Q&A: How to prevent fraud with GoCardless Protect+
Last editedJan 20233 min read
We've answered your questions on fraud and GoCardless Protect+
Payment fraud is the thorn in businesses’ side, with over half of all merchants globally saying it’s one of their primary threats. It comes in many changing shapes and sizes, from no-intent-to-pay to unfair chargebacks and even identity fraud, which has historically made it expensive and time-consuming to effectively fight back against. This led to us launching GoCardless Protect+ - an advanced end-to-end anti-fraud solution that combines open banking with payment intelligence to effectively identify and monitor potentially risky payers, even if their behaviours or fraudulent tactics evolve over time.
To explain the full extent of how fraud impacts business, and how GoCardless Protect+ can help, we recently ran two live webinars. Both ‘Fraud 101: The real impact on business’ and ‘How to prevent fraud with GoCardless Protect+’ received lots of great audience questions, which we thought would be helpful to share in the Q&A below.
Before you dive in…both webinars are still available to watch on demand. Just click on their names above to start watching.
Which countries does GoCardless Protect+ cover?
Businesses that would like to use GoCardless Protect+ can be based anywhere, however, their payers must be based in either the UK, US, France or Germany. The feature can verify, detect and monitor for fraudulent payments in all of these countries, with merchants additional protection in the form of chargeback challenging being built in for payments from UK payers. The reason chargeback challenging is currently only available in the UK is due to the Direct Debit scheme rules, however, we’re experimenting with extending this functionality into other regions as it’s our intention to provide this fourth layer of protection to all of our merchants when possible.
How do B2B businesses compare to B2C when it comes to fraud?
Overall, our team has noticed that there tends to be a lower volume of attempted fraud in B2B businesses, however when it occurs it often has a higher value. When we look closely at those fraudulent payers, their profile is very similar across both sectors which is why GoCardless Protect+ can defend effectively for both B2C and B2B facing businesses.
What industries or services do you believe are most susceptible to fraud?
Generally speaking, we have seen slightly higher levels of fraud on average in energy, IT, SaaS and financial services. However, there are lots of factors that can result in a business being slightly more vulnerable, including the mechanisms they have in place to prevent fraud. Many businesses may look the same on paper, same industry, same size, but they can have two very different experiences and unfortunately, if a business has already been targeted once, the damage to their reputation can then make them a bigger target to repeat fraudulent attempts as fraudsters perceive them as already vulnerable.
On the webinar ‘How to prevent fraud with GoCardless Protect+’ there was a live demonstration which showed the payer’s balance being incorporated into their mandate creation process. Can you explain more about this and why GoCardless need access to a payer’s balance?
If you enable GoCardless Protect+ then every payer who creates a mandate with your business is profiled and given a risk score by our machine learning model based on several factors. One of the factors is if a payer has available funds as this can indicate if they’re high risk for no intent to pay fraud.
GoCardless Protect+ performs an available balance check on the payer, and displays this to the payer in the verification flow so they can check they’re using the right account. However, we don’t provide these balance details to merchants at this point in time.
Will a payer know they are being profiled?
GoCardless Protect+ acts behind the scenes, so there are no additional prompts added to tell a payer that our machine learning has calculated a risk score for them. However, if a payer is directed to use Verified Mandates then we make it clear that we are re-directing them to authenticate their bank account details.
What percentage of payers would you expect to be asked to verify their details?
This is up to you! GoCardless Protect+ creates a detailed profile of every payer who sets up a new mandate with your business, with our machine learning model using this to calculate the likelihood of someone being a risky payer. You can use these insights to better understand what percentage of your customers are likely to be fraudulent and adjust your settings to decide how many people should be directed to set-up payments through Verified Mandates. Whilst Verified Mandates has minimal added friction with just a few extra steps, we know that for many businesses it’s a delicate balance between friction and fraud prevention, so we want to give you the ability to decide what works best for you.
There’s a slider in-dashboard to help you decide where you should set your risk setting, and if you’re worried about the impact on conversion you can start with a low risk setting, before moving up over time and observing the impact on fraud levels.
Alternatively, you can use GoCardless’ recommended setting of 5-10%. We established this percentage through lots of product testing and early access programmes, but we’re always happy to chat directly with our customers to help them decide what route to take.
Can we create a specific blocklist just for us?
GoCardless gives each merchant and bank account their own unique ID. If you already know that a bank account is fraudulent then you can use these IDs to create a personalised blocklist to stop them from repeat attempts to obtain free goods or services from your business.
You can also build your blocklist based on email addresses, email domains, and even whole banks.
Interested in finding out more about GoCardless Protect+?
Get in touch with a member of the team so we can talk about how GoCardless Protect+ can help your business today.