Remove direct links from the body of your department's emails
If customers need to take a particular action, such as resetting their password, or should visit a specific resource, such as a help page, give customers the steps or the path instead of providing a direct link. Much has been done to try to educate consumers on the peril of clicking URLs in emails; including links can become both a customer trust issue and drive additional contacts to your department -- or to Customer Service -- questioning the validity of the email.
Involve your social media points of contact
More and more customers are choosing to interact with companies using social media. Whether Customer Service, Marketing or another team monitors your company's social media accounts, ensure the relevant POCs know who to engage for any fraud, risk or security issues received via Facebook, Twitter or other channels. If your company does not already have an internally accessible contact matrix, creating one and reviewing it at least quarterly is a good place to start.
Strengthen your CS relationship
Meet periodically with appropriate personnel in Customer Service leadership to discuss any important fraud/risk trends, projects or events which may lead to CS contacts. Also, coordinate with CS on regular updates to their account security training so CS associates keep current on topics related to fraud and risk, such as social engineering.
Keep communication concise and personalized
Unless the customer's scenario involves a legal issue, risk investigators should refrain from using generic templates that come across as "blurbs" or contain extraneous information irrelevant to the situation at hand. Your customers' time is valuable, so limit emails to two or three paragraphs if possible, and consider using help pages to display more detailed information, if needed, about policies and procedures. Shorter emails also display more easily on mobile devices, perfect for customers on the go.
Work towards a continuous feedback loop on rules/models
In partnership with the analysts, data scientists or solution provider(s) who maintain your rule sets and/or machine learning models, continually assess false positives and dive deep at the first sign of an anomaly. Transactions inappropriately queued for manual review can delay orders unnecessarily; transactions cancelled erroneously are especially problematic and may result in an escalated customer service case. Operational input can play an important role in fine-tuning rules and models, leaving good transactions out of manual review queues and letting investigators focus on those transactions which truly are risky.
Implement customer-friendly technology
Two-factor authentication, where a one-time use code is sent to the consumer's cell phone via SMS or a special app, is an effective way to help protect customer accounts and confirm legitimacy. Enhancing mobile apps to permit customers to log in using fingerprints or facial recognition is another way to provide a simple, secure means of authenticating users.
Network with other risk professionals
By joining a professional organization like the Merchant Risk Council, key fraud and payments personnel can gain valuable insights, discuss emergent threats and trends, and share best practices with other industry professionals. The MRC offers numerous opportunities to connect and learn: in person, via four annual conferences and multiple smaller networking events; and virtually, through MRC Communities, a portal which enables quick communication and timely feedback between fraud and payments professionals around the globe.
While preventing illegitimate transactions from being completed is a critical part of a risk department's mission, it is equally important that legitimate customers have a safe shopping experience with as little friction as possible. We believe increased focus on good customers is a winning strategy for any eCommerce business, and will pay handsome dividends through increased loyalty and sales in the years ahead.
About Mike Splichal:
Mike Splichal, MRC US Program Manager, coordinates content for committees, presentation archives and community forums. He also develops member training and certification programs.
The MRC is an unbiased global trade association providing a platform for eCommerce fraud and payments professionals to come together and share information. As a not-for-profit entity, the MRC’s vision is to make commerce safe and profitable everywhere by offering proprietary education, training and networking as well as a forum for timely and relevant discussions. http://www.merchantriskcouncil.org