Fraudulent card use that did not decrease despite multiple measures

　Cosmetics maker A, which will introduce Sift on its official EC site from 2021, has about 1 million registered members and sells about 3 billion yen a year, mainly skin care products.

　As the sales of the EC site increased, Company A was troubled by an increase in fraudulent use of credit cards. Around 2020, an average of 50 cases of unauthorized use occurred per month. When the card became a hot topic on social media​ ​or when sales increased during the overseas gift season, the number of fraudulent uses also increased.

The "Credit Card Security Guidelines", which are practical guidelines for credit card information protection and fraudulent use countermeasures under the Installment Sales Act, define member stores that have exceeded 500,000 yen for three consecutive months with fraudulent use of credit cards. As a "fraudulent member store", we are requesting the introduction of multiple countermeasures against fraudulent use. Company A also received a request for countermeasures against fraudulent use from the acquirer (credit card merchant contract company) through GMO Payment Gateway (hereinafter referred to as GMO-PG), a payment agency. In addition to the introduction of 3D Secure 1.0 and security codes, we have taken measures such as creating our own list of delivery addresses in case of unauthorized use in the past and checking the delivery address for all transactions. I could not reduce it.

Introducing Sift, which improves accuracy with machine learning

　In the fall of 2020, when fraudulent use increased, I consulted with a GMO​-PG representative. With Sift, without modifying the link-type payment page provided by GMO-PG, it is possible to input purchased items on the EC site, information other than card information such as addresses and email addresses, page transitions, and page transitions on each page. Behavior on the site, such as time spent, is sent to score transactions to uncover transactions that are likely to be fraudulent. By providing feedback on the judgment results, it is possible to improve accuracy through machine learning without the need for humans to set rules or tune them. “Although it is a major premise that it can be used in a linked format, compared to the solutions to be compared, the price was reasonable, and since machine learning improves accuracy, it does not require human labor, so we decided to introduce Sift. (Marketer of Company A) After the first meeting in November​ ​2020, we immediately started defining the requirements the following month. Test operation was able to start at the end of March​ ​2021.

Reducing check and operation man-hours and dramatically reducing card fraud

During the operational training period of approximately one month after implementation, we operated without setting transaction decisions based on scores to determine fraudulent card use and allowed Sift to learn machine learning. Because fraud trends vary by site, appropriate threshold settings also vary by site. During the operational training period, Macnica 's technical staff provides accompanying technical support by checking the status of transactions and Sift scores in the customer's environment, and examining threshold settings and operational methods through trial and error. “At first, it was difficult to decide how to set the threshold, but we were able to solve the problem after receiving advice from Macnica engineers.” (Marketing manager at Company A)

　Since May​ ​2021, a threshold has been set to automatically block high-scoring transactions, resulting in a noticeable reduction in card fraud. "We don't want to cause trouble for our original customers, so we set the threshold for automatic blocking a little high. Even so, it's effective in preventing unauthorized use." (Marketer of Company A)

　The introduction of Sift has greatly reduced the man-hours required to check the delivery address at the time of shipment. In the past, all transactions were checked against a blacklist of shipping addresses created by the company, and shipments were suspended for those transactions. After the introduction of Sift, we have limited the number of transactions to be visually checked, greatly reducing the number of check man-hours. “The deadline for sending the delivery destination instruction data for same-day shipments to the warehouse is 10:30​ ​a.m. In the past, even if we started checking at 8:30 a.m., there were times when we couldn’t make it in time. has disappeared.” (Marketing representative of Company A)

In day-to-day operations, Sift performs machine learning on fraudulent transactions based on fraudulent transaction information and delivery suspension information received from GMO-PG. “When the number of transactions increases during the overseas gift season or when restrictions on the number of products are relaxed, the number of fraudulent transactions also increases, but Sift can learn to prevent it immediately. is about 30 minutes a day, so it's not a burden." (Marketer of Company A)

　In addition to the introduction of Sift, we will continue to take measures such as stopping connections from overseas IP addresses, and since the beginning of 2022, the average number of fraudulent use of cards will be less than 10 per month, and the amount will be 20,000 to 30,000 yen. It has decreased to about 100,000 yen even in the most months. "There have been no inquiries or complaints from customers regarding the difficulty of use or misjudgment related to the introduction of Sift. In addition, the time, man-hours, and mental burdens for both myself and the person in charge of logistics have been reduced. Card Fraudulent use has also decreased, and I feel that the effect is well worth the cost.(Marketer of Company A)

Even more secure with EMV 3D Secure

　In October​ ​2022, international brands ended their 3D Secure 1.0 services. Merchant stores that used 3D Secure in the past must switch to its successor, EMV 3D Secure (3D Secure 2.0). Company A 's EC site will also be EMV 3D secure from September​ ​2022​

switched to and used in conjunction with Sift.

The procedure is to first make a judgment based on the Sift score, and automatically block card payments for transactions with a high score. For other transactions, go to the payment page on the GMO-PG site, enter your card information, and the transaction information will be linked to EMV 3D Secure. EMV 3D Secure makes risk judgments based on transaction information, and approves frictionless (no additional authentication) transactions if they are safe, and rejects them if they are unsafe. If you can't say either way, request additional authentication in challenge mode. (Fig. 2) Compared to 3D Secure 1.0, which requires additional authentication for all transactions, EMV 3D Secure allows frictionless transactions for safe transactions as a result of risk assessment, so there is no chance of dropping out of the cart in the middle of a transaction. has the advantage of reducing the risk of

　The advantage of using Sift and EMV 3D Secure together is that transactions can be blocked by score even for card numbers that have not registered additional authentication factors with the card issuer, that is, have not set a 3D Secure password. A weak point of 3D Secure 1.0 is that there are few card users who have registered their passwords, and in that case, 3D Secure has to be operated without applying it. Even at this time, it is assumed that there are many users who have not registered passwords as additional authentication factors for EMV 3D Secure, and it is difficult to apply it to all transactions. By blocking transactions with high scores first in combination with Sift, fraudulent use can be reduced even for cards that cannot be additionally authenticated by EMV 3D Secure.

Another advantage is that Sift can decide whether to accept or reject a transaction based on merchant criteria. EMV 3D Secure's risk-based authentication only makes decisions based on the ``possibility that the card has been used fraudulently,'' and the criteria for approving or rejecting a transaction is a black Box, meaning merchants cannot intervene. On the other hand, since Sift 's score-based judgment allows fraudulent transactions to be determined based on the characteristics of the site, for example, transactions such as ``the same product has been purchased repeatedly to the same shipping address within a short period of time and resale is suspected'' can also be detected. It will be possible to block based on member store standards. "We have just introduced EMV 3D Secure, so we are currently considering how to use it in conjunction with Sift. We look forward to continued technical support from Macnica." (Company A Marketing Manager)

“As a cosmetics brand e-commerce site, we want to increase sales with a plan that differentiates us from stores. We would like to continue working on countermeasures against fraudulent use of cards,” says a company A marketing representative. For that reason, even after the introduction of EMV 3D Secure, we continue to have high expectations for Sift.