Are you ready for the new era of online payments?

Traditionally, when we talk about the approval of online transactions, merchants are the ones who have the majority of ‘rich’ data.

By that, I’m referring to merchants having access to elements such as customer demographic info, name, email address, and IP address of the customer submitting the transaction. Also included is the shipping address, along with what type of products are being purchased.

The hitch in this process is that when merchants request authorisation from the issuing bank, those issuing banks don’t have access to the same data. The data they can see has historically been very limited. The basic things that issuing banks can see are:

What is the line of credit for that card?

Is that transaction over the limit?

Has that card been used before in that industry?

Has that card been used at that merchant before?

The transaction amount, and in certain cases the name and billing address associated with the payment method, which can help in the authorisation process, may also be present.

Here’s the problem

The lack of visibility for issuing banks into this important customer information can generate significant impacts on the authorisation process. These effects are especially magnified in the Central and South American markets, where a very large percentage of online transactions are declined, even reaching 20% or more in certain industries.

In the US, the numbers are much lower, but the impact is still there, nonetheless. There is an exception, though, when the Issuing Bank is also the Acquirer, meaning they have a relationship with the card holder as well as the merchant.

These types of relationships allow more data to flow than a simple credit card and name/address information, such as the email and IP addresses, and other details about the order, which have proven to be indispensable in allowing more precise decisions that benefit all parties involved.

For customers, orders are approved more quickly with less disruption. For merchants, this translates into more revenue, as a larger portion of orders is approved.

Big changes to come

There are key changes on the horizon for issuing banks, allowing them to validate digital identity of their customers.

Version 2.x of the 3-D Secure protocol is the first to require merchants to send the email address of customers to the issuer. While there are many other data fields also included, the email address is important because it is almost invariably used to confirm the purchase. This means that if fraudsters use the address associated with the card, the cardholder will be informed that an order has been placed. Criminals can avoid this by using accounts under their control to place orders. Email can, therefore, be a vital indicator of fraud. But it’s not as simple as checking that the email address matches that held by the issuer. Globally, it is estimated that there are 1.75 accounts per email user and this figure is higher in the developed world with users typically having three active accounts including a work email address. Spotting a new or unrelated email address can really help.

It’s also important to know whether a specific address has been involved in a previous fraud. While email address checking is no silver bullet for ecommerce fraud, it can be a powerful tool when combined with other data and analytics during the authentication or authorisation process.

Risk scoring of email addresses

While using email as a factor in risk assessing payments is new to issuers, Emailage has a history of helping merchants counter the threat of fraud in ecommerce. Since 2012, Emailage has offered fraud risk assessment built around the email address.
We utilise a predictive risk score based on machine learning algorithms combined with a cross-industry and cross-sector consortium database. This approach offers merchants the ability to mitigate fraud with negative signals while using positive signals to approve good customers. The roll-out of 3-D Secure 2 and the implications of Strong Customer Authentication in the European Union will mean that both the obligation and the capability to fight fraud move to card issuers.

Conclusion

Card issuers are faced with a challenge – how will they balance customer friction and fraud prevention? The businesses which have better fraud risk analytics and better data on which to make decisions will do better. Merchants have already discovered that email address is an effective fraud risk factor in ecommerce; it is now time for the financial services industry to learn lessons from them.

About Amador Testa

Amador is Chief Product Officer at Emailage. He is an industry expert in online fraud, identity theft and cybercrime. Before Emailage, he was the head of fraud for card acquisitions at American Express and later led global fraud prevention divisions at Citigroup. Amador enjoys playing tennis, running marathons and traveling with his family.

About Emailage

Emailage, founded in 2012 and with offices across the globe, is a leader in helping companies significantly reduce online fraud. Through key partnerships, proprietary data, and machine-learning technology, Emailage builds a multi-dimensional profile associated with a customer’s email address and renders a predictive risk score. Customers realize significant savings from identifying and stopping fraudulent transactions.