If last year is anything to go by, Americans will spend over $60 billion in the four days from Thanksgiving, this Thursday (Nov. 28), to the end of the weekend. That doesn’t include “cyber Monday,” when merchants put up post-Thanksgiving deals online; Adobe reckons Americans will spend another $2.3 billion on that day this year, up 15% from last year.
This is great news for retailers. It is also a bonanza for fraudsters (registration required), who use the holiday rush to sneak in charges that they hope will go unnoticed. Dubious deals, card fraud and even returns fraud are popular scams. And as if to make their lives easier, many companies relax their fraud measures somewhat over the holiday period to avoid frustrating legitimate customers. And even shoppers unaffected by fraud may find their bank and credit card statements filled with baffling charges when they get around to reviewing their statements in the haze of the new year.
It doesn’t have to be that way. Verifying a card transaction is no longer about just one signature or four-digit PIN. Instead, for every transaction you make over the coming days and weeks, a number of companies around the world will analyze vast amounts of data, helping banks, credit-card issuers, merchants and shoppers to ensure they aren’t being ripped off. This will help reduce the number both of fraudulent transactions and, as importantly, of legitimate payments that are declined as suspicious. And not all the data will flow to big corporations. Customers too can use the data to get a better sense of what they are spending.
BillGuard, an app launched in August by a pair of Israeli entrepreneurs, links up to a user’s bank account or card and shows a running stream of all transactions. Sounds like a bank statement? The difference is that BillGuard can help you identify suspicious charges by checking who else had them—rather like an email spam filter.
“The regular model of bank-centric or merchant-centric fraud protection is good. But it cannot take us to next level where you want protection from any kind of unwanted spending, which is a gray area,” says Raphael Ouzan, BillGuard’s co-founder. That gray area includes ”free” services that turn into subscriptions or auto-renewals, as well as transaction fees and service charges from card issuers or banks. BillGuard estimates American card holders spent over $14 billion (pdf) on these charges last year.
BillGuard is building up a database of which merchants customers trust the most, and which ones they find dubious. That’s helpful for users, but valuable also to payment providers, since it can show which companies pose a risk to them, for example in the form of chargebacks, or transactions that are later reversed at cost to either the merchant or card issuer, depending on various factors. (Indeed, selling that data to payment providers is how BillGuard plans to make its money.)
This kind of analysis doesn’t just look at your transactions. Online shops and payment processors cast their nets much wider. One company that helps them do this is Signifyd, a Silicon Valley firm that checks public records, Twitter and Facebook feeds, phone numbers and a whole bunch of other data to figure out whether someone making a purchase online is really who she claims to be. (We’ve previously explained how that works.)
For instance, Signifyd found that of the e-commerce fraud through mobile devices on its system since March, 52% came from Android phones, even though these accounted for just 40% of traffic and a mere 8% of sales. By contrast iPhones accounted for 24% of mobile fraud despite claiming 33% of traffic and 21% of sales. (A whopping 66% of sales come from the iPad but only 14% of mobile fraud.) Those sort of data help companies figure out what signals to watch for. This year will be a big one for mobile fraud because companies are expecting more sales from mobile, which remains the most vulnerable, says Signifyd’s Rajesh Ramanand.
Another firm that does something similar is Ireland’s Trustev, which keeps a close eye on shoppers from the moment they land on a site. A legitimate customer browses and looks for the best deal, but fraudsters typically hurry straight to a product (often the most expensive one), buy it and check out. Trustev also tries to identify individual computers—a technique known as fingerprinting—so it knows whether they have previously been used for fraudulent transactions. The combination of social, tracking and fingerprinting allows Trustev to identify suspicious behavior long before a purchase can be made, the company’s CEO Pat Phelan says.
Still, the vast majority of sales still come from people going into stores, presenting their cards and buying things in person. On Black Friday last year, nine out of every ten dollars were spent this way. Yet physical payments largely rely on only a single form of authentication—a signature or a four-digit PIN code. ValidSoft, a British company, makes payments more secure by adding in more layers.
One of its early methods has been to combine something you know—your signature or PIN code—with something you have, namely your phone. If the two are in proximity, that’s a pretty good sign that the transaction is legitimate. (ValidSoft can tell roughly where you are by looking at how your phone is connecting to the telecoms network. More precise locations would need to come from the phone itself, not the network.)
Together, these methods reduce fraud. But they also reduce something no less important: the sales lost through “false positives,” or legitimate transactions declined on suspicion of fraud. While numbers vary from bank to bank and sector to sector, ValidSoft’s Edward Maine reckons that declined transactions are actually legitimate, on average, four out of five times. Better anti-fraud measures mean the next time you’re rushing into a shop to buy something uncharacteristic—a 46-inch television, for example—you run a lower risk of going home empty-handed, and the store runs a lower risk of losing the sale.