This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners and the latest on effective security awareness."
Download it now to read this article plus other related content.
I've been battling online fraud for a decade and the job doesn't get any easier. The fraudsters are continually looking for new ways to deceive and steal, requiring constant vigilance. In the past, fraudsters were easier to spot, such as someone in another country ordering an international shipment. Today, sophisticated fraudsters are using tactics likes spoofing their IP addresses and using U.S.-based shippers.
Every day, we're up against new schemes. What may have worked to fight fraud even just a year or two ago can quickly become ineffective.
At Ice.com, where we sell high-ticket jewelry items that cost anywhere from $50 to $50,000, we have to be especially on guard. In retail, jewelry usually commands a higher street value, making it particularly attractive to criminals.
While you can't completely eliminate fraud, you can minimize it. One countermeasure we've found to be highly successful in beating back fraud is
The KBA system provides our call center agents with a series of questions about the individual customer -- ones that technically could only be answered by the person conducting the transaction. The system accesses a mix of public records, such as those maintained by credit bureaus, and commercially available databases. It also measures the level of risk associated with a particular identity and can address high-risk identities by adjusting the difficulty of the questions.
However, using the KBA tool requires a delicate balancing act so as not make customers feel uneasy. Many of our customers are shopping for special occasions like engagements and weddings and the last thing we want to do is spoil the event. We've learned to mold fraud prevention into a customer service experience. We conduct the conversation in a way so that the customer understands the series of authentication questions is to their benefit, not just the company's. Once we explain the risks people face in using their credit cards for online purchases, our customers appreciate the fact we go the extra mile for them.
With the KBA tool, we've seen a substantial reduction in fraud-related chargebacks, saving Ice.com money in reimbursing customers whose cards have been used fraudulently. At the same time, the security system hasn't affected our customer satisfaction rating.
Sometimes battling fraud also involves physical security measures. We've seen an increase in "soft fraud" -- specifically, cases in which a customer claims non-receipt of merchandise and return fraud. We believe these recent fraud trends may be a result of bad economic conditions. To combat the problem, we videotape on high-resolution tape every shipment from the time it's packed to the time it's sealed. We do the same for returned packages. Anytime a package is returned -- from the time it's received in the shipping facility and sent to the packing station -- we videotape it so it's very clear what was in the package.
We have to do this -- especially in our business of selling high-end merchandise -- because someone can claim to have returned an item but actually return an empty box. Our diligent gathering of physical evidence has led us to win every time we take a fraud case to court.
To deal with the rapidly evolving nature of fraud, we're constantly evaluating our data and investigating new technologies. But more importantly, we speak often with others in our industry. Industry collaboration is critical in the fight against fraud. If a fraudster is targeting one jewelry site, they're likely going to do the same to another the next day. When it comes to battling fraud, competitors quickly become collaborators.
|SECURITY 7 AWARDS|
Title: Vice president of client relations and risk management
INFORMATION SECURITY MAGAZINE'S 6TH ANNUAL SECURITY 7 AWARDS
Consumerization of IT and enterprise evolution: Consumer devices in the workplace and the shift to cloud services require new security standards.
An effective information security program requires ongoing monitoring: A successful information security program uses ongoing oversight and monitoring to manage risks.
Online banking security is a balancing act: Online banking security requires providing users with choices in order to minimize risk without becoming intrusive.
Government transformation through technological innovation: The economic crisis gives government entities the opportunity to change for the better.
Maintaining health care privacy and security: In the world of health care, the more we value privacy, the harder we work to protect it.
Implementing an information security strategy in a decentralized environment: Implementing data security in a decentralized organization requires a collaborative approach.
Fighting online fraud requires delicate balance: Countermeasures for thwarting Internet fraudsters must be balanced with customer service.
This was first published in October 2010