Transaction Monitoring in Ecommerce: Risk Scoring and Custom Rules

Ecommerce merchants know how important it is to keep track of every payment. But did you know transaction monitoring also plays a part in reducing money laundering and identity theft?

Let’s break it all down below. 

Why Ecommerce Merchants Need Transaction Monitoring

Payments are the lifeblood of ecommerce, so it’s only natural that merchants would monitor transactions to ensure the following:

• That the payments go through: The most obvious reason is to double-check there are no technical issues. This could affect your bottom line, of course, but also shipping logistics and even customer service. Some stores also set up internal velocity limits and controls, which can’t be exceeded.
  
• That they are from legitimate customers: This is in the context of fraud prevention to reduce chargeback rates. Put simply, it’s about linking payments to identities – or, at the very least, customer accounts.
  
• That the payment data is recorded: Not just for your admin but also for potential chargeback recovery and compliance reasons.

Speaking of compliance, there is a very specific use case for transaction monitoring in the context of anti-money laundering, also known as AML. These are regulations set by governments, which some online stores may have to follow to ensure they do not facilitate financial crime. 

And financial crime is a very real threat to the economy and to companies. In fact, in 2020, the Chinese authorities arrested criminals who were alleged to launder more than $2 billion through fake ecommerce purchases. 

How Ecommerce Money Laundering Works

Criminals have been known to attempt to launder money via retail purchases.

The biggest appeal of traditional brick-and-mortar shops for money launderers is the ability to convert illegally acquired cash into items. These can then be resold online, and the funds will appear to be clean.

In the online world, the techniques may vary, but the goal is the same:

1. A criminal sets up an online store.
2. They sell nonexistent items or services to accomplices at high prices.
3. The money changes hands seemingly legally, even though it is not being used to buy anything.

Detecting such criminal activities is difficult due to the complexity of the online payment network and the increase in alternative and high-risk payment methods such as cryptocurrencies or digital wallets. 

Fortunately, regulators have caught on to these potential crimes, which is why a growing number of online stores need to comply with AML regulations. 

However, these regulations add hoops that legitimate merchants have to jump through to run their businesses, so it’s worth having an AML checklist prepared.

The Challenges of Ecommerce AML

Even with the best intentions, remaining AML compliant isn’t without its drawbacks. These include:

• Different regulations for different activities: If you sell clothes online, you may be fine. But cross over into the world of jewelry and luxury watches, and you might need to comply with AML regulations.
  
• Different regulations for different markets: In the US, ecommerce providers tend to be licensed as money service businesses (MSBs). In Hong Kong, you might have to file suspicious activity reports (SARs). In the EU, you are governed in the same way as a payment provider.
  
• Added user friction: Online stores live and die by their user experience, so the last thing you want is to add more ID verification steps at the checkout stage.
  
• Increased regulations: New policies such as PSD2 and the upcoming PSD3 must be kept on top of to remain compliant. In some cases, legal help may be required to ensure you meet all the requirements. 

And it goes without saying that failing to meet regulations can have a dramatic impact on your company, including hefty fines, negative press, and a loss of customer trust. 

Top 3 Custom Rules for Ecommerce Transaction Monitoring

Let’s now look at three examples of the kind of transaction monitoring you could deploy with the appropriate software, and how these work on the SEON platform.

#1: IP Points to High-Risk Country

Most online merchants will have their own internal lists about which countries are classified as high-risk but when it comes to AML regulations, the list is updated by government bodies. 

Whether it’s to reduce chargebacks or avoid AML fines, the implementation is the same. You want to keep an eye on who is making purchases on your site.

This is an example of a rule we have set up, where the IP address tells us where the customers are connecting from. 

In the screenshot above, we’re setting up the system so that any transaction coming from a high-risk country is automatically sent for manual review. 

You can, of course, update the list of high-risk countries, per the example below. 

This is what our rule looks like once it’s been triggered. 

#2: Transaction Is Over the AML Threshold

While the AML threshold might vary from one country to the next, it’s always smart to keep an eye on high-value transactions. 

In this example, we’re setting our limit at $3000, where the threshold currently is for the United States. 

This is another case where we certainly don’t want to block the transaction. We’ll send it for review automatically, so it’s at least easier to track for your compliance housekeeping.

Here is the rule triggered by a user who spent $3,600 on our fictional online store.

#3: Customer Spent 200% More Over the Last 24 hours

This rule illustrates a more sophisticated type of custom rule, called a velocity rule or velocity check. 

Put simply, it’s about monitoring certain actions over a set timeframe and considering things like how many times an action has taken place, how much something has changed or increased, etc. In the context of AML, this is perfect for identifying unusual behavior. 

Our unusual behavior, in this scenario, is a sudden increase in spending. We’ll set the time window for 24 hours and look for 200% increases over the previous lifetime spend.

Note that we’ve decided that this increases the chance of fraudulent behavior so every time this rule is triggered, it adds 20 points to the fraud score. 

Above you can see the triggered rule on the SEON Admin Panel, which has pushed our fraud score above the threshold and sent the transaction for manual review.

You can, of course, customize when risk scores push actions over the limit based on your business model and risk appetite – as well as any applicable laws.

How SEON Helps Ecommerce With Transaction Monitoring

SEON is designed to gather as much data about your customers and transactions as possible without affecting their experience. It’s ideal for online stores using platforms like Shopify that need to reduce chargeback rates, gauge a customer’s real intentions, and even stop account takeovers.

It’s also a growing suite of AML tools, which will allow you to keep an eye on suspicious transactions and behavior that could point to financial crime. 

Ready to beat fraud, reduce friction and secure your ecommerce business? Sign up for a free 14-day trial with SEON or arrange a custom demo with one of the team. 

Sources

• PYMNTS: Police Allege Money Launderers Are Using Chinese eCommerce Sites To Move Money