Security Made Simple

Traditionally, retailers have managed their own security. Check the signature on a credit card. Look for a counterfeit $20 bill with the swipe of a special pen. Have security guards on the floor so shoppers feel safe.

Article continues below

PCI compliance requirements from the payment card industry mean that retailers who want to sell online must perform regular audits for security of their workplace and processes. The stakes were raised recently as many successful online merchants were told that their compliance levels are being altered in order to ensure an increased measure of consumer safety. This means that retailers are working harder then ever with software consultants and security firms in their quest to manage their online security.

But can retailers really absorb the time and cost of trying to stay on top of global ecommerce fraud prevention, especially when so many are facing significant changes in their PCI compliance status in 2007? Perhaps what is needed is the ability to “hand-off“ the risk.

By owning the transactional component of other merchant’s products, 2Checkout.com (2CO) has enabled a combination of front-end and back-end fraud detection and security procedures along with expert manual review. The result has been a 75% reduction in chargebacks. 2CO’s fraud detection staff is so good that 2CO has taken the unusual step of absorbing any chargeback fees where the code is fraud. 2CO is also able to guarantee the shopper either fulfillment of their order or a full refund.

For many retailers this type of partnership may be the compliance and customer confidence solution they’ve been seeking.

Help with CNP Sales Risk

In the card not present (CNP) environment of Internet shopping, crime is big business. High profile data thefts and media coverage of identity theft have managed to frighten customers worldwide and to propel the payment card industry into dynamic requirements for retailers. To deal with the realities of CNP, retailers are faced with the prospect of constantly monitoring all aspects of risk, fraud, security, and credit issues. Cross border purchasing and international terrorism complicate matters further by introducing illegal activities. And now, many firms are being moved from a PCI compliance level 4 to level 2 by autumn, 2007.

Retailers need a fresh approach.

Consider the following scenario: If retailers could separate themselves from the actual transaction process, then they could concentrate on their core business and move resources away from a shifting target – fraud and credit risk. This is precisely the 2CO model.

At first glance a retailer may not see the benefit of handing off transactions. But increasingly, sophisticated retailers are finding that a partnership with a reseller like 2CO confers 2CO’s already high level of PCI compliance along with substantial savings on finding and implementing up-to-date security solutions.

For the retailers who partner with 2CO, it means that 2CO assumes the expenditure for and training on software, hardware and compliance. It also means the retailer is freed from resources spent on research and keeping up with trends.

True Alternative

2CO has been described as “a true alternative to a merchant account or third-party processing.” The company has evolved from a reseller for strictly Internet-based, mom-and-pop retail Web sites into a unique and formidable partner for retailers with established brands.
Using a supplier/distributor model, 2CO has attracted the attention of retailers by creating a unique paradigm for online retailing that provides a low risk, high reward scenario for the retailer.

Vendors who resell their products or services through 2CO have a low to no risk of fraud because 2CO effectively owns, and has chosen to safeguard, the transaction. 2CO actually purchases the product from the retailer for the cardholder and bills the cardholder. Once a consumer decides to purchase a product, 2CO assumes the management of the transaction including interchange fees, control of the refund process, customer support, and chargeback analysis.

In short, they protect the transaction through multiple channels that are described below.

So how does partnering with a reseller work in practice? One example has a retailer integrating an existing shopping cart application with 2CO’s Web-based software. The cart has data including product or service titles, images, descriptions, and pricing. The retailer sets shipping options and country-specific allow or deny rules through vendor administrator panels located on the retailer’s 2CO account Web site.

When a customer comes to the retailer’s branded site and chooses to purchase, the purchase is handed off to 2CO, along with the risks associated with the payment approval process. At this stage, the fraud and data security component of the transaction is the responsibility of 2CO. The review process occurs quickly, usually in less than twelve hours. 2CO uses dozens of features to secure the ecommerce environment including such processes as Verified by Visa, MasterCard Secure code, AVS and CVV codes.

Front-end and back-end transactional analyses take place and any potentially fraudulent orders are manually reviewed. Any liability for chargebacks due to fraud is assumed by 2CO.

Once an order is successfully placed, the retailer is back in the loop and is notified that the order was placed successfully and that fulfillment is necessary.

As mentioned, 2CO uses a variety of industry-leading software to spot fraud but the core of the security effort lies in detecting and routing potentially fraudulent activity to an expertly trained fraud detection team. Multiple methods are used to screen and analyze all components of a sale -- vendor-facing, customer-facing and bank-facing. But as business volume increases and fraudulent methodologies change it becomes important to continually add to the fraud detection arsenal. Finding innovative software to identify fraud that would be invisible to the prying eyes and keyboards of hackers led 2CO to software from newcomer 41st Parameter.

Fraud Hunt

The transaction monitoring begins once a cardholder initiates a transaction. A profile of the transaction is created from information 2CO gathers from the cardholder’s PC. This data creates a dynamic cardholder fingerprint. The fingerprint can be used to identify questionable activity.

Additionally, 2CO fraud hunters perform velocity checks that scour for fraudsters attempting to place multiple orders. If an inconsistency in a customer’s purchasing routine is detected, that transaction is tagged for manual review. To further enhance the fraud hunter’s ability to detect suspect transactions, dynamic checks and balances performed by software and fraud investigators change day-to-day.

Further data analysis characterizes fraud of a different type. Cutting-edge software scrutinizes the banking side of the transaction, as it relates to cardholder information. Flagged transactions are routed for manual analysis by the fraud team. When the fraud team finds fraud the transaction is tagged with a WAIT designation while additional information is gathered. Often this time during the WAIT period can be used to identify additional accounts the perpetrator may have.

After a known fraudster has hit a vendor site, that fraudster’s dynamic fingerprint is stored in a negative database for future investigation. By creating a type of expected behavior profile from that user’s data, the software can suggest with a high degree of accuracy which transaction has repeat fraud information. If any of that information comes through the system again, it is automatically tagged for manual review.

The Outcome?

2CO’s successful approach to fraud and risk management is evident in the numbers. Their front-to-back fraud detection systems, including new software systems implemented with 41st Parameter, have achieved the following results.

• Since new security measures went into place in June, 2006, there has been a 75% reduction in the number of claims that needed to be investigated manually.

• Savings to vendors on chargeback fees due to fraud rose a staggering 25%.
• For the last half of 2006, vendors partnering with 2CO will save some $50,000 in chargeback fees where the code was fraud.

Examining the data indicates that 2CO partners receive tangible savings beyond those from relinquishing the in-house fraud detection — better and more accurate fraud spotting and fewer chargeback fees.

2CO Security = Cost-Savings and Customers

Retailers may want to consider a 2CO partnership in order to lessen the impact of strategic and budgetary planning, hiring and training needed to meet the PCI level changes slated for autumn, 2007. Further, the amount of manpower needed to maintain and plan for additional and inevitable changes in the hardware, software, and compliance landscape may be too dynamic for retailers to adjust their budget projections.

There may be an even greater incentive for partnering. Fraud is reduced. And as PCI compliance continues to evolve and the measures to ensure consumer confidence become more complex, 2CO becomes a partner that streamlines the compliance issue and protects the retailer’s brand and image.

In fact, the retailer’s brand is actually strengthened because consumers find a high level of security and increased confidence in the retailer, yielding fewer abandoned shopping carts and more completed sales.

As a further benefit, 2CO has an experienced in-house, not outsourced, multilingual customer support team to provide customer service for purchasers and vendors. Questions from the cardholder about refunds can be dealt with by 2CO. Having this service integrated into the entire 2CO partnership means that a customer can get answers about transaction questions in real-time – with no disconnect between the transaction and the query.

All articles from "Point of Sale"