Hi all, Julie here.
We talk a lot about payments here. From BNPL to Visa’s earnings to how Square might expand. I recently had the chance to talk to Stripe’s Marcia Jung, a Product Manager for its Payments Intelligence division. Something we haven’t covered as much as other topics in payments is fraud, outside of the deep dive we did into Unit21 a few weeks ago. We actually use Stripe at Fintech Today, so I selfishly chose them to learn more about how Stripe in particular is combating online fraud. Companies like Square also have products focused on preventing fraud, such as Square Secure.
The scale that these two payments companies have helped them become even better at detecting and preventing fraudulent transactions. Check out the Q&A below to learn more, and ping me with any questions you have or thoughts on what I missed!
What are the biggest costs when it comes to online fraud for businesses? Has this gotten better or worse in recent years?
Marcia: There are actually three different types of costs to think about here, and often only one is talked about.
The first, obvious costs of fraud are the direct ones. If your business processes an online transaction as legitimate when the cardholder didn’t authorize the charge, then you will often be liable for the costs of whatever you’ve sold plus the chargeback fees if the cardholder disputes the transaction with their bank.
Such fraud attempts spiked across the internet during the pandemic. European retailers, for example, reported a 39% spike in fraud attempts in the past year. In aggregate, that fraud gets expensive quickly. Worldwide, fraud cost businesses more than an estimated $20B dollars in 2020—an 18% increase on the year before.
The second type is the indirect costs. These are perhaps less obvious, but the operational costs of dealing with fraud can really add up. On top of that, these indirect costs are increasing. Every $1 of direct fraud costs was estimated to actually cost U.S. businesses $2.62 in total in 2014. That figure is now $3.60 today, with a 15% increase from the pre-Covid (2019) level of $3.13.
The third cost is invisible, but can actually be the most harmful. It’s the opportunity cost of blocking good customers.
Many businesses don't realize that tightening their controls on fraud to reduce losses can actually inadvertently block good customers. Not only do businesses take a direct revenue hit every time they wrongly block a good transaction, but they also take a brand hit that damages their revenue prospects longer term. Roughly ⅓ of consumers won’t shop with a business again after a false decline. That really adds up.
Julie: As you can see, dealing with fraud is an incredible balancing act. Not only is it about minimizing the amount of fraud that takes place, but it’s also about making sure you aren’t turning away good customers. Something else that Marcia pointed out that I hadn’t thought of was that fraud prevention and conversion maximization differs from business to business. If you have a higher tolerance for risk and a high profit margin on each sale, you’re likely to be more tolerant of some fraud.
What are some of the more recent technical developments in machine learning that are helping fight back against fraud? Are there certain types of businesses that are getting the most benefit here?
Marcia: Solving fraud is ultimately a network problem. Most fraud is committed by a small set of bad actors that have developed sophisticated techniques to quickly commit fraud at scale. But pool the collective experiences of those businesses—almost as if they’d gathered at a fraud prevention conference to exchange tips—and you can benefit every participant in the network by building a shared tool based on those lessons, and then using that as a service.
That’s what machine learning does. Recent developments in neural networks and deep learning make it possible to train massive machine learning models on very large datasets that can make incredibly accurate, nuanced decisions. Before a machine learning model can begin automatically detecting fraud, it needs to learn examples of what fraud is. At Stripe, we take a huge dataset of transactions—both good and fraudulent—and train a machine learning model to spot the difference between the two. It does this by looking at the different hundreds of signals for each transaction—such as the number of countries the card has been used in over the past day—and working out which combination of features are associated with fraudulent behavior. Look at card testing, for example. This is when fraudsters test stolen credit card details by making small, low-value purchases. Services like Radar can watch for repeat, low-value transactions using the same credit card details. If this happens, Radar surfaces CAPTCHA challenges in Stripe Checkout.
Julie: As far as which types of businesses have seen the biggest benefit in recent years, Marcia mentioned ecommerce and B2B marketplaces. Even something like online food orders, for instance, need to be processed instantly, making it virtually impossible to review transactions manually to prevent fraud. Smart, machine learning-based tools that can make these determinations instantly are critical.
Tell us a bit more about the inner workings of Stripe Radar and how customers should expect it to evolve.
Marcia: There are two things to consider here: How we use machine learning to build a fraud prevention system, and how we package that into a product that actually helps businesses reduce fraud and maximize their conversion.
Radar’s underlying machine learning is so effective because it can reason dynamically about minimizing fraud while maximizing conversion. How well it does this is determined by the data it’s built on, and the way that data is used. Some things to keep in mind:
- Stripe’s network is massive—hundreds of billions of transactions from millions of businesses—providing a huge amount of input data that can allow Radar to detect even the most nuanced fraud patterns.
- That scale of data means Stripe Radar can adapt to trends and emerging threats.
- That data is of uniquely high quality. Radar sees the actual outcome of disputes and chargebacks on the Stripe network, allowing it to understand exactly how accurate its predictions are in real time.
- Stripe’s network generates even more data as it gets bigger, improving results. Last year, Stripe’s machine learning performance increased by 20%, reducing fraud across the Stripe network for the sixth year running.
And as for what’s coming next, we have a few things in the works.
We’re now focused on making it easier for fraud teams to adapt their fraud strategy based on Radar’s performance. We’re deploying a new analytics suite so businesses can quickly understand how Radar’s ML and their custom rules are performing, so they can use those insights to personalize their protection. It will also include benchmarks so businesses can compare the performance of their rules to similar businesses—another valuable data point for finding the best fraud minimization/conversion maximization tradeoff for their circumstances. We’ll be releasing more detail about our machine learning architectures in an upcoming guide, so stay tuned for that.
Longer term, we’re expanding Radar beyond transaction fraud. One of the biggest issues the fraud protection industry is grappling with right now is the question of identity—how to prove someone is who they claim to be. That’s another question that’s becoming more pressing over time—with every year that passes, more and more personal credentials become compromised, making more identities available for fraudsters to steal.
Now that we’ve built an identity verification product, Stripe Identity, and are spinning up new machine learning models, we can start to protect against more types of fraud, such as account takeovers. We’ll have more to share on these efforts soon ;)