Home Professionalisms Don’t let Fraud Losses Surprise You

Don’t let Fraud Losses Surprise You


By John Canfield, VP of Risk for WePay

When you are in the beginnings of starting up your business or in the heady days of growing your business, one often neglected part of your business may be the operational headaches and risks you have to tackle as you scale. In particular, if you are a platform serving many users and accepting payments on that platform (e.g. Uber, Kickstarter, Constant Contact), you should be thinking about fraud risk and how exposed your platform might be to this risk.

As VP of Risk for WePay – a payments API provider powering hundreds of platforms – here are our five tips on making sure you’re not surprised by fraud losses:

1. Know your enemy.

First, you have to understand whom the enemy of your platform or marketplace is. You might not realize that there are lots of different kind of fraud and loss – including merchant identity fraud, merchant credit risk and buyer identity fraud. Most likely, you’ll be concerned with collusion fraud.  What this means is someone setting up a merchant or fundraiser account with a fake or stolen identity, then using stolen credits and fake buyer identities to pay their own merchant account.  They get the money and disappear, but you are stuck with the charges.

2. Simple tools to start.

One of the first things you can do is actually pretty traditional.  Using a vendor like Experian, Equifax, or Lexis-Nexis, you can validate that your user’s identity is a real one that matches their database.  If needed, you can also check their business credit and history.

3. Social data as your secret weapon.

However, to get more advanced, you should consider social data. It is easy enough to do a social search based off an email address – you can see whether someone has a Facebook or LinkedIn profile and whether it matches a verified email they gave you.  A long-established social profile that matches their name and e-mail is an asset they have that is difficult for a fraudster to synthesize.  WePay uses social data and algorithms to power our own VedaTM risk analysis engine.

4. Risk Management -> Trust -> Growth.

Managing payment risk protects you against losses from chargebacks.  It also improves the trust in your platform by weeding out bad merchants that lead to bad buyer experiences.  Trust and excellent buyer experiences reduces churn and accelerates growth.

5. Don’t wait.

Fraud is unlike most business phenomenon because it is highly non-linear.  You can have zero fraud one week and be in an all-out attack the next.  One company found that their fraud attack was being spurred by a fraud blog post explaining how you could make a quick $500 off their site.  Don’t let this happen to you.  Even if you do not see any fraud today, you need to have at least basic defenses and a rapid response capability in place to be prepared.  Of course, alternatively, there are many providers, such as WePay, whom you can use so that you don’t have to take on this burden yourself.

So, while you might not undertake all five of the tips above, the important thing is to start thinking about the possibility and putting place some measures to assure the trust and safety of your platform, that way you won’t be completely surprised.


John Canfield is the VP of Risk for WePay. WePay provides a payment API specifically designed for companies who want to enable many small users to accept credit cards on their platform without taking on the fraud risk and operational burdens associated with payments. WePay powers some of the top platforms including GoFundMe, StayClassy, CustomMade, Honeyfund and hundreds more. Prior to WePay John was Sr. Director of Risk at eBay.