Running an e-commerce business is no easy task. Every merchant is faced with many critical issues that can put an end to the business, if not handled correctly. We’re here to brief you about a few important knacks while handling fraud. Let’s begin!
Let’s consider the case of a merchant who runs a clothing subscription brand. The merchant has to monitor every detail in order to deliver the perfect product to the customer.
In this process, there are many things that the merchant tries to handle internally. When he is faced with a high amount of RTO or cancelled orders, he attempts to cover many details to foil it as soon as possible. One such detail is handling fraud and blacklisting customers who try to defraud the merchant.
When the retailer notices a myriad of patterns in a certain geographical area or limited to several accounts, he immediately attempts to curb it by blocking multiple users he thinks are suspicious.
However, what he fails to realise is that this blanket blacklisting can cost him more than he thinks. Allow us to explain how so.
What is blanket blacklisting?
Blanket blacklisting is the act of collectively blocking out a segment of your customers in suspicion of fraud. Blanket blacklisting is generally performed by e-commerce merchants who employ internal blacklisting after observing a pattern.
Some of the online retailers even resort to using shared blacklists (shared between several merchants), while others mostly rely on industry-specific blacklists.
On the other hand, fraud prevention tools employ a more complex version of blacklisting based on various parameters. This is usually fool-proof and quite effective as these tools employ a large number of high-efficiency parameters to accurately point to one or a group of fraudsters attempting to con your business.
What are the attributes used for blanket blacklisting?
The number of parameters you use to determine a fraudulent user is directly proportional to the accuracy. Therefore, with a higher number of parameters, you can expect a higher accuracy of fraud profile.
Historically, though, there are three major parameters used to blacklist fraudsters on e-commerce platforms. We will be looking at how these parameters are commonly used and how that could be risky for your business.
IP Address
How it’s used:
The IP address is one of the most popular ways used to block scammers. The IP address provides vital information such as network details, device location, last activity, etc. While IP addresses were once a reliable way of identification, with the advent of technology, that’s not the case anymore.
The risk:
- IP addresses are recycled faster than ever before between users. ISPs often sell or recycle IP address bandwidth while experiencing a good influx of users.
- In some cases, multiple users can have the same IP address. This especially applies to institutions and public Wi-Fi networks.
- Most IP addresses are dynamic, not static. This can lead to a huge case of false positives when you resort to blanket blacklisting.
Area Pincodes
How it’s used:
Most Indian e-commerce businesses looking to explore their options in Tier 3 and 4 cities do not offer CoD or withdraw whole area pin codes from purchase fearing fraud and cancellations.
The risk:
The Indian e-commerce audience is riddled with fear due to a large amount of liquid cash in circulation. Merchants fear that the customers might cancel the order at the eleventh hour while the customers fear that the merchants might deliver faulty/fake products.
This fundamental mistrust has led to merchants blacklisting even genuine customers.
When a customer is faced with a couple of extra steps for verification or just a blanket ban from purchasing your products when in a certain area, it can really be a put-off for them to purchase a product from you. This can even cause them to never visit your website again.
After all, in a hyper-competitive world, it seems like the only metric that matters is convenience.
Email Address
How it’s used:
The most basic of data, the email address is probably the first information that the customer provides in order to create an account or subscribe to your content. Merchants also blacklist a series of email addresses associated with a particular website or otherwise to block suspicious activity.
The risk:
Did you know that over 300 million email addresses are created every year?
While this is one giant leap for technology and it’s far-reaching capabilities, it also means that it’s easier than ever for criminals to create an address that matches the name on a stolen ID.
In just a few minutes, the fraudster can create a completely new identity and come back to your website to find loopholes and commit fraud.
So the next time you blanket blacklist a chunk of email addresses, stop and ask yourself, “Are they really gone?”
Bonus tip: Whitelists are equally dangerous
For what it’s worth, blanket whitelists aren’t great for your business either. With a constantly evolving user stream on the Internet, the only way to stay updated is to stay updated constantly.
This is where Razorpay Thirdwatch can help you. With Thirdwatch’s advanced fraud detection engine, you can now calculate risk from over 300+ parameters! Thirdwatch employs AI and ML to determine network effects of fraudsters across different platforms.
This means that even if he performs fraud across different websites, we’d still catch him red-handed in the act. Thirdwatch helps you make accurate decisions on profiling only the criminals, while you can focus on taking care of the good ones. Check us out here.
Resolving the black-and-white approach
If there’s any bottom line after all the points we’ve listed above, it is that a black-and-white approach is probably not the best idea to curb e-commerce fraud.
If you still do intend on using blacklists, we recommend you ask yourself the following questions:
- What is your false-positive rate?
- How often do you analyze and update your blacklist?
- Is the black-and-white approach really the best solution for a problem that affects a good part of revenue?
Adopting a proactive approach, as opposed to reactive, would work well for your business. This means taking active efforts to create a robust, updated list or simply find a fraud prevention tool that will do it for you.
Cheers!