Artificial intelligence (AI) can help retailers rapidly identify and prevent ecommerce fraud, but human oversight is still essential
Thanks to the internet, we no longer need to go to the shops; instead, the shops come to us. In a few clicks you can order everything from the latest digital gadgets to dog food, from the comfort of your sofa. And same-day delivery options mean you can receive items faster than ever.
But the speedy online transactions and one-click purchasing systems that underpin the ecommerce sector don’t just make life easier for consumers; they make things easier for fraudsters too.
Successful ecommerce retailers receive thousands of orders a day, and these card-not-present (CNP) purchases are harder to verify than those where the card and cardholder are physically present. In fact, a study by LexisNexis Risk Solutions found that fraud via remote channels, such as online and mobile, is up to seven times harder to prevent than fraud in person.
[With AI] retailers have the sort of broad vision necessary to spot fraud and orders that are far out of the norm
So, if an online retailer’s ecommerce fraud prevention system isn’t up to scratch, it can cost them dearly. Indeed, Juniper Research predicts that CNP fraud could cost online retailers more than £58 billion over the next few years.
Ecommerce fraud prevention always changing
The tools and techniques criminals use to carry out chargeback fraud, where the consumer makes an online purchase with their own credit card and requests a chargeback from their bank after receiving the item, or take over online accounts are constantly changing and increasingly sophisticated.
“Traditional approaches to fighting fraud, such as rules engines and scoring, are too fixed to adapt to this shape-shifting nature of fraud,” says Eido Gal, co-founder and chief executive of Riskified, which provides an ecommerce fraud prevention solution and chargeback protection service for high-volume and enterprise merchants.
Mr Gal claims AI solutions that learn from each transaction and improve their accuracy are much more effective than these legacy methods of ecommerce fraud prevention.
“Fraudsters take many different approaches to appear as a legitimate cardholder,” he says. “They may use a proxy, spoof a device or take over a cardholder’s retail account. A well-designed AI solution examines the links across these datapoints, compares them with historic orders and instantly determines when something is wrong.”
AI systems skilled at pattern recognition
AI and machine-learning tools look at hundreds of datapoints across billions of transactions to identify patterns that might constitute fraud. What’s more, they can find cases of fraud that no human is likely to spot.
“By deploying constantly learning machines that use the data from many thousands of merchants around the world, retailers have the sort of broad vision necessary to spot fraud and orders that are far out of the norm,” says Ed Whitehead, managing director, Europe, Middle East and Africa, at Signifyd, a fraud protection company that detects fraud and reimburses merchants for fraudulent chargebacks on approved orders.
When AI recognises an outlier order, it can either automatically block it or refer it to a human expert for review. “The best way to use AI is to use it to solve the simple cases,” says Paul Weathersby, senior director of product management at LexisNexis Risk Solutions UK.
“A person is better at making decisions, so you could use the machine for cases which are fairly easy to process and improve the customer experience, and then pull out the exceptions that someone needs to look at.”
Human and artificial intelligence both needed
Mr Whitehead agrees that a degree of human oversight is a key part of effective AI-based ecommerce fraud prevention. “There are certain tasks that machines are good at, those requiring speed and scale, and there are tasks that humans are good at, those requiring intuition and experience,” he says. “Combining the two creates a powerful shield to fraud while also recognising legitimate orders that might include some red flags.”
Data feeding into an unsupervised machine-learning model also needs to be properly monitored. Otherwise, says Mr Weathersby: “The vast amounts of data an unsupervised model works through can produce rules that don’t make sense based on data which is quite hard to locate.”
He adds that if the method for supplying a machine-learning tool with feedback on what constitutes a good or bad decision is inconsistent, “then the machine will start to learn things which a human would quite clearly understand are not correct”.
This could, for example, result in AI that becomes more conservative as time goes on. “For instance, each time a fraudulent order is shipped and comes back as a chargeback, the machine learns not to ship similar orders,” says Mr Whitehead. “Eventually, the machine ratchets down the number of orders a merchant is shipping and invariably some of the declined orders were actually legitimate.”
Multiple methods for preventing fraud
Criminals will always look to circumvent the ecommerce fraud prevention systems that merchants put in place and some are already using AI for just this purpose. It’s therefore essential that online retailers employ multiple methods of ecommerce fraud prevention and layers of control, says Jackie Barwell, director of fraud product management at ACI Worldwide.
Positive profiling, for instance, builds a comprehensive picture of customers at the individual level through behavioural data, externally confirmed fraud intelligence and a wide range of customer identifiers. “Rather than the traditional route of screening each transaction, this focuses fraud screening on the person behind that transaction,” Ms Barwell explains.
She adds that the technique is especially useful for new ecommerce methods such as click and collect, “where there is not as much time available to conduct post-transaction, real-time analysis”.
Other new ecommerce services will no doubt arrive in the future and fraudsters will inevitably seek to exploit them. But as long as online retailers have AI in their armoury, they should manage to stay ahead of cybercriminals looking to profit from one of modern life’s greatest gifts, the option to shop from the comfort of your home.