Here is what European merchants need to be aware of when expanding overseas

Let’s start with payments. What do European merchants need to be aware of when expanding overseas?

In the US, payments reflect consumer behaviour. There are generally fewer standard payment methods than in Europe, and the majority of payments are made via credit card rather than direct debit or money transfer.
These payment types may present some difficulties from a fraud perspective – for example, making it more difficult to claw back disputed funds.

One economic factor is the interchange fee on credit cards. Unlike Europe, the US does not have a cap on these charges, which is why the average interchange fee in the US is 1.73%, compared to 0.96% in Europe. Interchange fees on debit card transactions were capped in 2011 by the Durbin Amendment, but this does not apply to credit cards.

How does Europe compare to the US from a fraud prevention perspective? How do the strategies for combatting fraud differ?

In some respects, Europe and the US are similar when it comes to payment fraud. The majority of merchants on both sides of the Atlantic review fewer than 10% of transactions and the reject rate is around 3%.

The overall fraud rate in the US is higher though. One reason for this is that in Europe fraud patterns are more recognisable, since they tend to come from specific countries and merchants. In the US, fraudsters have more opportunity to blend in and find sophisticated ways to get around prevention mechanisms.

It is also easier for fraudsters to build profiles for fraud due to the availability of data in the US, where the focus tends to be on payment validation rather than identity verification.

European merchants tend to rely on vendors for fraud decisions, whereas in the US merchants rely on the vendors for the platform and the merchants figure it out themselves. This seems to be especially true for larger merchants.

Our research has found that the variety of fraud reporting structures in the US is quite pronounced. These reports address different corporate priorities and have a general lack of consensus. This is usually how vulnerabilities that can then be exploited open up.

What operational considerations should merchants focus on when expanding overseas?

US consumers are demanding. Many will make purchases during their commute and they expect next day delivery from all merchants, even those based outside the US. Many of them will not consider where the merchant is based when making a purchase online. Having a US fulfilment house is a consideration.

In Europe, it is critical to offer local payment options to keep conversion rates high. Consumers expect to be able to pay with all major payment types with national differences. Missing payment types lead to abandonment.

GDPR came into effect this year. How does the US differ from Europe when it comes to regulation?

There has been a great deal of talk about the General Data Protection Regulation (GDPR), but European data privacy rules and attitudes have long been far stricter and more discerning than in North America.

The other big change in online commerce in Europe is the Second Payment Services Directive (PSD2). Combined with the GDPR, it provides greater choice for consumers in how they can pay and control their finances, while also aiming to modernise approaches to security and privacy.

One difference is a call for a minimum of two-factor authentication, whereby a consumer would not just be asked for a password, but may be asked for either a biometric scan or for authentication via another device, such as a smartphone. Another example is that US merchants have collected data just because they could, but this is an unnecessary risk and in many cases businesses don’t know what to do with this data. Now they have to inform customers clearly about the need and how they manage data protection.

Data protection is also a consideration in the US, where individual states often have their own rules, in addition to national standards. For example, the FCC is in charge of the rules concerning what data internet service providers can and can’t sell; health data is protected under the federal Health Insurance Portability and Accountability Act, and the Federal Trade Commission enforces the Children’s Online Privacy Protection Act.

Ecommerce in the US is worth almost half a trillion dollars annually, according to the US Commerce Department. In Europe, it is worth over half a trillion euros and growing fast.

Cross-border commerce is the Holy Grail for retailers; tune your fraud prevention today to ensure it doesn’t become the same for the fraudsters.

This interview was first published in the Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Felix Eckchard

Felix Eckhardt, currently Managing Director at RISK IDENT,  was with this company at its inception. Initially taking up the position of senior software engineer, he helped RISK IDENT get on its feet as the chief architect behind the company’s second fraud prevention product, FRIDA. A year after the company’s founding, Felix became the CTO and remained in the position until he moved to Australia in 2016. While abroad, he acted as Senior Software Developer, developing data-driven solutions for telecoms and marketing industries for two years.

About Piet Mahler

Piet Mahler is Managing Director at RISK IDENT, leading the strategic direction of the company alongside the CTO, Felix Eckhardt. He is responsible for the development of the business side of the company, having previously held the position of VP Operations & Business Development, helping lead the company’s international growth.

About RISK IDENT

RISK IDENT is an anti-fraud software development company based in the US and Europe that protects companies within the ecommerce, telecommunication, and financial sectors. RISK IDENT’s machine-learning software uses sophisticated data analytics to block any kind of fraud, all with human-friendly user interface that simplify a fraud prevention team’s decision-making process.