As your startup grows, this can make it more open to fraud as their defences aren’t scaling with that growth. You’re sometimes left with defences designed for a much smaller company – one which can’t keep up. But this needn’t be the case.

Setting the stage

Startups can be an easy target for fraudsters. That’s because their defences often don’t grow alongside them.

There isn’t just one way a startup can be at risk of fraud – e.g. eCommerce startups are often targeted by card fraud and fraudulent chargebacks.

Scaling itself can also be a target for fraudsters – while a startup is growing, issues like disaster mitigation, backups and cyber-defence training might not be as high up on the list as other spend that increases leads.

When a startup is scaling, it is spending massive amounts of money on marketing – another channel frequently targeted by bad actors, be it through signup bonuses, referral abuse, loyalty abuse, affiliate marketing scams or link placement fraud.

Why are chargebacks such an issue?

Let’s say a fraudster has stolen a legitimate customer’s card details. If there’s no fraud prevention in place, they will be able to purchase goods unchecked. Identity theft by credit card fraud increased by 44.6% from 271,927 to 393,207 in 2020, according to research by Intuit Mint.

This is a problem for the merchant, because when a fraudster uses a stolen card to pay for goods on their site, the victim notices and requests a chargeback to get their money back.

Further, some customers will (sincerely or not) request a chargeback when they’re dissatisfied with their product/service. 

With each chargeback, you lose the cost of the product, the product itself, admin fees, processing fees, etc - up to 2.60x the price of the item(s). And, once the chargeback ratio for a business is high, payment processors will attach higher processing fees for every transaction, even trusted ones.

For small startups on a limited budget, too many chargeback fees can cause havoc. But the even bigger problem is that if you get whacked by fraudsters frequently, you can even lose your ability to process payments. Depending on the card issuer, that can come at as low as a 1.5% chargeback ratio – after which you’re unable to process cards of a certain type, e.g. Visa or Mastercard.

Catching fraudsters before they harm you

There are scalable fraud prevention and detection tools on the market for businesses of all sizes – even for a small (but healthy) budget. Some software is more affordable than others, so it’s worth looking at the different options.

Solutions on the market can feature pre-KYC checks, ID verification and high-end authentication, among others. Some software can also help you to stay compliant, which is useful for financial startups subject to AML legislation and other regulations.

As spotting a fraudster is rarely black and white, you might find it useful to enlist the help of software with explainable risk scoring. As this article on fraud scores by SEON explains, they enable both manual and automated workflows. You can either assess each customer on a case-by-case basis, using an on or off-site team, and decide whether to let them through, or use the scoring to enable automation.

In fact, with a dynamic friction strategy you can add harder verification steps for riskier customers while not bothering good prospects, to minimize on false positives. This way, only customers who are medium risk experience additional friction. Low risk customers have a smooth experience with no additional checks unless mandatory. High risk customers will be blocked automatically.

Such a low-friction strategy can be key to growing a business, as it does not affect the customer journey unless absolutely required. Most startups come with promises of ease of use and elevated customer journey, so dynamic friction can help massively.

Calculating fraud risk

There’s a lot you can do with the data the customer provides when logging onto your site, creating an account or completing other actions. Tools like SEON can extract and enrich customer data such as an email address or IP, effectively providing a profile that is akin to a digital footprint. This way, you can learn which online accounts they are connected to. No fraudster will set up a full online presence for each of their fake personas. They will create a new email account, on Gmail or Outlook, for example, but this will not have a believable digital footprint.

Beyond this, you can know whether a customer is using an IP address from a high-risk area. A user who is accessing the site via Tor browser or VPN will receive a high risk score too, as they are tools often used by fraudsters.

On the other hand, you can use a risk score to confirm that someone is a legitimate customer. A customer with a low risk score is unlikely to be fraudulent and so there’s probably little need to introduce any additional friction to a customer’s experience. However, for customers that you’re not sure about, you can still run additional checks such as a phone call or ID verification to make sure that they’re legitimate. 

With some fraud software you’re able to tailor risk rules to your specific business needs. For example, if you’ve noticed particular trends or feel the need to tighten your security, adjusting risk rules will enable you to do so.

Even very small startups are unlikely to have the time or budget to manually review every case of suspected fraud. Another plus of having a risk scoring system is that it allows you to process transactions more quickly – vital if you’re looking to grow your customer base.

As a startup, take fraud seriously – it can make all the difference.