Yuppiechef shows how to beat credit card fraud in online retail

Yuppiechef is not only one of South Africa’s most popular and prominent online retailers — it’s also one of the most successful at staying one step ahead of fraud attempts.

May 23, 2012

Yuppiechef is not only one of South Africa’s most popular and prominent online retailers — it’s also one of the most successful at staying one step ahead of fraud attempts, according to Peter Harvey, the founder and CEO of payment gateway provider PayGate.

“We tell our clients that good business processes are the final line of defence against online fraud, and Yuppiechef is a great example,” says Harvey. “They’ve put a lot of thought and effort into developing systems to beat credit card fraud.”

It didn’t start out that way, acknowledges Yuppiechef MD Andrew Smith. “When we started out in 2006 we were so small that when the first order came in we high-fived and did a happy dance,” he recalls. “The idea that we might be targets of fraud didn’t even enter our heads. The first time it happened, we got a chargeback on an expensive mixer we’d delivered to an address in Johannesburg. When we looked back at the original order there were some clear danger flags, so when the same person tried the same thing again we actually worked with the courier company and the police to set up a sting. When the suspect appeared before the magistrate he just said he’d been collecting the package for a friend — there was insufficient evidence to convict him and he walked away. That’s when we realised that we were on our own when it came to combating fraud – we’re just too small to be worth serious police attention.”

Smith and his team set out to develop systems that would stop fraud attempts in their tracks. “We have an automated process that picks up potentially suspicious transactions and flags them for human attention,” he says. “We look at what the order is and where it’s going – we can tell a lot from names, addresses and email addresses, and even from typing style and language use. Once you know what the signs are, it’s actually fairly easy to spot.”

If his team has reason to suspect the transaction is a fraud attempt, says Smith, “we’ll check their Face book page, or ask for some additional ID or a landline telephone number. People who are legitimate buyers will provide that with no problem — it’s only the fraudsters who have a problem.”

It’s important to be as non-invasive as possible, notes Smith. “We don’t want to annoy 99.9% of our real customers with extra processes just to catch the 0.1% who are fake – that’s why we don’t, for example, ask for an ID number on checkout.”

Fortunately, says Smith, Yuppiechef is not a particularly attractive target for fraudsters. “Our goods are not that easy to resell – they have nothing like the street value of a computer. But we do sell vouchers and cookware, which are where we tend to get problems. And the problem is small enough that if we do get burned, we can adjust our systems the next day and not suffer a significant loss. Only about one out of 100 orders we get is a fraud attempt – we’d have a bigger problem with shoplifting if we were a physical store.”

Yuppiechef backs up its own fraud checks by using PayGate’s PayProtecter, which provides an extra layer of automated checks for suspicious transactions. “We don’t want to rely only on PayProtector because those reports come the next day, and 85% of our orders leave the same day they are placed. But it’s a very useful check.”

Yuppiechef doesn’t use the 3D Secure online PIN system from Mastercard and VISA because, Smith says, “it’s a hassle for our customers and we’d lose sales. But if fraud was a bigger issue for us we’d certainly use it.”

PayGate’s Harvey says Yuppiechef exemplifies the multi-tiered fraud protection strategy it recommends for all its clients. “There’s no magic bullet,” he says; “no one thing you do can eliminate the risk of fraud. But any business can dramatically reduce its risk of fraud by using a combination of its own systems, PayProtector and 3D Secure. Not implementing anything at all is asking for trouble.”