Ezzie Schaff: Fighting online fraud requires delicate balance

Countermeasures for thwarting Internet fraudsters must be balanced with customer service.

I've been battling online fraud for a decade and the job doesn't get any easier. The fraudsters are continually

looking for new ways to deceive and steal, requiring constant vigilance. In the past, fraudsters were easier to spot, such as someone in another country ordering an international shipment. Today, sophisticated fraudsters are using tactics likes spoofing their IP addresses and using U.S.-based shippers.

Every day, we're up against new schemes. What may have worked to fight fraud even just a year or two ago can quickly become ineffective.

At Ice.com, where we sell high-ticket jewelry items that cost anywhere from $50 to $50,000, we have to be especially on guard. In retail, jewelry usually commands a higher street value, making it particularly attractive to criminals.

While you can't completely eliminate fraud, you can minimize it. One countermeasure we've found to be highly successful in beating back fraud is knowledge-based authentication (KBA). We use the technology to verify the identities of customers calling into our call center with high-risk transactions -- cases that have been flagged for potential fraud.

The KBA system provides our call center agents with a series of questions about the individual customer -- ones that technically could only be answered by the person conducting the transaction. The system accesses a mix of public records, such as those maintained by credit bureaus, and commercially available databases. It also measures the level of risk associated with a particular identity and can address high-risk identities by adjusting the difficulty of the questions.

However, using the KBA tool requires a delicate balancing act so as not make customers feel uneasy. Many of our customers are shopping for special occasions like engagements and weddings and the last thing we want to do is spoil the event. We've learned to mold fraud prevention into a customer service experience. We conduct the conversation in a way so that the customer understands the series of authentication questions is to their benefit, not just the company's. Once we explain the risks people face in using their credit cards for online purchases, our customers appreciate the fact we go the extra mile for them.

With the KBA tool, we've seen a substantial reduction in fraud-related chargebacks, saving Ice.com money in reimbursing customers whose cards have been used fraudulently. At the same time, the security system hasn't affected our customer satisfaction rating.

Sometimes battling fraud also involves physical security measures. We've seen an increase in "soft fraud" -- specifically, cases in which a customer claims non-receipt of merchandise and return fraud. We believe these recent fraud trends may be a result of bad economic conditions. To combat the problem, we videotape on high-resolution tape every shipment from the time it's packed to the time it's sealed. We do the same for returned packages. Anytime a package is returned -- from the time it's received in the shipping facility and sent to the packing station -- we videotape it so it's very clear what was in the package.

We have to do this -- especially in our business of selling high-end merchandise -- because someone can claim to have returned an item but actually return an empty box. Our diligent gathering of physical evidence has led us to win every time we take a fraud case to court.

To deal with the rapidly evolving nature of fraud, we're constantly evaluating our data and investigating new technologies. But more importantly, we speak often with others in our industry. Industry collaboration is critical in the fight against fraud. If a fraudster is targeting one jewelry site, they're likely going to do the same to another the next day. When it comes to battling fraud, competitors quickly become collaborators.

SECURITY 7 AWARDS

Ezzie Schaff

Title: Vice president of client relations and risk management

Company: Ice.com

Kudos:

  • Manages team of 30 call center agents and several IT professionals at Ice.com, which has served over a half million customers since 1999.
  • Successfully implemented knowledge-based authentication system for verifying identities of customers at its call center with high-risk transactions
  • Member of development team and advisory board for company that created groundbreaking encryption technology for securing electronic transactions
  • Member of the Merchant Risk Council

INFORMATION SECURITY MAGAZINE'S 6TH ANNUAL SECURITY 7 AWARDS

  Introduction
  PHIL AGCAOILI
Consumerization of IT and enterprise evolution: Consumer devices in the workplace and the shift to cloud services require new security standards.
  BRIAN ENGLE
An effective information security program requires ongoing monitoring: A successful information security program uses ongoing oversight and monitoring to manage risks.
  BLANCA GUERRERO
Online banking security is a balancing act: Online banking security requires providing users with choices in order to minimize risk without becoming intrusive.
  CHRISTOPHER IPSEN
Government transformation through technological innovation: The economic crisis gives government entities the opportunity to change for the better.
  NICK MANKOVICH
Maintaining health care privacy and security: In the world of health care, the more we value privacy, the harder we work to protect it.
  JULIE MYERS
Implementing an information security strategy in a decentralized environment: Implementing data security in a decentralized organization requires a collaborative approach.
  EZZIE SCHAFF
Fighting online fraud requires delicate balance: Countermeasures for thwarting Internet fraudsters must be balanced with customer service.
This was first published in October 2010

Dig deeper on Two-Factor and Multifactor Authentication Strategies

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close