Credorax’s Igal Rotem on adapting to the threat of fraud

Igal Rotem, CEO at Credorax, spoke to PaymentExpert about the evolving threat of fraud and how it impacted the busiest period for e-commerce.

PaymentExpert: How has the climate for online fraud changed since the start of the pandemic and how long-lasting will this be?

Igal Rotem: Since the start of the pandemic many businesses have realised that to stay competitive in this new reality, they must have an online presence and online payments capabilities.

Those who already had online businesses experienced a significant surge in their online activity with local and global shoppers favouring no-contact shopping and delivery. Credorax saw the daily number of transactions grow more than 130% compared to the period before COVID. Businesses that had previously worked locally expanded to new regions to make up for lost in-person business caused by lockdowns and local restrictions.

All these businesses also encountered more fraud, especially if prior to the pandemic they were working mainly in a point-of-sale, card-present environment (which has significantly less fraud than online purchases). Credorax saw a rise in BIN (the first six numbers of a valid debit or credit card) attacks – attacks where fraudsters automatically and systematically try to make transactions using a few series of BINs, until they find working cards – from once-in-a-while to three  to four times a month. Additionally, there has been a rise of 50 per cent – 60 per cent in attempts of fraudulent merchants trying to get fake phishing websites live and approved for payments.  

While we see that some regions have started to return to normalcy as vaccines are being introduced and the number of new cases is going down, we do not expect merchants to abandon their new online presence. The pandemic forced businesses to adapt quickly and create new processes for remote work, online payments, and delivery processes – all of which helped them to expand their business to new audiences.

As e-commerce continues to grow, businesses must learn how to manage the downside of online commerce – higher fraud.

PE: What can firms do to ensure that their methods in combating fraud are flexible and withstand various changes?

IR: Fraud can come in different forms – brute force attacks, shopper fraud, chargebacks – and with all the solutions on the market, it can be confusing for businesses to know which payment provider is right for them.

When choosing a payment provider, merchants should look for the following criteria:

a. Smart solution that help merchants analyse risks automatically and make decisions that protect them from fraud without rejecting good transactions

b. Flexible solution that allow merchants to control and optimise their fraud management

c. Robust solution that covers a variety of fraud scenarios

For example, a solution that uses machine learning will be more accurate and more flexible for merchants as compared to a solution with predefined rules.

Payment providers will need to rise to the challenge of moving beyond the standard fraud solutions used for point-of-sale and e-commerce transactions to fully blown omni-channel experiences to enable merchants to meet customers’ demands for smoother, safer payments.

PE: The holiday period is always heightened in terms of fraud, however, what action can be taken to halt the rise of online fraud during this upcoming unique holiday period?

IR: Credorax always says to our merchants that, ‘we are your payments experts, but you are the expert on your business’.

Every business has its peak periods. Specifically, during holidays when people shop and spend more and purchase patterns are notably different than the rest of the year. The same tools that protect merchants throughout the year will continue to do so during holidays and peak seasons. Flexibility and optimisation are crucial to allow merchants to quickly and smartly adjust to different shopping patterns, while significantly reducing friction for shoppers under pressure due to the upcoming holiday.  

Businesses that expect a busy holiday season can assign additional resources and be prepared to manage and respond to the changing consumer behaviour during the holiday season. This will ensure more fraud-free transactions and higher revenue to the merchant’s bottom line.

PE: What lessons can be learnt from the 2020 holiday period?

IR: E-commerce was key to making the holiday shopping season a success, with a 49% increase in online sales compared to 2019. One major takeaway from the 2020 holiday period is how important the ‘online experience’ has become. This includes everything from the options for ordering (i.e. online ordering, in-store or curbside pickup) to a user-friendly checkout page.

Another lesson learned is the importance of implementing a flexible and fast-learning solution that adjusts automatically to the merchant’s traffic (such as machine learning-based solutions). As the holidays are usually peak periods, merchants need a solution that can quickly adjust to different shopper behaviour. Older solutions (such as rule-based anti-fraud solutions) tend to be less accurate, which causes more false-positives (identifying something as fraud when it is not) and thus loss of conversions and loss of revenue.

PE: Can you tell us more about just how crucial combating online fraud is in terms of a firm’s bottom line?

IR: The way a merchant manages fraud risks in e-commerce can have a tremendous impact on their business and bottom line. With fraud, you do not only lose the value of the single purchase, but if not managed properly, you risk higher fees paid to your payment processor, fines imposed by card scheme and regulators, and in the worst case you risk losing the ability to accept payments.

The more sophisticated the anti-fraud technology becomes, the more fraudsters find new and devious ways to attack (DDoS, brute-force attacks and more). For example, when one of our merchants experienced a DDoS attack – an event that could have been devastating for their bottom line –  our anti-fraud solution successfully blocked 99.98% of the fraudulent transactions. It is crucial that merchants select a risk management solution that helps them fight different types of fraud while ensuring that legitimate shoppers sail through checkout seamlessly.

Moreover, smart risk management solutions do not only protect merchants from fraud but can even help them expand their business to new regions and markets that they could not have supported beforehand. For example, if a merchant was using a rule-based solution, they may have had to block a certain region (if that region had a high fraud-rate). However, if a merchant upgrades to a smart machine-learning-based solution that assesses fraud using dozens of variables to determine the risk of a transaction, they can open their business to regions that were previously completely blocked. 

Merchants who switched to a machine-learning solution reduced their fraud by approximately 30% with only a minimal effect on their approval rate and conversion. Fraud-prevention solutions must be dynamic and scalable, operating in real-time to analyse and block transactions, while also complying with new regulations to protect their merchants, and the merchants’ customers. 

PE: How crucial is it that strengthened security is married with a seamless payment journey?

IR: Shoppers today expect a smooth and seamless shopping experience with quick checkouts, without friction or complex authentications. User experience and a customer’s likelihood in returning to an e-commerce site is heavily based on a frictionless shopping experience.  

While the opportunities for a merchant’s business are high, so can be the risks. Merchants need risk management solutions that tie into their seamless checkout process and protect them from fraud and other risks without impacting the customer experience. In Europe specifically, merchants should also look for a payment provider that helps them stay up to date with the new PSD2 strong customer authentication regulations to provide customers a frictionless checkout experience that is compliant and secure.