Blacklists: a black eye on ecommerce fraud protection
Online merchants know that chargebacks are costly: there’s the refunded purchase amount, chargeback fees, return shipping costs, costs to replace the merchandise, and the time spent trying to dispute a chargeback. If an etailer gets hit with too many chargebacks, its payment processors will cease to do business the merchant, potentially forcing it out of business by preventing the merchant from getting paid.
Blacklists to the rescue?
Faced with the prospect of crippling losses or even going out of business, many ecommerce companies have decided to come up with their own blacklists in the hopes of screening out orders from criminals using stolen credit card info and legitimate customers who abuse the chargeback system. Each merchant can create and maintain their own blacklist, but it’s also common for several merchants or even an entire industry to share blacklists. However, the problem is that these blacklists are an ineffective tool for decreasing chargebacks, especially those stemming from card not present (CNP) fraud.
Let’s take a moment to explain why.
First, it’s helpful to understand what gets added to a blacklist. When an etailer gets hit with a chargeback, all of the details of that transaction – the purchaser’s IP address, shipping address, billing address, credit card issuing country, and so on – gets added to the blacklist. If an order comes in whose details match an order on the blacklist, that order is immediately prevented, and so is the costly chargeback.
In reality, lots of legitimate orders get blocked since some of their details match those found in orders appearing on the blacklist. If a fraudster uses a specific IP address – say one from a large university – then all subsequent orders from that same university may get falsely declined. Since an overwhelming amount of online orders are in fact legitimate, these false declines represent a lot of money in lost order revenue, and that’s not even considering the potential customer lifetime value of people who will never consider doing business with someone who labeled them as a criminal.
Without the ability to intelligently link order details to other information sources, and thereby recognize the legitimate story behind an order that might first raise a few red flags, crude fraud prevention tools such as blacklists hurt the 7 figure eCommerce companies like they intend to help.
Give fraudsters credit
Not only do these blacklists block a lot of legitimate orders, they also fail to stop the fraudsters. Since the criminals have access to an almost unlimited amount of stolen credit card info on the black market, they can just switch card numbers, billing and shipping addresses if the card info they’re using gets put on a blacklist. It’s important to realize how easily fraudsters can change their online identity. Legitimate customers, on the other hand, rarely do.
Since the information on the blacklist is being used without the benefit of real-time corroboration from other data sources, merchants are unable to keep up with the fraudsters as they adapt their tactics. The result is a reactive, “Whack A Mole” approach to fraud prevention.
Another major problem with blacklists is that a customer who initiates a chargeback against a merchant for a legitimate reason can end up being blocked from doing business with that merchant ever again, because the merchant might mistakenly attribute that chargeback to “friendly fraud”. If that merchant is using a shared blacklist, their customer may not be able to do business with several etailers, through no fault of their own. Consider this collateral damage from real friendly fraud. This is one of the reasons why it’s better for consumers to contact the merchant’s customer service department and obtain a resolution that way, rather than calling their bank and initiating a chargeback.
Better fraud filtering with machine learning
The obvious question here is if blacklists have so many problems, why are they such a common tool for fraud prevention among ecommerce companies? One reason is that 7 figure business owners see the cost due to chargebacks, but not the lost revenue due to false declines, so there’s no perceived penalty for declining lots of good orders along with the few bad ones.
Another reason is the fact that more sophisticated fraud prevention tools, like the new breed of solutions based on machine learning and chargeback protection offered by companies like Riskified, haven’t yet been widely adopted among eCommerce companies. These tools offer the benefit of elastic linking of order details to social media accounts and other data sources. These intelligent fraud prevention offerings can therefore see beyond the often misleading red flags that are present in many legitimate orders. They can also keep up with the ever-evolving tactics of fraudsters better than any blacklist can.
Founder Dinis Guarda
IntelligentHQ Your New Business Network.
IntelligentHQ is a Business network and an expert source for finance, capital markets and intelligence for thousands of global business professionals, startups, and companies.
We exist at the point of intersection between technology, social media, finance and innovation.
IntelligentHQ leverages innovation and scale of social digital technology, analytics, news, and distribution to create an unparalleled, full digital medium and social business networks spectrum.
IntelligentHQ is working hard, to become a trusted, and indispensable source of business news and analytics, within financial services and its associated supply chains and ecosystems