- By Rafael Lourenco, EVP, ClearSale
We’re a society obsessed with getting feedback on everything from bagels to B2B vendors because we know that more information, especially up-to-date information, helps us make better decisions. This is as true in fraud prevention as it is in any other field, perhaps even more now that large-scale data breaches and increasingly sophisticated criminal practices have made it easier for thieves to manipulate valid data to commit fraud. Here’s why online retailers who want to stop the rising tide of e-commerce fraud should look for data that’s properly contextualized and subject to regular feedback about its validity.
Three levels of data, three levels of usefulness
In general, there are three levels of data sources available to businesses for use in marketing research: demographics, fraud prevention, and other business processes. Each level has its own limits of usefulness.
At the first level, the database is a straightforward collection of a type of data point, such as names, addresses, or phone numbers. Having a data point alone is simply a snapshot in time that shows, for instance, that a particular email address existed a certain number of months ago, but not what billing address or phone number were used with that email address in a valid online transaction. In these databases data points are relatively static, free of context, and only move in one direction—from the data provider to the business client. There’s no feedback from client to provider about the validity of the data, so it’s impossible to be certain that all the data is valid.
At the second data-source level, the provider adds context for multiple related data points. For example, a hotel chain sells data that includes guest emails, phone numbers, and billing addresses. The chain validates the data through its reservations process to ensure that the customer’s email and phone number are related. This is more helpful than simply knowing that the email and phone number exist. However, the information is still only moving from data source to business client. The lack of feedback leaves a knowledge gap that fraudsters can exploit, and it precludes total reliability for users. For example, by making a booking with the email and phone data at the hotel chain and adding new payment information, criminals can set up the valid email and phone data for use in future fraud with stolen credit card numbers.
At the third level of data source, providers find out whether the data is fraudulent or valid—for example, do account bills go unpaid or are they paid without fraud claims? In cases of verified fraud, the data providers know how all the multiple data points (such as card number, billing address, email address, and phone number) are associated and they can determine how that combination of data was exploited to commit fraud. Most important, data providers at this level know when the data has not been associated with fraud and is reliable. With this two-way flow of information from source to client and back, the data not only has context, but it’s constantly evolving as it is used. This makes it a much stronger and more reliable resource.
Evolving data context matters more and more
These different data-quality levels matter to all businesses, especially for fraud-prevention use cases. That’s because while a one-percent data error rate in marketing databases results in misdirected mail or email advertising, a one-percent rate of completed fraud in e-commerce is a big problem in terms of revenue loss, product loss, and chargeback ratios. A contextualized, evolving data source that shares information in both directions with clients is a much more reliable tool for spotting fraudulent orders.
That’s likely to be even more true in the future because consumer data breaches are fueling a gap in database quality. Consider the Equifax breach that exposed personal information for some 145 million North American consumers last summer. That story has faded from the headlines, but the stolen data could be used by fraudsters for years to come—especially Social Security numbers, which are virtually impossible to change. How will such breaches affect data source quality?
At the first and second levels, fraudsters can use stolen data to affect single-data-point and one-way data sources. For example, thieves can link stolen billing addresses to their own mobile numbers. Over time, as more breaches occur, more thieves corrupt the data and the data information remains one-way so databases at levels one and two will deteriorate cumulatively over time. Meanwhile, the level three data sources are sharing information in two directions to validate their data over time. Ongoing quality maintenance by third-level data sources plus the declining quality of the other two types of data sources will result in greater differences in reliability for end users, especially fraud-prevention programs.
What does all of this mean for online merchants who want to protect their businesses from fraud? High quality consumer data situated in context and continually validated by two-way communication is a key to successful fraud prevention. As thieves become more sophisticated about corrupting valid data, and as more corruptible data falls into the hands of criminals, data providers and end users must share information to maintain data quality and usefulness.