In the world of online commerce, the fight against online fraud is
a major issue. It is a challenge Retail Decisions’ payment fraud
detection service has helped online travel company Opodo meet, with
impressive results. Retail Decisions CEO Carl Clump talked to EPI
about the solution. Sarah Williams reports.
Airline tickets number among the top three items bought online by
97 percent of consumers in the US and Europe, according to a survey
conducted by payment services provider Retail Decisions (ReD). Not
surprisingly, online travel agents find themselves a key target of
criminals stalking internet-based payments. Indicative of the scale
of the problem, UK payments body APACS reports a 200 percent
increase in airline ticket-related card fraud in the UK since
Meeting the threat of online fraud head-on can prove highly
successful, as pan-European online travel company Opodo found. In
early 2007 Opodo selected ReD to provide security for its UK,
German, French and Italian websites. The travel company reports it
reduced card losses by a “six-figure amount” in the first six
months. In addition, costs incurred by Opodo’s staff in the manual
review of transactions aimed at detecting fraud fell by 40 percent
during the period.
Opodo’s services cover 500 airlines, 65,000 hotels and 7,000 car
hire locations worldwide. Opodo is owned by Amadeus, which is the
world’s biggest processor of travel bookings.
The Red Shield system ReD deployed to reduce payment fraud at Opodo
can best be described as multi-faceted, Carl Clump, ReD’s CEO, told
EPI. He explained that the initial step is to obtain transaction
data from customers, typically covering a three- to six-month
period. The data is then analysed and used to develop bespoke fraud
prevention strategies for the client.
There are a number of steps in Red Shield’s real-time payments
monitoring. The first is typically very basic, along the lines of
checking whether the payment card being used is listed as lost or
stolen. Second, merchant-specific payment velocity checks are
carried out to verify that, for example, a particular card is not
being used more than predetermined number of times during a certain
period. Next, geographic feasibility checks are carried out,
enabling the identification of a card presented for payment in,
say, London at 09.00 and then again in Edinburgh a few minutes
later. ReD also uses neural software capable of intelligent tasks
similar to those performed by the human brain, to help detect
unusual customer behaviour patterns.
ReD builds in parameters that are very specific to individual
clients. Standard solutions are avoided because “each client is
unique”, said Clump. “Even businesses operating in the same product
category can have different risk profiles, different target
customers and even different opening hours patterns,” he
Next, internet protocol (IP) address identification is used to
detect where transactions are coming from even if the customer is
using a proxy server, which is, in essence, an anonymous IP
address. ReD is also investigating PC fingerprinting technology,
which is based on each PC’s unique characteristics and allows
remote identification of a particular PC, even if the IP address
has been changed.
Clump stressed that ReD’s payment monitoring holds significant
benefits for its clients, which in the travel industry also include
Travelocity, Hotwire, Thomas Cook, Harvey World Travel and
Travelex. Other major clients include retailers Wal-Mart and John
Lewis Partnership and payment processors Chase Paymentech
Solutions, First Data, euroConex and GlobalCollect.
ReD, which hosts the world’s largest proprietary database of
suspect payment cards, monitors about 12 billion card transactions
annually and estimates that its systems allow its clients to
prevent about $1.2 billion in fraudulent purchases each year. ReD
also provides payments processing services and has fuel card
issuing and prepaid card operations in Australia, the UK and
ReD believes that there are a number of reasons why it is able to
achieve impressive results for its clients. First, explained Clump,
unlike many of its competitors, ReD offers a customised rather than
a generic, one-size-fits-all solution. As a result, the company
works only with large clients or aggregators of smaller customers.
The neural technology incorporated by ReD into its fraud prevention
solutions is a unique benefit, as only ReD has access to this
Moreover, he added, many players in the fraud prevention market are
effectively providing customers with only a single piece of
software. By contrast, ReD has risk analysts who constantly monitor
transactions and are able to change a customer’s control parameters
on a daily basis if required, said Clump. ReD also polls data on
behalf of all its customers and is able to share this intelligence
across its customer base.
As a global player, ReD is able to share data across geographies.
The company operates in multiple industries such as gaming, retail,
travel and banking, giving it a broad perspective of fraud patterns
and enabling it to pass its knowledge from one business sector to
another. This is particularly useful as criminals are constantly
moving the targets of their attacks, rapidly changing both
geographies and sectors. The fight against online fraud means
always being able to respond quickly to changes in the ways in
which criminals are operating, said Clump.
Pitfalls of in-house detection
Many online businesses attempt to manage fraud detection and
prevention in-house. According to Clump, there are several risks to
this approach. First, their knowledge is often limited as their key
strengths lie in their own marketing and merchandising. Second,
in-house IT teams often have only their own limited fraud
experience to draw on. In short, while merchants are aware of the
threat fraud poses to their business, they tend to operate in
isolation when it comes to fraud because they rarely co-operate
with each other and are not fraud prevention experts.
Merchants using their own home-grown fraud prevention solutions
also run the risk of turning away valid customers. Typically, said
Clump, between 6 percent and 8 percent of transactions are rejected
by online merchants with in-house fraud prevention systems. Yet, in
reality, only 1 percent to 2 percent of all transactions are
actually illegitimate, effectively meaning that up to 7 percent of
overall transactions that are actually valid are rejected.