Tuesday, June 17, 2008

eBay DevCon 08 - Tue17 13:00 Fighting Online Fraud

This speak was given by Ryan D'Silva (Product Manager, Risk Tools, PayPal) about PayPal's fraud combat actions right after lunch today which, by the way, was really good.

Online fraud nowadays is huge and the losses are bigger then the economies of some countries, including Ireland. Fraud costs everyone from the merchant and the customers to banks and PayPal (detection and investigation costs, customer dissatisfaction, accounts closing, dispute and claims costs) itself.

Merchants are probably the ones suffering most of the part of theses losses, because banks and acquirers tend to support the buyer instead of the seller in these cases.

Ryan spoke about the necessity on being PCI Compliant for the Seller. It is not mandatory, but it is a great idea, though keeping the locks closed is a very difficult task.

The speak went on again on talking about how to avoid phishing and using the PayPal Security Key. A good resource on phishing fighting is here.

It is important that each merchant identify what is fraud in his business, because these may vary a lot. Analyzing the transaction history for any account is a fundamental tool on understanding and identifying fraud indicators.

After knowing your business, develop a process: Identify the riskiest payments, Investigate suspicious patterns, Contact and confirm their order,

AVS (Address Verification Service) was presented as a service that could be used as an indicator for fraud. CVV2 may also be a tool to aid the fraud detection.

Check on worldbank.org fraud reports maps on countries that generate much suspicious activity, so you could use IP filtering and mapping.

It was a very participative speak and at the end Ryan had to speed up a little bit so he gave a quick presentation on tools that PayPal offers to help merchants identify possible fraudulent purchases and buyers. They have a team of chargeback specialists to support false or fraudulent chargebacks.

The PayPal Developer forums are monitored to find questions related to fraud, and the developers will receive responses as fast as possible. PayPal has the most interest in helping developers to help their customers to fight fraud.

No comments: