This piece is part of our Expert Spotlight on Fraud series, dedicated to featuring experts in the online risk management and fraud detection sphere. As a group, they encounter diverse challenges and mount their offenses in different and innovative ways, and in this series, they offer their learnings for others starting out in the industry and for those running risk teams.
This week, we’re featuring Jamie Ceccato, Risk Specialist at Build.com, an online home improvement store.
On how she started off in fraud and risk management
I’ve been here for collectively about two years, and I got into it as a kind of a fluke. I had a friend who worked in the finance department at Build.com, and they needed some help due to someone leaving on maternity leave, so I just kind of got thrown in here. I’d never really thought about online fraud before, and I wasn’t a huge online shopper, so it was something that was completely new to me. Then I ended up staying on permanently.
It was eye opening to discover that not only is fraud an industry in itself, and that it’s something that not only Build.com had to deal with, but everyone, card-present or card-not-present, faced it. I was surprised what people would attempt to get away with.
On the difficulty of explaining what a fraudulent order looks like to the salesforce
Online fraud can be very difficult for others, especially people new to ecommerce, to understand. For example, we have probably about 250 field representatives on the floor, working with vendors, contractors and the like to make sales.
What’s particularly hard for them to grasp is that fraud is not only something that occurs regularly, but that the dollar amount on the order doesn’t matter. It doesn’t have to be a huge dollar order to be fraudulent. For example, the hot ticket item for fraud could be an $80 garbage disposal. Those of us on the risk team can take a look at an order for said disposal and immediately see some factors that signal potential fraud. Because we see hundreds of orders, we can see the fraud, but for them, it’s mind-blowing that something so small could be fraudulent.
On what qualities a risk analyst needs to have
Firstly, a mind for pattern detection. You can get an idea of trends no matter how mathematically inclined or analytical of a mind that you have. You need to be able to look at a orders and think “I just saw that,” and identify the common thread. I can immediately recognize when orders start to look similar, and spot when, for example, we’re suddenly selling more of a certain product than we were previously, and all the orders are occurring through a particular email domain.
Secondly, you have to be proactive. Anybody can do manual review. Anybody can sit there and look at orders, but not everybody can be forward thinking and act on more of a preventative scale. When you start to observe patterns, you have to think “What can we do now that we are seeing this?”
On the importance of re-evaluating internal methods to fight new fraud
If you set up a fraud detection system a decade ago, that’s not necessarily going to work for you in five years when trends change. We have a rules-based system, and we’re continually working on improving our rules and re-evaluating them. They’re working for us now, and we’re happy with it, but we know it has to continually be made better.
We constantly ask ourselves:
- “How can we make what we have better?”
- “How are we going to prevent x from happening in the future?”
- “What do we need to look for now that we know that this is something that’s going on?”
- “How can we reduce false positives?”
- “What other outside information can help us?”
On the increase of friendly fraud and how they’re fighting back
We’re online home improvement, so we’re the middle man. We have over 400 vendors, and we basically supply their items on our website, and then dropship from the vendors directly to the customers. We don’t keep any merchandise in-house.
With that in mind, we come across friendly fraud specifically in certain types of chargebacks, mainly claiming merchant error or not recognizing the merchant descriptor on their billing statement. We can clearly see that they received the products, but they want to dispute the charge.
It’s definitely increasing, especially within the last 8 months, but we’ve been able to successfully win most chargebacks due to how diligent we are about our orders. We note everything, we gather proof of delivery etc. I look at it from the perspective of the person evaluating the evidence, anticipating what they’d want to see. It’s helped us keep our chargeback rate quite low.
On her philosophy around risk management
Fraud’s never going to go away. That’s just reality, but we can at least work on trying to stay ahead. When I first started, I had this mindset where I looked at everything and thought it was fraudulent, because it didn’t pass your internal point system. You figure, it’s got to be in there for a reason. You just kind of think everything’s fraud. It’s a hard mindset to get away from once you’ve been thinking that way for a little while.
Then, I went to a MRC conference (Merchant Risk Council) and it was eye-opening, because you get the whole scope of the industry perspective. One thing that I took away was what your focus should be: don’t focus on proving that it’s not fraud, focus on what makes it conclusively fraudulent.
Because, in the nature of our business, billing and shipping mismatches for examples are something that is pretty consistent with a huge portion of our orders. You can’t just assume that spells fraud, that there’s no relationship between the two addresses. You need to investigate and paint the picture of that order.
On the key to reducing false positives, fraudulent orders and keeping happy customers
Communication is hugely important for us, both internally with our sales reps and with our customers.
The sales reps are the ones fielding concerns from the customers, and we want them to be as informed about the order review process as possible and able to communicate with the customers about what we need from them for the orders. We want them to be honest about what we’re looking for, information-wise. In training, I tell the reps that every order is subject to review and our fraud screening process, and what data we need to feel good about an order. It’s going to help them take care of their customer now and down the line, so I approach it from a customer service angle.
Our sales reps know that while they’re qualifying them in a sales sense, they’re also doing so in a fraud sense. They’re already asking this person what projects they’re working on because they’re attempting to sell them something else for their bathroom or their kitchen. If they’re shipping somewhere else than billing, they’ll nonchalantly ask them about it, just like you would in a conversation with someone. And in turn, they’ll let us know if somebody was a little disheveled when for their information or asked to confirm the billing and shipping address.