Virtual Private Networks – used by consumers to protect their privacy – are losing sales for retailers and masking fraud. But there are ways round the problem.
VPNs allow users to mask personal web browsing, app usage and messaging from an internet service provider. The US has seen a surge in VPN downloads following President Trump’s repeal in April of online data privacy protections that were due to take effect in December.
But what’s helpful to consumers as they browse online can make it more difficult to shop without running into problems, says Rafael Lourenco, Vice President US Operations, at ClearSale, a card-not-present fraud prevention operation. As he explains:
“These problems can arise when consumers have a VPN and visit shops that rely heavily or exclusively on device fingerprinting to screen orders for fraud. That’s because most VPNs route their traffic through servers scattered across the globe. Your loyal customer in Texas may suddenly appear to be placing orders from a new mobile device with an unfamiliar IP address in India, Washington DC, or another random location – and those locations may change with each visit as the VPN sends your customer’s traffic through different servers.
“If your shop relies on device fingerprinting, this customer will raise fraud-screening flags for device theft, account hijacking, and card theft. Those flags are necessary, but what happens next is critical. If your shop allows machine screening to automatically reject orders–especially if you block crossborder orders or orders from certain countries–you will probably lose a valid sale, and the customer won’t know why.
“This type of false decline actually costs the e-commerce industry much more than fraud. In 2016, false declines cost US merchants an estimated $8.6 billion, compared to $6 billion lost to confirmed fraud, according to Business Insider. And about a third of customers who have an order falsely declined never shop with that merchant again – a costly loss of that customer’s lifetime value.
“Over-reliance on device fingerprinting can also make your shop more vulnerable to thieves who use VPNs to get around your location restrictions or to make stolen card data look more authentic. For example, a thief in a country that’s considered high risk for cross-border card fraud might abuse VPN technology to appear to be in the US while shopping with card data stolen from an American consumer. If device fingerprinting is the main or sole screening tool and there are funds in the cardholder’s account, that transaction will go through. Now your business faces a chargeback from the cardholder, a chargeback fee from the bank, lost revenue and lost merchandise. Too many chargebacks will also raise your processing costs and can even lead to account closure.
“When your shop combines multifaceted machine screening with a manual review of all orders flagged for rejection, the fraud specialists who contact your customers directly can verify their identity and their VPN use. That human interaction allows you to make the sale and keep the customer’s business.
“Device fingerprinting and VPN use is the issue today, but consumer behavior is always changing, so fraud screening will always be a challenge. The solution to this problem is to avoid having a single point of failure in your order screening process. First, find a fraud screening solution that evaluates multiple criteria so you’re not relying on one type of data to make a decision. Second, know your customers. Contact shoppers directly and professionally when there’s a question about an order, to build trust with shoppers, keep their business, and avoid costly false declines. Third, protect your business from chargebacks. A fraud service that covers chargeback costs can reduce your financial liability, protect your risk rating with merchant banks, and save time filing chargeback appeals. Together, these layers of protection can protect you from fraud losses and keep your customers happy, even after they’ve stepped up their online privacy.”