Not all traffic is good traffic
How fraudsters reach your website
Not all traffic is good traffic: how fraudsters reach your website
Ecommerce fraud (also known as CNP fraud) is bad news for everyone involved. The victims have to dispute the unauthorized charges, cancel their card, and order a new one. The merchants are forced to refund the purchase, pay chargeback fees from their payment processors, and replace the stolen merchandise. Finally, legitimate shoppers end up being declined at checkout due to fraud prevention tools or practices which create the additional problem of lost revenue as a side effect of their goal of reducing costly chargebacks.
When it comes to this tricky but necessary job of fraud prevention, more attention should be focused on how fraudsters reach merchants’ sites to begin with. When it comes to traffic and fraud, some routes are actually safer than others.
Real customers aren’t in a rush
“Real” online shoppers exhibit browsing patterns analogous to physical shopping. They compare different products, take their time, look over product pictures. Legitimate consumers will meander through a merchant’s website much like they may meander through a physical store.
This insight about behavior also extends to the ways in which traffic comes to your site to begin with, and understanding and recognizing those behavior patterns can tell you a lot about the fraud risk of any order placed by that visitor. A lot of vendors in the ecommerce fraud prevention space have learned from their data that while all roads may lead to Rome, some of them are statistically more likely to carry fraudsters.
The ultimate goal of every real consumer is to find the right product (e.g. size, function, color) for the right price. Thus, real shoppers are more likely to use promo codes and other discounts, shop around (perhaps visit a competitor’s site), and wait for a sale.
Fraudster strategy: get rich quick
The M.O. of fraudsters is very different: make as much money as fast as possible by buying goods to resell on secondary markets. Since a card whose info has been stolen can be deactivated by the cardholder at any moment, fraudsters are always in a time crunch. Therefore, they generally prefer orders with high value items, carts with lots of items, products from coveted name brands (because they are easy to resell due to high demand), paying more for fast shipping (remember, they aren’t spending their own money), and digital purchases (like tickets and gift certificates).
Traffic analytics and fraud prevention
Given these different end goals, the following two general observations make a lot of sense:
- Direct traffic (i.e. typing in the URL) is much more likely to be fraudulent, but referral traffic is more likely to be legitimate. Genuine shoppers usually start off with an idea of what they want, not who they will get it from (which is why they’ll visit more than one merchant). Fraudsters, on the other hand, plan their target list in advance.
- Traffic from paid ads is much safer than organic traffic. When it comes to paid traffic, merchants are benefiting from what is essentially visitor pre-screening - the research, SEO, and demographic targeting required for effective online marketing. As a result, paid traffic is inherently more likely to drive legitimate customers to a merchant’s site, and less likely to send over fraudsters.
There’s less danger when the order is not from a stranger. There’s a whole other dimension to this discussion of fraud and traffic: returning customers. Since fraud rates from returning customers (with no history of chargebacks) is a fraction of what they are for new identities, tools like device fingerprinting and multi-merchant data sharing can be very effective. However, the latter method comes with a major caveat: all data is only as good as the method which collected it, and if the other merchants sharing a list stray from best practices, merchants could be accepting and declining orders based on bad information, exposing them to fraud and severely limiting their revenue and growth by rejecting good orders (false declines).
These relationships between the origin of order traffic and fraud is a great example of why having more and better data empowers fraud management teams to more accurately decide whether to accept or decline each order. Smarter screening means more revenue comes in, and less money in chargebacks bleeds out.