You know... there is one entity that is reasonably well funded, has incredibly strong capabilities for card fraud detection, and is well motivated to identify the fraud: the credit card companies.
(I work for one, which makes me especially interested in this topic. But I don't work in that particular area, nor do I speak for my employer.)
It makes me wonder whether some sort of collaborative fraud detection might be possible. As the merchant, you have access to additional information that the credit card company lacks -- things like the customer's name and the delivery address are (as this article explains) very helpful in detecting fraud, and these are data that the credit card company does not have access to. And of course the credit card company has access to information like the customer's purchase history and their recent transactions, which are useful for identifying fraud from a different direction. If both sources of data were available, it might be possible to detect a higher percentage of fraudulent purchases, and merchants who ship goods could be provided with the information so they could delay or cancel the shipment.
Do you think merchants would be interested in such a program?
> there is one entity that is reasonably well funded, has incredibly strong capabilities for card fraud detection, and is well motivated to identify the fraud: the credit card companies.
IME, credit card fraud detection is a user experience nightmare. There are dozens of false positives per true positive, and the confirmation system is implemented with little regard for the user: I'm not given a reason my purchase is denied, so I have no idea what's going on or a tip on how solve it (I know the security reasons for it, but that's the credit card company's problem, not mine - find a better way); the confirmation request is delayed, so that I've already had to move on to other solutions (call the vendor, try another order, vendor, or credit card); and the confirmation is not integrated with the purchase - the purchase is denied, it isn't put on hold so I can respond to the confirmation, and I have to start all over.
I know I'm not supposed to use all caps on HN, but I HATE the purchase experience. It wastes a lot of time, sometimes an hour or more, and is incredibly frustrating. I'm doing nothing wrong; I don't like the credit card company using my time like it's worthless nor do I enjoy being treated like a criminal for making a simple purchase. I purchase less online because of the experience.
Oh, I'm fairly certain that the information sharing would only go one direction: the merchants would share the data to the credit card companies, who would run fraud models on it and provide near-real-time feedback to the merchants.
In terms of user privacy, this gives the credit card information more information than they already have access to. It is reasonable to worry about the privacy implications of that sharing. But to be honest, the credit card company already knows a great deal just from processing the customer's purchases. Adding in the delivery address (when it differs from the card's billing address) is a leak of personal data, but not a huge one. Additionally, we might be able to put in place contractual controls limiting the data to certain uses. I can assure you (from my own experience), credit card companies are well experienced at compartmentalizing data and limiting data sharing.
(I work for one, which makes me especially interested in this topic. But I don't work in that particular area, nor do I speak for my employer.)
It makes me wonder whether some sort of collaborative fraud detection might be possible. As the merchant, you have access to additional information that the credit card company lacks -- things like the customer's name and the delivery address are (as this article explains) very helpful in detecting fraud, and these are data that the credit card company does not have access to. And of course the credit card company has access to information like the customer's purchase history and their recent transactions, which are useful for identifying fraud from a different direction. If both sources of data were available, it might be possible to detect a higher percentage of fraudulent purchases, and merchants who ship goods could be provided with the information so they could delay or cancel the shipment.
Do you think merchants would be interested in such a program?