The Case Against A Cyberwall with Mexico
Mexico has a bad reputation when it comes to online fraud. But businesses who block Mexican orders are making a costly mistake – turning away many good customers and a lot of revenue.
It’s the 2nd largest eCommerce market in Latin America, with nearly 60 million internet users. More than half of online shoppers frequent international websites, and online purchases are expected to hit $65 billion by 2020. So why are so many eCommerce merchants so cautious with Mexican orders, to the extent of blocking Mexican IPs altogether?
Mexico has a bad reputation when it comes to online fraud. In 2015, the Ingenico global online fraud report found that the Mexican chargeback rate was 3 times higher than the global average, so it’s hardly surprising that fear of fraud leads many eCommerce merchants to shut their virtual doors to Mexican consumers. In this post, I’ll demonstrate how businesses who block Mexican orders are making a costly mistake – turning away many good customers and a lot of revenue. I’ll also provide tips for managing fraud from this market.
Is Mexico Really As Fraudulent As Merchants Fear?
As we speak with eCommerce merchants about their struggles and challenges, we are struck by the ease with which some merchants block entire countries and markets. It’s a common scenario: merchant gets hit by fraud from a certain country, merchant blocks all orders from that country. If your business is currently blocking all Mexican transactions, you might be surprised to learn that 4 out of every 5 online purchases placed from Mexico (via a Mexican IP address) are completely legitimate. In other words, about 80% of the orders many businesses are rejecting today can and should be approved.
The numbers are interesting, but likely not enough to convince anyone to start accepting all Mexican transactions. By considering some more parameters, merchants can identify the safer segments and reduce the risk of fraud. For example, let’s consider not only the IP address, but also the credit card country. While 81% of orders placed with Mexican cards via a Mexican IP address are safe, the safe approval rate increases to a whopping 96% in purchases with European cards! Purchases made with US and Canadian cards from Mexican IPs carry a higher risk of fraud, with safe approval rates of 76% and 56%, respectively.
In short, when considering the IP address and the credit card country, we see a lot of opportunity for revenue but also a considerable amount of risk. To reach more accurate insights about safe vs. risky order segments, we can delve deeper into the numbers and take additional data points into consideration.
Zoom In To Identify Safe Segments
As a general rule, the more data you collect and consider when reviewing an online order, the more likely you are to identify and distinguish between safe and fraudulent purchases and shopping patterns. Effectively tracking these patterns should become a high priority, as you’ll not only fight fraud more efficiently, you’ll also be less likely to turn away good customers. For example, if you’re reviewing orders placed from Mexico (via a Mexican IP address), consider not only the credit card country but also the shipping address.
We analyzed orders where the credit card country matches the shipping country, and found that 9 in 10 purchases with a US or Mexican card are valid. In fact, purchases with Mexican credit cards are equally safe regardless of whether they are being shipped to the US or Mexico. For merchants based in the US, these figures present a huge opportunity for additional revenue, and reflect the fact that nearly 36 million Mexicans and Americans of Mexican descent live in the US. Another interesting segment is orders where all four geographical data points – shipping address, billing address, credit card country, and IP address – are linked to the same country. In the case of Mexico, our data shows that merchants should be approving 9 out of 10 of these purchases.
Become Familiar With Legitimate Shopping Patterns
The stats shared above aren’t just numbers, they paint a very clear picture of the people behind the transactions – the good customers many eCommerce merchants are currently turning away:
- The most obvious legitimate shopping pattern is that of Mexican consumers making online purchases and shipping items to their homes. In these purchases all four geo data points will link to Mexico, and 90% of them are valid. Merchants capable of accurately identifying proxy usage will find that they can safely approve 92% of orders where proxy servers are not used (and 72% of orders with proxy usage).
- Another legitimate shopping pattern is of Mexican consumers who have family and friends in the US. It is very likely that their online purchases will be placed from a device in Mexico, paid for with a Mexican card, and will be shipped to a US address. Nearly 90% of these orders are safe.
- Mexicans living in the US and US citizens of Mexican descent visit Mexico often. Purchases they make while in Mexico will have a Mexican IP address, and may be paid for with either a US or a Mexican card (shipping either to Mexico or the US). Order placed from Mexico with a US-issued card and an American shipping address may also be placed by US students, diplomats or tourists shopping online while in Mexico, perhaps while laying on the beach in Cancun. Over 87 million tourists visited Mexico in 2015, with the US contributing 28.2 million visitors.
These numbers are significant, and it would be detrimental to your business to ignore them, all the more to blindly turn them away. If you’re not approving such orders, you’re curbing your online sales revenue.
Don’t Rely Blindly on Third Party Data Sources
Third party tools and data sources are widely used as part of the fraud review process. Almost every enterprise-level fraud team relies on external data sources to verify contact details or to help identify proxy usage. Utilizing third-party tools is good, but it’s important to remember that risk scoring tools, especially ones that are based on crowdsourcing, have built-in biases.
We reviewed the risk score provided by 3rd party tools for orders from Mexico, and didn’t have to look very far to identify biases. The rate of Mexican transactions that received the worst risk score, was over 3 times higher compared to the global average. While Mexico may have more fraud than other markets, Riskified safely approves more than 40% of orders that 3rd party scoring systems identify as dangerous.
Many risk scoring systems are influenced by merchant experiences. If a merchant flags Mexican orders as dangerous, the scores for all Mexican orders are adversely affected. The end result is a magnified and unnecessary fear of Mexican transactions. In short, while third-party recommendations and scores can definitely be taken into account, retailers who set up rules to reject orders with high-risk scores are losing good business.
Keep Calm, Review All Parameters, and Approve!
The conclusion from the stats shared above is overwhelming, not only for Mexico, but for markets across the globe. Merchants who are intent on growing their business and sales revenue by tapping into new markets are bound to take on some risk, but there are effective ways of managing this risk –
- Make sure to collect as much data as possible for every online purchase
- Using third-party tools to enrich your data is great, just keep in mind that some tools may have built-in biases (this also includes cross-merchant blacklists
- Rather than having the same process or rules for every order from a new market, dig into the data to identify safe and risky order segments
- Remember that behind every online purchase there is a person; familiarize yourself and your systems with legitimate and fraudulent shopping patterns to boost decision accuracy
By connecting the dots, identifying safe patterns and pinpointing the risky ones, you can minimize the risk. By 2020, global shoppers are expected to spend more than twice what they spent on online retail goods in 2016! Whether it’s Japan, Norway, Egypt, Indonesia or Mexico, there will always be fraudsters out there, but with such numbers you can’t afford to miss out on the opportunities. So learn to manage your fraud better rather than shut out business, and remember: your ultimate goal should be to approve orders, not to decline them.
Author’s Note: This post was originally published in May 2016, and has been updated to reflect current data.