Developing Effective Business Process to Handle Online Fraud Attempts, part one

Technical means to detect signs of suspicious customer registrations are necessary step of building an effective process to prevent online fraud. However, it is just as important to treat collected technical data to achieve full operational efficiency that will let to prevent most of online fraud and minimise operations costs.

At the high level, measures to evaluate suspicious accounts tend to split into two general categories: manual and automatic. Most companies tend to mix both of them. Case handling feature of DupZapper supports both, by providing a workflow and UI to track statuses of the accounts and audit back-office activities, as well as APIs to access both raw data and case details programmatically.

From the financial perspective, manual checks are generally more robust and offer greater flexibility to do complex checks with multiple data sources without having to spend money on integration and software. However, they are prone to human errors and incur noticeable labour cost per-transaction. For example, fraud team can spot typical fraudulent patterns without business analyst having to formalise them. Contrastingly, automatic checks are costly to implement but generally scale very well without increase of fixed cost.

In any case implementing automated checks will incur a tradeoff between checking all possible variables (which often makes fully automatic processing prohibitively expensive) and possibility of false positives. Thus, most companies resort to automatic algorithms to spot suspicious accounts and have humans to verify that they are not genuine customers.

For implementing either approach, first step is to pick business process step to conduct checks and act upon an account. Three most commonly used are:

  • customer registration;
  • first payment / deposit;
  • money withdrawal (if applicable);
  • during the game / service usage.

Automatic check results can be used to automatically act upon an account in two different ways. In one approach accounts are considered good by default unless automatic checks find anything suspicious and then they are blocked or passed to human personnel for a second step of verification. This is most often used in social games, where cost of false positive is comparatively low and checks volume is big.

In another approach any account is considered suspicious by default unless it shows a positive history and automatic checks are used by fraud managers as a guideline and help, but not the sole tool. This is more effective when acquisition cost and returns from a customer are high and large human costs are acceptable.

Most common approach in online gambling fraud prevention, where both acquisition costs and expected LTV are high and can reach up to $100, depending on market, is to provide ability to play with limits to all new customers unless they are suspected by anti-fraud checks and review limits further based on performance. This approach is very common across DupZapper users and allows to detect most of online fraud while not increasing friction for genuine customers.