Skip to main content

Lessons Learned From the Front Lines in the Fight Against Fraud

Credit card, keyboard and lock to represent ecommerce fraud prevention

Note: The opinion(s) expressed in this panel and blog are those of the individual panelist and not of any organization.

At the Merchant Risk Council (MRC) Vegas 2022 conference, fraud and payment professionals gathered to share best practices and lessons learned through keynote presentations and panel discussions.  

I had the opportunity to moderate the panel Working Smarter: Lessons From the Front Lines in the Fight Against Fraud, which featured the following fraud experts:

    • Dajana Gajic-Fisic, Head of eCommerce Fraud and Risk Management, JD Sports – Finish Line
    • Jordan Harris, Senior Director of Fraud Prevention, iHerb
    • Keith Thompson, Senior Manager, Fraud and Investigations, Leading Outdoor Retailer
Moderator Pete Barker leads a panel discussion between Keith Thompson, Jordan Harris, and Dajana Gajic-Fisic

SpyCloud’s Pete Barker (far left) leads a panel discussion with fraud prevention leaders Keith Thompson, Jordan Harris, and Dajana Gajic-Fisic at the Merchant Risk Council (MRC) Vegas 2022 conference.

We had an engaging conversation about their first-hand experiences combating fraud and the shifts in trends they’ve seen in the fraud space over the last few years. Here are some of the highlights:

Increase in Online Transactions Led to More Fraud and Abuse

As leaders in the fraud space, the panelists provided key insights on trends and experiences they’ve seen recently as a result of the pandemic. While it was no surprise that fraud has increased in tandem with the spike in online traffic and transactions, the level of abuse also increased.

“During the pandemic, we saw a switch from ‘fraud fraud’ to ‘abusive fraud,’” Jordan explained. “Criminals were constantly trying to find exploits, and while ATO is still very popular, refund abuse by far emerged as the number one criminal tactic during the pandemic. It has been quite a journey to figure out how to manage that.”

Dajana also observed an increase in abuse – not only from refund fraud, but also from bot activity which required a shift in mindset in how to combat against that fraud. Keith shared that many organizations experienced an influx of first-time customers during the pandemic, which made it difficult for companies using profiling tools to weed out fraudsters if they’d never seen that customer before.

How Much Customer Friction is Too Much?

The panel observed how fraud departments are leading the way in working with other departments to ensure a seamless customer experience. Dajana noted that while her team is in charge of fraud and risk management, collaborating with customer-facing teams in the organization has been critical because while everyone has their own responsibilities and focus, at the end of the day everyone is working toward the same goal of doing what’s best for customers.

“It’s hard when you’re trying to put mitigation strategies in place; we do get pushback sometimes from other internal teams,” she said. “My team is always working on preventing fraud, but we needed to shift to a mindset that we’re here to help other teams increase revenues at minimal risk. Once we got that mindset, minimizing customer friction naturally became more important to us. Whatever process we put in place, it’s up to us to make sure we bring that revenue and do everything we can to create as little friction as possible.”

For Keith, he starts with zero friction and works backwards at key points in the transaction to flag abnormalities, such as checking card balances or adding credit cards to an eWallet. For example, a customer checking the balance of 15 gift cards isn’t normal, so that may be where introducing some friction becomes necessary to address the abnormal behavior from a fraud prevention perspective.

The Importance of Fraud Prevention Across the Entire Organization

Similar to the previous highlight about working together to minimize friction, collaboration is key in Dajana’s organization, where she instituted monthly digital risk meetings in which merchandising, cybersecurity, IT ops and fraud teams align on key priorities. This practice has helped with promotional launches where fraud screening is a critical component to the success of these events.

Keith echoed the value of collaboration, saying that educating the security team on how fraud happens has been important to getting alignment on how to combat criminals.

“Every team has their own focus areas, and security cares first and foremost about not getting breached. I’ve started educating my cybersecurity counterparts on what fraud is and what it looks like. Showing them step by step how fraud occurs and how we can mitigate it makes it more real to them,” Keith shared.

There’s No Silver Bullet When it Comes to Fraud Prevention

Jordan’s experience has led him to see that when it comes to fraud solutions, rigid rules that may seem cut and dry aren’t necessarily working. Ecommerce organizations need dynamic solutions that help prevent fraud earlier in the transaction process so they can protect against criminals across the entire lifecycle.

“Organizations need to have a robust identity solution that provides a complete picture of your customer the second they come to your site to detect fraudulent activity,” he said. “Having the ability to detect fraud earlier in the process versus just at checkout is crucial – so much can happen in the middle.” 

Dajana agreed, saying early fraud detection can be achieved by taking a holistic approach to monitoring the lifecycle of a transaction, which can only happen with collaboration across teams at different points in the buyer’s digital journey. 

Something that’s not being talked about much in the fraud space? Protecting customers from themselves, Keith said.

“Time and time again, I’ve seen our customers reusing passwords on our site, which leaves them vulnerable to ATO,” he said. “We’re in charge of fraud prevention, but we can also protect our customers unbeknownst to them with the fraud tools we have in place.”

This panel – and MRC 2022 as a whole –  proved that fraud prevention teams are:

  1. Revenue enablers, seeking balance between what will reduce fraud and abuse while increasing revenue, and
  2. Key in fostering collaboration across the business to get ahead of fraud earlier, respond to trends faster, and ensure other teams are educated on the choices they make which affect fraud teams.
Get more insights on how ecommerce companies can proactively fight against fraud in the SpyCloud whitepaper, Reducing Identity Fraud in Ecommerce

Transforming recaptured data to protect your business.