When Policy Abuse Goes Beyond the Cost of Doing Business
Policy abuse is a growing concern for online retailers, but detecting and protecting against it requires a different set of capabilities than blocking traditional eCommerce fraud.
The last two years saw a tremendous increase in both eCommerce revenues and fraud. Alongside an escalation in more traditional CNP fraud, financial pressure and uncertainty saw an increased number of consumers “cut corners” and engage in various types of policy abuse.
Fraud prevention is fairly straightforward—is this the true card/account owner acting, or not? Policy abuse is harder to prevent because it exists in a grey area of consumer and merchant trust. This begs the question: Where do merchants draw the line between investing in customer loyalty and being taken advantage of?
Some merchants may choose to turn a blind eye to infrequent abusers to conserve a valuable customer for the long term. But many other merchants no longer view policy abuse as another cost of doing business. Accounting for 20% of all eCommerce returns, return fraud, for example, is now estimated to cost merchants $24 billion a year. At the same time, eCommerce is narrowing profit margins across the entire retail landscape. While high-margin industries may still have some leeway when it comes to tolerating policy abuse, more and more merchants will need to find a way to balance loyalty building with a more comprehensive ability to make customer-based decisions.
The art of customer-based decisions
Consider a low-margin industry such as the food delivery sector. Already growing at a healthy rate, social distancing and lockdowns gave the food delivery industry a significant boost in 2020. Globally, the market is now worth over $150 billion and counting. But most food delivery platforms are not currently profitable. As DoorDash Chief Operating Officer Christopher Payne told the Wall Street Journal, “this is a cost-intensive business that is low-margin and scale-driven.”
Scale-driven is the keyword here. Restaurants are already working with very narrow profit margins. Delivery via app might be an unavoidable avenue in terms of long-term survival, but currently often a loss-making one. Furthermore, the US restaurant industry, for example, is growing at about half the rate of the food delivery market. Increasing commissions from restaurants is not the solution. Any growth in the sector will necessarily be consumer-based, but the fees levied on consumers can also not be raised unreasonably for fear of driving consumers away.
So the fight for better margins in food delivery is a fight to increase the volume of orders and thus the number of customers. But the bigger your customer base, the bigger your risk of unsavory characters waltzing through the open door. That’s where customer-based decisions come into play.
Margin-negative VS margin-positive customers
Consider the cycle of policy abuse on a typical food delivery platform. John opens an account. He then performs a type of abuse—perhaps he reports that his order was not delivered, or that some items were missing, or that he had found a hair in his meal. He does this for seven out of nine orders, is quickly identified as a problematic customer, and is blocked.
John does not give up. He opens a new account using a different email address and credit card. This time, he spaces out his complaints, defrauding the platform on one out of five orders. He manages to fly under the radar for longer, but the result for the platform is the same: The merchant loses more money to John’s mechanisms than is gained. John is blocked and creates a third account using new details, and the cycle begins anew.
The main problem with the cycle of policy abuse is that while many merchants can and will recognize John’s abusive behavior and attempt to counteract it, they lack the complete picture. Their decisions are based on specific identifiers—email addresses, the credit card used, or the delivery address given—which may change from account to account.
Breaking the cycle of abuse
To effectively prevent policy abuse, merchants need to stop monitoring it at the account ID level and start monitoring it at the shopper’s identity level. In John’s case, they need to be able to recognize that multiple accounts with different identifiers are all linked to one customer—and that when considered together, this customer has an intolerable item-not-received (INR) rate.
It can be difficult for merchants to do so alone, though. Riskified’s identity-based clustering technology relies on several capabilities, including shoppers’ data enrichment tools; an unmatched global merchant network that provides billions of cross-industry transactions data; graph technology, for representing and visualizing connections; and machine learning technology, to drive sophisticated decisioning and identify connections. This gives us the ability to consider multiple data points and recognize all accounts as belonging to a specific entity.
To fight against policy abuse on equal grounds, merchants need to be able to connect all those seemingly unrelated identifiers and accounts to the customer behind them. Only when armed with this knowledge can merchants make a truly informed decision and set the optimal threshold needed to successfully balance positive customer experience and positive margins. Learn more.