Hardware, software and consumer electronics retailer PC Mall realized two years ago that escalating fraud was threatening to wipe out the operational savings achieved by selling its wares online.
"The cost savings we were seeing from having an Internet site where customers can place orders without human intervention -- we were losing those savings on the back end to fraud," says Kenneth Sayers, director of credit for the US$853 million retailer.
Proportionally, PC Mall's Web site generates more fraudulent activities than its other sales channels, including its mail-order business, call center and retail stores. While Internet orders account for 25 percent of PC Mall's business, they generate 90 percent of fraud attempts, Sayers says. "The amount of fraud that we see is mind-boggling," he says.
PC Mall isn't alone. Internet fraud is a widespread problem for retailers. Based on results of its annual survey of e-commerce crime, security company CyberSource estimates online crooks will make away with $1.6 billion of $94 billion in 2003 U.S. business-to-consumer e-commerce revenue.
To combat this, PC Mall has honed over the last two years a three-tier system for catching fraudulent orders.
Its first line of defense is a service from CyberSource that screens orders for suspicious entries, such as geographically mismatched customer information -- an overseas IP address with a U.S. billing address, for example.
The second and third tiers of PC Mall's strategy depend on in-house systems for catching bad orders. Once an order is screened by CyberSource, PC Mall matches it against a "negative database" containing fraudulent order information collected over the last eight years. "Every single order that comes into our system has to go through that process," Sayers says.
After that, PC Mall relies on a custom-written program that compares orders being placed to historic orders to see if any of the information matches. With multiple stolen credit cards, a thief often will use a common ship-to address or telephone number – a clue that PC Mall looks for, Sayers says.
All systems go
With its systems in place, the retailer is on track to reduce its losses this year, Sayers says. Last year PC Mall lost a little more than $1 million in fraudulent orders that it didn't catch in time. This year, the company has kept its losses to about $750,000.
Last month alone, PC Mall stopped $1.1 million worth of fraudulent orders, bringing its yearly total to $10.8 million. Last year, PC Mall stopped $7.3 million in fraudulent orders.
"We're definitely seeing huge improvements," Sayers says. He attributes this not only to technology but also to training. "We keep on top of fraud trends and do a lot of staff training," he says.
PC Mall's fraud detection systems replace what once was a very tedious, time-consuming process for catching fraud. "We've traditionally had a large staff of people who manually reviewed the orders," Sayers says. "As the business grew, we recognized that it just wasn't possible to simply use human beings to look for fraud.”
One challenge is taking care not to alienate legitimate customers while trying to ferret out fraudsters. "The challenge is to create policies and procedures to fight the fraud but not alienate legitimate customers by putting them through a process that makes them think that they are the bad guy,” Sayers says. “That's a fine line that we walk everyday."
Why so much fraud? One reason is a perception of online anonymity that emboldens criminals, Sayers suggests. In addition, the ability to easily sell stolen gear makes fraud attractive, he says. "Unwittingly, places like eBay, and large Internet sites that facilitate sellers and buyers, have increasingly become a great way for thieves to get rid of stolen merchandise."
It's important that retailers stay diligent about fighting fraud and going after offenders, Sayers says. "PC Mall does a lot with law enforcement, we actively try to catch the crooks," he says. It’s satisfying work, he finds. "It's fun fighting fraud -- there's never a dull day."