Oded Weinreb, Riskified: “what was previously hallmarks of fraudsters’ behavior became normal during the pandemic”

Together with the pandemic and everyone being locked at home, many people became more dependent on technology. As the habits of consumers changed, it became more challenging to detect fraudsters.

eCommerce has experienced many changes, including people starting to shop online at night, making it challenging for eCommerce companies to detect cyber felons. And considering that fraud can do major damage both financially and in terms of reputation, it’s not something to be taken lightly.

While individual users make use of such measures as Virtual Private Networks (VPNs) to secure their sensitive data, companies are in need of more complex tools, such as a frictionless fraud management platform, to protect all of their customers and ensure trust.

To learn more about fraud and effective security measures for companies, Cybernews invited Oded Weinreb, the Senior Vice President of Products at Riskified – a company that specializes in eCommerce business protection from fraud.

Tell us more about the story behind Riskified. Which company achievement are you most proud of?

Riskified was founded in 2012 as a fraud management platform empowering merchants to realize the full potential of online transactions by making them safe, accessible, and frictionless. Today, the company is at the leading edge of fraud management technology.

Every day, millions of eCommerce transactions occur around the world and managing risk and fraud plays a central role in approving each one. With fraudsters becoming increasingly cunning, Riskified uses its proprietary machine-learning algorithms to verify the legitimacy of each transaction, staying one step ahead of fraudsters.

Riskified’s Co-Founders, Eido Gal (CEO) and Assaf Feldman (CTO), both have backgrounds in the fintech and payments fields. They founded Riskified because they understood that the eCommerce industry needed a better approach to fraud prevention.

Namely, they noticed that merchants were taking an unnecessarily cautious approach to eCommerce order approval, losing revenue and frustrating customers as a consequence. They sought to create a solution that would approve legitimate orders which merchants felt were too risky.

This is how Riskified’s ‘chargeback-guarantee’ model was born. For each order that Riskified approves, it guarantees the merchant’s income – and pays if it gets it wrong. Riskified’s chargeback guarantee is proof of its belief in its concept.

Today, Riskified offers a suite of end-to-end solutions designed to make eCommerce as secure and frictionless as possible. The company is proudly trusted by three of the world’s largest eCommerce merchants to prevent fraud and increase revenue.

Can you tell us more about your Riskified platform? What technology do you use to detect fraud?

Riskified uses machine learning and identity clustering to identify and prevent fraudulent eCommerce activity and policy abuse. Our suite of solutions reviews transactions for fraud, helps protect customer accounts and saved information, increases bank authorization rates, blocks policy abusers, and helps genuine customers complete purchases. All of this is done instantly and behind the scenes, so merchants can focus on serving their customers, increasing their revenue by approving more orders, preparing for seasonable eCommerce surges, and growing their business.

The value of machine learning is that it becomes more efficient and effective as data sets increase. Our platform aggregates data from many of the world’s largest online merchants and creates network effects. We show a computer millions of orders – all of which are tagged as either legitimate or fraudulent – and ask it to determine retroactively how order data points could have best been considered and weighted to arrive at the correct assessment.

In this way, our platform continuously learns from every transaction it reviews in order to better predict the future. This is superior to rule-based fraud prevention systems, which rely on set rules to identify known patterns to determine the legitimacy of transactions. Our machine learning-led solution is much more dynamic and is smarter as it facilitates decisions that are aligned with the ever-changing fraud landscape.

You specialize in something called frictionless fraud prevention. Can you tell us a little bit about what this field entails?

Fraud is an ever-present threat in eCommerce that requires constant abatement; however, in order to be successful, it must be done in a way that’s both efficient for the merchant and user-friendly for consumers. This balance is what we mean by ‘frictionless’ fraud prevention.

There are a number of fraud prevention solutions available for merchants today, but there’s a big difference between those that offer a smooth customer checkout experience and those that are clunky and create friction within the customer journey.

Broadly speaking, friction is caused by customer authentication and security measures that are complicated, drawn-out or difficult to navigate or have a long order-review time. This can occur for many reasons, including disconnected and legacy technologies that are not well-suited to the digital age or incorrect data held in legacy systems.

For example, many merchants still use legacy rule-based systems. In these systems, the rules don’t learn, adapt in real time, and are slow to react to changes in fraud patterns. Until rules are manually tweaked, the systems are unable to detect the new fraud patterns, leaving merchants susceptible to high levels of falsely declined legitimate transactions as well as incorrectly approved fraudulent orders resulting in chargeback costs.

At Riskified, we call our solution ‘frictionless’ fraud prevention because it delivers security without compromising the user experience. Our machine learning-led solutions analyze thousands of data points, learn from their own mistakes, and constantly improve upon past performance and accuracy without human intervention, leading to faster, more accurate decisions and a frictionless customer experience.

Did the pandemic present any new challenges in your industry? Have you implemented any new features as a result?

The pandemic dramatically increased the volume of online shopping and permanently altered consumer expectations around being able to order, pay, and return merchandise smoothly and quickly online, from any device.

Other consumer online shopping behaviors changed due to the pandemic as well. For example, opting for curbside pickup and taking part in late-night shopping (especially involving high-volume carts) were previously hallmarks of fraudsters’ behavior. But with the pandemic impacting people’s schedules and shopping habits, these behaviors became normalized and practiced by legitimate customers.

At the same time, we were keenly aware that these pandemic-led changes to shopping patterns would inevitably open the door to increasingly sophisticated and evolving fraud methods. We reacted by training our models to incorporate new shopping behaviors. Our systems adapted to the surge in online shopping by keeping customer experience front and center, balancing it with safety considerations to minimize fraud.

Additionally, UK merchants have been asked to comply with PSD2 enforcement, which is already underway in the EU and Strong Customer Authentication (SCA) has been introduced for online payments. Both of these requirements have resulted in high friction and low authentication, increasing cart abandonment and challenge rates.

Riskified was among the first in the market to develop a PSD2 solution. As the landscape changes, we are constantly adapting our PSD2 offering to help more merchants cope with the fallout, reduce Strong Customer Authentication (SCA) friction for their customers and reclaim failed SCA flows.

In your opinion, what safety risks do new business owners often fail to take into account?

New business owners may not be aware of the tools available to assist them in making sure that their customers’ security is at the forefront of every transaction. They may be either too risk-averse (resulting in lost sales) or, conversely, not taking security seriously enough (resulting in numerous costly and time-consuming chargebacks).

New business owners may also not be aware of changing regulations, such as PSD2 or the latest trends in fraud, including the rise in account takeovers (ATO) – an enormous vulnerability for which many merchants are unprepared.

ATOs happen when fraudsters obtain account credentials through phishing, data breaches, or hacking, and use them to purchase goods with stolen credit card data. ATOs are lucrative for fraudsters because they enable them to hide behind a legitimate customer identity, increasing the chance of passing fraud prevention systems that did not spot them at login.

Online store accounts are critical tools for fostering customer loyalty but they also increase potential vulnerabilities. Riskified research estimates that roughly one in four customers don’t return to shop with a merchant after having their account compromised. Given that 1 in every 140 account logins is an ATO, it’s incredibly important that merchants should have a solution in place for prevention.

Merchants are finding that simply having a bot detection solution is not enough, since these tools are not designed to prevent ATOs from humans. Smarter solutions are needed that will take the guesswork out of security, allowing merchants to focus on building their business.

What fraud methods do you think are the most prominent nowadays?

Gift card fraud is an issue that merchants should be aware of throughout the year, but particularly during the seasonal shopping period. In the last holiday period, we saw an increase in fraud attempt volume as compared to the year’s monthly average – both the number of fraudulent transactions and their monetary value.

As discussed above, we are also witnessing a huge increase in the number of account takeover attacks (ATOs), a huge volume of which took place in the most recent seasonal shopping period. Fraudsters find it easiest to go unnoticed during periods of peak activity, while merchants find it more challenging to manage their fraud prevention measures during these same periods.

In addition, one of the major issues that arose from the pandemic-driven online shopping rush in 2020 has been an increase in policy abuse, with 75% of eCommerce merchants reporting an increase in the volume of policy abuse within the past two years, as well as the fraudulent “goods not received” chargebacks. Fraudsters were exploiting the rise in online shopping by claiming that a package was missed in transit, hoping to receive a refund for something they actually received.

Merchants should be aware and responsive to these fraud trends by understanding them and putting in place best-in-class technology to prevent them while reducing friction for the end-user as much as possible.

Would you like to share some of the best practices eCommerce companies should adopt to prevent fraud and other cyberthreats?

Online behaviors and shopping patterns change constantly, and fraudsters are always developing new creative methods to outsmart detection systems. Merchants should ensure that their security systems remain up to date or they risk being dangerously exposed and susceptible to new fraud patterns, viruses, and malware.

To minimize friction in the customer journey, merchants need to fully understand evolving fraud trends, gaps in current fraud approaches, shifting customer expectations, and available technologies that can help automate required identity and authentication checks that will not lead to cart abandonment and customer attrition.

Talking about individual users, what security measures do you think everyone should be looking into?

With the rise of phishing, individual users should be wary of clicking through emails or SMS messages unless they are completely sure that these are from a legitimate eCommerce website.

To protect personal credit card details, it is crucial to make sure not to share credit card numbers, account credentials, or numbers from the back of gift cards. It is also key to always only buy gift cards from official merchants and not ‘discounted’, second-hand ones.

Finally, individual users must recognize that the security measures in place by merchants are there for their own protection. The most popular merchants with consumers are those who adhere to security standards without making authentication overly burdensome. This is what frictionless fraud prevention is all about.

And finally, what’s next for Riskified?

Riskified takes pride in the ROI and added value that we bring to our customers. We work with a network of partners to provide the best possible solution for every merchant, in any given market. We are constantly adding new clients and deepening our connection with existing ones – and will continue to do so globally.

Our 99% retention rate is among the highest in the industry and we are truly excited to continue to drive value and create a superior customer experience for every one of our customers and every single one of their customers.