud Prevention System |
|||
|
CEO
Fraud.net
Interview conducted by: Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – March 16, 2015
CEOCFO: Mr. Anderson, what is Fraud.net? Mr. Anderson: Fraud.net is a collaborative fraud prevention system that detects online payment fraud, especially for online retailers. Any time a fraudster uses a stolen card, or otherwise defrauds a store, the amount is generally not big enough to alert authorities or involve law enforcement. The person or fraud ring is allowed to defraud that store until they are caught. Once they are caught, the only recourse for the retailer is just to not ship to them again. The fraudster simply moves on to the next store to successfully repeat their scheme. There has been no good system for online retailers to prevent this type of fraud and so the problem continues to grow faster than e-commerce itself, and that has been the case for many years now.
CEOCFO: Do they typically stick with one store? Is that a common way of approaching fraud? Mr. Anderson: They do, to the extent that they can continue to get products and services rendered. They will just keep going until they are caught and banned. Many of the professional fraudsters have tens of thousands of credit cards at their disposal that either they have purchased or stolen. They can take over computers locally to make it look like an order that is going to be shipped to a particular neighborhood has been ordered from a nearby computer, making everything about the order looking very appropriate and clean. However, at the end of the day, the shipping address might be a reshipping facility or perhaps a vacant home which fraudsters simply use as a pick up location. They will keep continuing this scheme, or hundreds of similar variations, preying on the retailers’ various vulnerabilities.
CEOCFO: Where does Fraud.net come in? Mr. Anderson: We allow merchants to pool the information on all their fraudulent orders into a sharable, searchable database. If, for instance, there is a vacant home that is being used by fraudsters as a drop or if there are specific computers serving as a source of fraudulent orders, that information is aggregated and shared among other merchants so the fraudsters aren’t able to repeat their scheme over and over. If a fraudster is stealing from one store and that store is in the fraud-sharing network, we alert all the other stores of the problem, which in turn prevents any similar fraud from happening going forward.
CEOCFO: Are your potential clients concerned about sharing their information in your safe environments? Mr. Anderson: That is a very good question. Generally, it is the only situation in which retailers are happy to share with one another. In this case, because fraud is growing so quickly and costs merchants so much, they are more than willing to go to these measures to prevent future fraudulent attacks. They understand that for every adverse event that they are sharing, there are many thousands of other adverse events happening elsewhere which they can access and from which they can benefit. Each participant is able to stop much more fraud at their own store than they are contributing so the net benefit to each merchant is overwhelmingly positive.
CEOCFO: How does Fraud.net work? What is the implementation process? Mr. Anderson: There are ways for smaller merchants to search suspicious orders manually, but ninety nine percent of our participants set up an API, which is a simple system-to-system direct communication method. They submit orders to our database for screening, then quickly receive a risk score which enables them make an ‘approve / reject’ decision automatically. It only takes a few hours of programming on average to set up, so it is a very simple way to save hundreds of hours a month that would otherwise be used manually reviewing orders.
CEOCFO: What about the reporting process? Mr. Anderson: That is actually one of the surprising gaps in the industry. In this age of big data, great fraud analytics is something that is difficult for big organizations to unlock, even within their own organizations. One of the things that we do best is to provide an advanced analytics suite to help participants quickly detect new forms of fraud as they are being perpetrated, both in the broader industry and at their website. The fraud is also detected much earlier in the process with good analytics. In the past, a type of fraud might have gone on for years because each new scheme is designed to specifically circumvent the merchants’ existing controls or manipulate the identifiers which merchants track, an IP address or device fingerprint, for instance. Now, with new schemes being developed every week, an organization needs this type of collaborative data to identify emerging problems before they become large losses.
CEOCFO: If a fraud is reported, does an alert then go out to other companies? What is happening? Mr. Anderson: It is an extremely flexible system. All the fraud data is aggregated into a database and companies can choose many different ways to receive alerts. Most choose to receive alerts through the APIs but if they want email alerts or to receive text messages or get a phone call about their suspicious orders, we can accommodate their wishes. Most larger merchants receive API-based alerts, then have their own systems and business processes make automatic updates to the orders affected.
CEOCFO: Does law enforcement get involved at all? Should they? Do you send them anything? Mr. Anderson: We do. That is an excellent question. There are certain thresholds which are required for law enforcement to get involved. For instance, the FBI, which is responsible for larger fraud transactions and the organized crime that is behind much of this activity, does not really get involved until there is a seventy-five thousand dollar aggregate loss. Local law enforcement might only consider fraud of five thousand dollars or more worth investigating. As a result, many of the fraudsters intentionally keep their total orders per retailer under those limits, so that no single merchant will raise a flag. The merchants simply write it off as a cost of doing business, which is a shame. Individually, each one is getting hurt, usually losing one to two percent of revenues. However, in aggregate, it represents many billions of dollars. It is only through aggregating the amounts and alerting law enforcement when those critical thresholds are reached, that law enforcement action can finally be taken.
CEOCFO: What types of companies are using your services? Mr. Anderson: We started working primarily with online retailers, but participants have grown more recently to include i-gaming, virtual goods, and financial services companies as well. There are many companies that are now interested in facilitating online peer-to-peer payments, for instance, competing with the likes of PayPal but there are substantial risks of payment fraud. These fraud risks are very similar to those experienced with online payments for e-commerce companies. The financial services companies are now required to make much faster approval decisions on the transactions being processed through their systems and on each transaction’s risk. Much in the same way that retailers have to make immediate decisions on their customers’ orders, these payments companies much assess transactional risk immediately or cause substantial friction in their users’ experience.
CEOCFO: What is the competitive landscape? Are there any companies with similar concepts and offerings to Fraud.net? Mr. Anderson: There are a handful of traditional fraud prevention companies, the ‘old guard’, which have been around for years, use predominantly older technologies, and owned by banks and credit card processors. These firms’ effectiveness is diminishing and their economic interests are different than those of the merchants. When a credit card is stolen or abused in e-commerce, it is the retailer that is left holding the bag in almost every scenario. The innocent card holder whose card was used is reimbursed immediately. The banks and credit card processors protect themselves by charging the merchant fees and taking reserves. The merchants, on the other hand shoulder 85% of the losses and really have to look out for themselves.
Then there is the new wave of fraud prevention specialists that focus on single specific markers such as device identification or IP address geolocation. However, the problem with this approach is that fraudsters are very smart, are incredible programmers and are hugely motivated to find the easiest paths to defraud US merchants. Each single metric can be circumvented by itself. We are the only company to take a crowdsourced approach. We look at more than three hundred and fifty individual variables and do over four thousand five hundred checks on every single transaction. There is no easy way to reinvent a fraudulent identity using all new variables once the fraudster is identified. We also see that by crowdsourcing fraud data, we can identify new schemes very quickly. That’s the beauty of a collective intelligence engine. If any merchant sees a new form of fraud or a new group emerging, everyone else is immediately alerted.
CEOCFO: What are the variables in the process that people would not even realize could be identified? Mr. Anderson: We analyze 12 primary categories which includes device identification, and with the device, there are both hardware and software components. Among the many variables in the software component are the language settings for the programs that are frequently used. If there are too many mismatches between language settings and the location of the device, for instance, we would be more concerned about that order. More than half of all direct fraud losses to US retailers originated from abroad last year. With all of the credit card breaches in the past few years, there is reason to be cautious when unexpected international indicators are discovered.
CEOCFO: What is your revenue model? Mr. Anderson: We work most companies on a per transaction basis. Merchants query our database with each transaction, they get a risk score, and we charge them a very small fee on a per query basis.
CEOCFO: How long has Fraud.net been available? Mr. Anderson: The company is just about eighteen months old now. Previously, I was the CEO of a company called MotherNature.com, which was a big health and wellness retailer. After having spent six years and millions of dollars fighting fraud, throwing money and people and data at the problem as best we could, we were unable to improve our fraud rates, despite using many of the best solutions that were available at the time. Finally, about two years prior to the company’s sale, we banded together with twenty-five other retailers to start sharing the fraud events that were happening to us. Only then did we all see our fraud rates drop by more than two thirds. The only strategy that ever worked for us, was to share data with other companies, even if they were outside of our industry. It saved us huge sums. The next step was to see if we could apply this strategy to contain the fraud problem on a larger scale. So while the company is still under two years old, the process has been refined for more than five.
CEOCFO: What have you learned since you have started Fraud.net that makes the offering better today? Mr. Anderson: The service is most improved by increasing the number of participants. Twenty five participants provided a lot of insight. However, now we are up to four hundred participants, some of which are billion-dollar retailers. It is the sheer scale that has improved the quality of the results. The need for the service today is substantially greater than it was even two years ago, given the huge number of credit cards and identities that have been stolen and are being resold across the internet There were over seven hundred and fifty breaches this last year, which is even worse than the year before. Opportunities for fraudsters have never been greater. There are tens of billions of dollars that are being stolen from US merchants. It not only hurts individuals and retailers, but it is responsible for reducing the growth rate of e-commerce overall by, according to some estimates, over 10%.
CEOCFO: There is so much noise in your industry. How do you reach potential new customers? How do you get people to pay attention and get them to realize that whatever else they are doing to protect themselves this is still a great idea? Mr. Anderson: This is a great question. As long as companies have systems and employees there will be fraud; absolutely and unequivocally. When you look at each of the breach events that happened over the past year, most of them are completely unavoidable. With Target, the hackers came in through the heating and ventilation vendors. With others, employees clicked on email links which uploaded malware. Breaches are going to happen. Despite all the great emerging payment technologies that are being tested now - biometrics using fingerprints and retinal scans, behavioral analyses, and the increasing use of tokenization - they are all helpful, but they are not going to stop the problem. Hackers will learn to manipulate these systems too, or simply intercept the order decisions further down the line by changing a ‘no’ to a ‘yes’, a zero or a one. An end to data breaches and an end to credit card fraud is a very long way away. Until then, we serve, in large part, as a breach containment system. This system is fueled by the collective experiences and intelligence of the hundreds of online merchants that collaborate through Fraud.net. What we try to do is to facilitate the prevention of the monetary damage that inevitably results from the breaches as quickly as possible.
CEOCFO: Why should people pay attention to Fraud.net? Why today, if not yesterday? Mr. Anderson: The payment industry has moved so quickly and systems have become so much more complex. In this inevitable march towards faster and more advanced systems, holes are created which create vulnerabilities. The result is going to be a never-ending cat-and-mouse game. I think the service is as appropriate today as it was five years ago. Fraud is just conducted on a much larger scale right now. Overall, our best defense against fraud is mass collaboration and cooperation. Our first and foremost goal at Fraud.net is to have one hundred percent participation among merchants. We even do a lot of work pro bono for companies that cannot afford breach protection today. We are happy to do that in pursuing the full participation goal, which in turn makes the service more accurate and comprehensive. Approximately forty-seven percent of all companies in e-commerce do not use even the most basic 3rd party fraud protection tools. This enables fraudsters to cut their teeth on those unprotected merchants. Once the fraudsters have honed their trade, they graduate up to bigger and more destructive schemes. We’re better off when these otherwise unprotected companies have some protection, some anti-fraud tools built into their systems, and some structure in their risk management decision-making. |
“An end to data breaches and an end to credit card fraud is a very long way away. Until then, we serve, in large part, as a breach containment system. This system is fueled by the collective experiences and intelligence of the hundreds of online merchants that collaborate through Fraud.net.” - Whitney Anderson
Fraud.net
Whitney Anderson 866-971-2030
|
||
|
|
|||
|
|
|||
|
Payment Fraud Prevention Solutions, Fraud.net, Technology Companies, CEO Interviews 2015, Whitney Anderson, Collaborative Online Payment Fraud Prevention System, solution that detects online payment fraud for online retailers, stolen card, we allow merchants to pool the information on all their fraudulent orders into a sharable, searchable database, Recent CEO Interviews, if there is a vacant home that is being used by fraudsters as a drop or if there are specific computers serving as a source of fraudulent orders, that information is aggregated and shared among other merchants so the fraudsters aren’t able to repeat their scheme over and over, if a fraudster is stealing from one store and that store is in the fraud-sharing network, we alert all the other stores of the problem, which in turn prevents any similar fraud from happening going forward, system-to-system direct communication method, submit orders to our database for screening, then quickly receive a risk score which enables them make an ‘approve / reject’ decision automatically, Fraud.net Press Releases, News, Tech Stock, Companies looking for venture capital, Angel Investors, private companies looking for investors, business solutions companies seeking investors, fraud prevention companies needing investment capital |
|||
|
|
|||
Whitney
Anderson