Site icon Merchant Fraud Journal

How to Use a Data Lake in your Card Not Present Fraud Prevention Strategy

In this article, we will discuss how to use a data lake in your card not present fraud prevention strategy. Knowing how to do this is the next step down the path of leveraging data. There are several ways that data is aggregated and leveraged, ranging from proprietary (in house) data, to merchant network data (contributed to, and shared, across a merchant network), and consortium data (global data sources that contribute to a network of information).

What is the point of a data lake for a card not present fraud prevention strategy?

“The primary purpose of a data lake is to make organizational data from different sources accessible to various end-users like business analysts, data engineers, data scientists, product managers, executives, etc., to enable these personas to leverage insights in a cost-effective manner for improved business performance” – Qubole, December 2020

As we discussed in the previous article, there are many data points associated with every step along the customer experience journey. Billing information, Device information, geo-location, shipping information, and historic data for an account, to name a few.

As stated above, data lakes of different sources provide more data to the end user, allowing for accurate determinations, resulting in maintaining a balance between merchant security and customer satisfaction. In today’s market, this is becoming more important by the day.

What’s the difference between different types of data lakes relevant to a card not present fraud prevention strategy?

Each “type” of data lake is different and has notable pro’s and con’s.

Proprietary data is found exclusively within the systems of the end-user’s operation. Any transactions that took place within the company can be referenced by the employees, but there is a limit to the available information as you will see in the next examples.

Merchant Network data is comprised of data that is shared among a list of merchants and is maintained by a service provider. For example, let’s say that merchants “A”, “B”, and “C” employ the same service provider for a piece of their fraud prevention strategy. Every transaction from “merchant A” is put through the process will be analyzed against the collective data provided by all 3 merchants. Once the analysis is complete, the data of that transaction now becomes a part of the system and the cycle continues.

Most service providers work with a large number of companies, resulting in a global network of data that is reinforced with every passing day.

Consortium Data typically includes the merchant network, but expands to include other data sources such as social media, telecom companies and public information. Consortium data stands to be the most expansive data, as these data sources provide insight to different data points relevant to a transaction and potentially have access to information that has been around for a longer time.

What does this mean to me and my card not present fraud strategy?

An effective fraud prevention strategy serves to strike and maintain a balance between merchant security and customer satisfaction. Too much emphasis on one idea and the other will suffer. The key to maintaining this balance is accuracy. Accurate determinations allow for a friction-less customer experience for good (verified) customers and the identification of suspicious activity quickly.

Most merchants go through a period of leveraging only proprietary (in-house) data. The goal of the company is to expand operations by attaining new customers.

How confident can the operator be when encountering first-time users?

There is no historical data in the system. Assumptions can be made about the geography, or the billing and shipping information. The IP Address might be 10 miles from house or next door and the question still persists.

How to improve your card not present fraud prevention? Collaborative data lakes.

As new customers engage with the merchant, the idea is that the PII (Personal identity information) and billing information (card number, billing address) has been seen somewhere else by another company who is contributing data to the data lake.

Now your company has access to historic data outside of your specific operation and can reliably make accurate determinations. This new customer might have a billing address in Las Vegas and a shipping address in Florida. Without expansive data, this might be escalated or flagged as suspicious. However, by leveraging expansive data, you can quickly see that this is a typical spending habit for a mother in Las Vegas, sending items to her son in Florida.

This works the other way as well.

Consider another first time customer who has input the correct billing information for an order, but requested that the item be picked up in-store (BOPIS, By Online, Pickup In Store / Curbside Pickup).

The billing information is accurate as per the reported AVS and CVV. This should fly through your system, right?

Not necessarily.

When the order is placed, the user submits an email address and a phone number. By tapping into the merchant network or consortium data, your analysts can quickly see that this email address has never been associated with this billing information, the phone number is associated with a number of chargebacks and has flags for fraud.

How do I choose the right data lake sources for my company?

This is dependent on several factors, such as the merchant’s expected exposure to specific types of fraud, the industry, the types of engagements that the merchant participates in, and more.

As a baseline, I feel that PII is the most valuable information available if used effectively. In addition to access to expansive data, service providers will also automate the investigation, effectively filtering through countless pieces of information to result with easy-to-digest risk analysis scores, suggestions, guarantees and more.

Regardless of your industry, this might be a good starting point for you to consider.

Service Providers to consider include: Pipl, Ekata, Indentiq

Building the best card not present fraud prevention strategy

I hope that this article has illustrated the importance of expansive data sets when considering your fraud prevention strategy. If you have any questions, please feel free to leave a comment or reach out to be directly on LinkedIn.

In the next article, we will discuss various techniques employed by different service providers in the space and how to determine the best ones for your operation.


In this series:

Part 1: How to Create a Card Not Present Payment Processing Strategy

Part 2: How Fraud Analysts Can Review E-commerce Transactions Accurately

Part 3: How to Create an Omnichannel Fraud Prevention Strategy

This article has been contributed by Alex Hall, a former fraudster who spent ten years successfully operating in the Las Vegas fraud scene. Today, he is the Principal at Dispute Defense Consulting, a Full-Spectrum Fraud Mitigation Consulting agency, with an aim to assist merchants to build a comprehensive defense against fraud throughout many aspects of their system.

Exit mobile version