Cybersource: Tackling Fraud While Accelerating Online Sales (Ryan Lane, Director of Strategic Alliances)

Cybersource: Tackling Fraud While Accelerating Online Sales (Ryan Lane, Director of Strategic Alliances)
In this episode of the Storesome podcast, I spoke to Ryan Lane, Director of Strategic Alliances at Cybersource.
Cybersource is a payments company and A Visa Solution. Cybersource’s difference is their ability to strike that balance between fraud prevention and still capturing more sales, which you’ll learn more about later on.
Use this link if you’d prefer to listen to the podcast live: https://anchor.fm/storesome/episodes/Cybersource-Tackling-Fraud-While-Accelerating-Online-Sales-Ryan-Lane–Director-of-Strategic-Alliances-eo9rdp
—
Graham: So welcome to this season’s focus on the FinTech industry with Storesome. Today we’re joined by Ryan Lane, the Director of Strategic Alliances at CyberSource. Ryan, welcome, how are you doing today?
Ryan: I’m doing well, yourself Graham? Thanks very much for having me!
Graham: Yeah, awesome! And thanks for taking some time out, really looking forward to hearing your thoughts and insights in the payments landscape. This is a great opportunity for myself and also our listeners to learn more about you, your expertise in the industry and for CyberSource. So it’d be great for you to just give the listeners a bit of an overview of your background and also what CyberSource does.
Ryan: Yeah, absolutely. Thanks very much. Well in terms of my background, I’ve spent the better part of the last 14 years in the payments game, in various roles working for both payment gateways, acquirers, and the likes. Three years ago, I joined CyberSource and by default Visa, predominantly focused on looking after managing our tech partners.
I had the pleasure of engaging and working with these strategic technical partners or technology partners to help drive innovative integrated solutions, for both our mutual customers and into the market as a whole. In terms of CyberSource then, without sounding somewhat arrogant, we like to think that at CyberSource, we know payments. We motivate that by the fact that we helped kickstart the e-commerce revolution back in 1994, and haven’t looked back since.
Essentially what CyberSource looks to do is to build the tools that help businesses run their commerce organisation and turn ideas into reality. And we do that with a global outlook and providing both our merchants and partners access to technology, knowledge and ultimately our passion when it comes to payments, to help them drive acceptance in a safe, fast, and easy manner.
And fundamentally, for our clients, knowing that we’re also part of the board of these organisations who in themselves are somewhat security obsessed when it comes to their standards, it just helps our customers feel a little bit more comfort in the fact that we’re going to take care of them and their business, wherever it is that they want to go.
Graham: Fantastic. So you’re the glue that holds everything together in the payments sector that people don’t normally see?
Ryan: Yeah, very much so. We’re often in the background, looking to provide that digital enablement layer by connecting end users and consumers via merchants to the relevant acquirers in the payment network as a whole, and really just facilitating that ability for them to be creative. Ultimately, they look after the customer experience and focus on their own business while we do the payments bit.
Graham: Fantastic. So just to give the listeners a bit of a recap of myself and what the Storesome solution does; I’m Graham Broughton, the Managing Director and co-founder of Storesome, part of the We Are Pentagon Group. So I personally have been in the marketplace sector for just over 10 years, so a little bit less than you Ryan, selling car parts for a company that sold predominantly on marketplaces, that covered everything from marketing operations, day-to-day, growth strategy, and technology – all aspects of the business, so all SMB.
But in a relatively short period of time – three to four years – I grew a start-up to generating seven figure annual sales, and I used a service provider called We Are Pentagon to do that and support me on that. Then as part of that journey, I joined the We Are Pentagon Group around five or six years ago and headed up the direct to consumer part of the business for managing and supporting large brands like Dyson, Next, Sports Direct and Arcadia Group onto marketplaces themselves.
So I was the Managing Director for around four and a half years of the service division and then this year I took on a new, challenging role within the group to become the founder of Storesome, which is a SAS platform marketplace provider which enables large brands and retailers to effectively build their own marketplaces.
And we’re seeing a huge shift in terms of how e-commerce has grown from just being pure .com to actually growing and selling onto marketplaces. And it’d be good to hear your insights in terms of how you see this landscape changing and how it has evolved. Not only just out of the pandemic, but also what’s happened this year and the past previous years in terms of that shift of PSP providers, fraud and legalities around it.
So I’m going to dip straight into the first question here, Ryan, and just ask you. We’ve seen a significant surge in online transactions; you no doubt have seen a huge surge in online payments and activity, during the pandemic specifically. What impact do you think this has had on the online payment service provider landscape?
Ryan: Yeah again, this wouldn’t be news to you and I think everybody would say something along the same lines. Certainly the world, as we noticed, changed dramatically in 2020 and no less so when it comes to payments, and in particular online payments. How we work, how we socialise, how we buy things and ultimately how we pay for things, has all drastically changed for customers, even those that were possibly resistant to change in the past now find themselves predominantly engaging in a digital space.
Fundamentally purchasing decisions are made on demand in real time, with a click or a tap, and ultimately from a couch, or the kerbside. It’s no longer the storefront or the bricks and mortar business being the first port of call in terms of making those purchasing decisions. We’ve always coined a phrase internally; we’re calling this the new era in payments, and obviously for good reason.
We see millions of card holders use e-commerce for the first time, as well as a lot of our customers who have successful existing e-commerce businesses, have seen a massive uptake in net, new cardholders coming to their sites and shopping with them for the first time. So it’s no longer just the tech savvy or the new technology embracers, there’s a large demographic of resistant players who are now being forced to go down routes of digital payments.
Graham: Yeah, and I think one of your colleagues Gary, he coined it earlier in this year. When I met the Visa and CyberSource team earlier this year and in 2019, we were already seeing some of those kinds of movements. And I know it’s overused in terms of this phrase ‘acceleration’, but I really thought about it.
I went on annual leave this year and we went to Cornwall. We went to park in the local car park and it was the first time I’d ever used (rather than contactless payment) I’d actually downloaded one of the payment apps for the car parking. And you know what? It was really nice because it did a few things that normally you don’t do. It was convenient to just pay, so that was one good thing. It was inconvenient to download the application, but once it was downloaded, it was very easy to use. It just nudged me and said “right, do you want three hours?” and I chose three hours’ worth of parking.
Then whilst I was on the beach, it said “you’ve only got half an hour left, would you like to top it up another hour?”, whereas normally I’d have to physically go back and swap that out. But as you know, effectively this pandemic has forced this different way of enabling a payment structure. It made it super convenient for me to just top up that payment. And I think that’s the digital shift that I won’t move for my life. I’ll be frustrated if that app isn’t available in a car park, rather than it being a forced way of paying for something.
Ryan: I mean, absolutely. Again, that was the next point I was going to make. What we’ve seen certainly in the first four or five months of the pandemic, is e-commerce and digitalisation in particular, has pushed ahead four years in a four month span. Now on the one hand that’s fantastic for us because our legacy is predicated largely on e-commerce and digitalisation of payments and this great user experience.
But it comes with some downside as well, in that we find ourselves having to combat rather technical savvy forces out there, who see this as an opportunity as well. With the rise of e-commerce and moving away from the present where we could validate somebody by looking at them and they were putting in their PIN, we’re now moving largely to online. We’ve got to be mindful then as a result, that there is a potential or propensity to open up to these tech savvy forces out there. I think the short message is: yes, it’s a difficult time, but certainly what it’s doing to our industry and driving that digital online payment experience is fantastic. It should be fantastic for consumers like you and I, as well as for our customers in terms of reaching new markets and driving, as you so eloquently put it, that convenient purchase experience.
Graham: So we’ve seen an impact in terms of digital embracement forced by that pandemic, you know, four months accelerated over four years. So we’re talking about all the positives, and one of the things that you guys specialise in is the fraud aspect. What kind of acceleration in time, in terms of the shift to online fraud have you seen that’s opened up and what do our listeners need to be thinking about in terms of these fraud trends that are changing this year?
Ryan: Yeah I think as I alluded to, fraudsters have become even more opportunistic now. As we progress four years and four months, they’ve certainly become far more advanced in their approach. The evolution of the consumer purchase patterns means that organisations -whether they’re new to online or existing – need to be ready to adjust their fraud configuration to maintain the ability to service loyal and good customers, but at the same rate, managing risk alongside that.
For some industries, attempted fraud rates in particular have increased, as fraudsters try to exploit vulnerabilities. They’re looking at merchants potentially removing these perceived barriers to sell as they try to give you an opportunity for that convenient purchase scenario. And ultimately what this is doing is it’s creating this perfect storm for fraudsters, right? It’s delaying review teams and customers slightly while they check and balance to make sure this is a relevant customer purchasing relevant goods or services from them. It’s putting them under huge strain because one, they’re under capacity given the current environment and two, every opportunity to solve something, is a big one.
Really what this is doing is it’s giving these fraudsters the opportunity to sit back and say “okay, they’re going to start testing merchants or customers or websites”. So they’re looking for which of those doors is ultimately opened the widest to them. To that extent, there are some specific trends we’re really seeing at the moment. And again, as things progress, we’ll continue to see these trends gain a pace from a fraud perspective. Credit card testing is one of those, where they’re using botnet attacks programmed to run thousands and thousands of transactions to try and take down somebody’s website and find loopholes in their website.
Now, what that does from a merchant perspective, is it impacts their overall authorisation rates as well: so not a great experience for the merchant or the users trying to get on that site. You know, phishing related scams have always been there; they’re becoming slightly more difficult to identify with these fraudsters sending out emails claiming to be from the World Health Organisation or airline refunds, which we can all appreciate, or even in some instances being stimulus payments. As a result, when clients or merchants are clicking through to these websites, the fraudsters are stealing our information.
The problem we have is – this account takeover as it is – they’re not necessarily going to use it today. They’re going to sit on it, hold it, and once we come out of this pandemic and the world gets back to some sort of normalcy going into next year, then all of a sudden we’ll see a massive uptake in account takeover, where fraudulent details are being used and they’re stealing our identities to set up fake accounts online.
Graham: Understood. And you’re completely right; you just touched on a couple of points there. So I had flight refunds this year, I had holiday refunds this year and the opportunist phishing email scam that normally preyed on those kinds of people is actually very open now because everyone’s in a very similar bucket in terms of how they can be approached. So, yeah, that’s quite scary. So how does CyberSource help protect retailers and customers from that type of fraud then? What’s in your toolbox or what’s your normal approach in terms of being able to address that?
Ryan: You know, every customer has a partner and we look to consult with them, so work with them to define both the payments and more specifically a fraud strategy that works for them. Now that’s predicated largely on our experience; we’ve got 450,000 clients globally that we’re able to reference. And we will often look to do a comparable, vertical analysis and certainly be up front with our clients. Be able to suggest bespoke rules for that vertical, or similar organisations within a vertical to help them – certainly at the outset – get out there and have something that’s protecting them.
We also looked at blend machine learning; we’re very much always in partnership with the skilled and experienced people in our organisation, which are our managed risk analysts. Machine learning is great, but it can’t identify the uncertain times that we’re in at the moment, therefore having people in the background who are experienced and able to then adjust accordingly, is always a good way to approach things. I think the other thing as well, which we’re fortunate enough on, is we have access to data and resources at Visa where there are massive data pools of information for us to call on and to use that to further expand on our rule sets and ultimately derive recommendations for our customers, based on insights gathered from this data.
Ultimately I think at CyberSource, we have to help during challenging times as well as the good times, especially when it comes to fraud management strategy and ultimately the recovery beyond that. And we’ve got some tools like our decision manager fraud solution, which is available integrated with your payment management or as a standalone service. So we’re not saying you have to take our payments along with fraud, our fraud solution will work alongside their existing payments as part of their payment strategy.
But beyond that, we’ve got additional extensions, such as the account takeover protection which I mentioned earlier. Our decision manager replay solution, which essentially allows our customers or our merchants to almost deploy in production – or take production data -and deploy a subset of fraud rules and look at the impact that would have on their acceptance. Because what we don’t want to do, is we don’t want to turn the screw so tight that you’re not letting your good customers through you. But at the same rate, we want to protect you so much as we don’t want to let the bad guys through either.
Graham: One hundred percent. So it sounds like you’re got a very consultative approach in terms of how you work around that PSP and that risk management. You build out a strategy effectively, that tailors to the risks of that retailer. Then you have subsets and AB testing in terms of how that impacts on the conversion rate so that it’s enough in terms of the balance of risk and customer satisfaction, but also making sure you can get the conversions coming through on the sales.
Ryan: Absolutely spot on; better articulated than I could, thank you.
Graham: It’s alright, you painted the picture, I just took a quick photo of it. That’s all I did. So I use an online banking app and something simple which I really like is that if I go to go and purchase something, I go through the normal verification process (put the back of the card numbers in). But there’s another nudge now (if I’m buying something on the desktop) I then have to go into the app just to approve that payment now, which I love because I know that’s pretty secure. There are multiple ways that you have to steal my information to make that happen.
Ryan: Yeah, absolutely. Essentially what you’re referencing there is the new PSD 2 strong customer authentication regulations. We’re gearing up for a deadline early next year where everybody should be supporting that. We’re always trying to streamline and remove friction from a consumer journey, but at the same rate, we want to make sure that consumers like you and I, we also want protection and we want to feel comfort in that protection. And certainly things like you’ve mentioned there or described there in terms of that strong customer authentication or lending to that comfort that you and I have as consumers.
We’re fortunate because we’re able to combine solutions like that, and pair authentication as it is, with a strong balance fraud engagement model. And then subsequently behind that, we’re able to pay that for our merchants, with the accepted payment types. So it’s not always just going to be a credit and debit card, but we can also support other alternative payment types as well. Now, what that does is give you a rounded proposition, that’s doing two things. One is securing our merchants or customers from a fraud perspective, but also providing their consumers or their customers with the most frictionless way to pay and protecting them at the same time.
Graham: So we’ve discussed what’s happened this year with that acceleration, which I think is going to be a bit unprecedented in terms of all kinds of adoption. What does next year look like? What does the future hold for CyberSource in 2021?
Ryan: That’s probably the hardest question to answer. I need to pre-empt this by saying that this is very much my opinion, but I’d like to think it speaks for our organisation. I think we’ve got to continue to do what we’re good at, and that’s to be a driving force for digital and enabling payments. We’ll certainly continue to help our customers to strike that balance between fraud prevention and capturing more sales while creating experiences that are led by consumer-first strategy.
I think businesses are going to continue to be led by digital-led innovation, and there’ll be some recurring themes that come up certainly over the course of the next year and long-term, that continue to drive that and drive businesses where they’re attempting to recreate the current present buying experience.
And certainly some of the things where we’re keeping a close watch on from that digital enablement is the rise of contactless payments. You don’t need to be particularly well-versed to realise that that’s going to continue to grow over the course of the next year. We’ve seen a lot of organisations adopt a digital first or digital only commerce strategy. So it’s about understanding how we can support those types and particularly, be they small or large enterprise organisations that are moving to online for the first time, how we make it as simple, as risk-free and as quick go-to-market for them as possible so that they can start deploying their services to consumers.
And I think we’re going to see a continued presence and a continued growth around the mobile space as well. So I think for CyberSource, we’re well geared up in terms of that; we’re doing a lot of work in the background to support that. There are things like click to pay, which we’re looking to be very early to market in terms of supporting click to pay, which is essentially the extension of the Visa checkout and the master pass solution.
So you’ll be able to go to a website, as you mentioned that convenience of having those details stored securely in the background and being able to do that one click pay-out experience, safe in the knowledge that you’re protected. So these are some of the things we’re tracking. But you know, there’s great news around this at the moment, there’s vaccines and that, but going into next year, we’re certainly going to see the impacts of the pandemic continue for many. And a lot of organisations as a result of what’s happened this year are pushing their staff now to potentially work from home permanently, or certainly more often.
And as a result, we need to be mindful that what we consider to be hotspots from a risk perspective, being the big cities (if we’re looking at IP address tracking) are going to change. So we need to constantly innovate on our side and make sure that we’re ready for those changes, in terms of what we identify as risk hotspots, as people move from cities and potentially start working from home more outside of the city.
Then likewise, the types of products we would have considered high risk products when being purchased online in the past are going to change. We could look at athletic equipment, home office equipment, online education downloads, which in the past we classically wouldn’t have considered a high risk item, we need to be mindful that that could change drastically. Because as people move towards purchasing those things more online, these fraudsters are looking at that and thinking that that’s an opportunity for them to start testing cards and so forth as well.
Graham: Understood. So it’s a continuation of that acceleration effectively, but there’s going to be a bit of a change to the new normal, so you guys are spearheading that change in the PSP sector so it’s going to be another difficult year, but hopefully one that we can accommodate and work with.
And that’s really helpful and really insightful as well, Ryan. I appreciate your time today. And I just wanted to thank you. And thanks for taking the time this afternoon to voice your opinion and for us to hear a little bit more about CyberSource and what’s happening in the marketplace platform revolution with PSPs.
And if you’d like to hear more about anything in terms of PSP payment service and PSD 2, then please let us know and get in touch. I’d like to thank the listeners for listening to the Storesome podcast series and this specific focus on the FinTech area. Thanks once again, Ryan.
Ryan: Thank you for having me!
Graham: Appreciate it, cheers.
—
I hope you enjoyed this piece and many thanks to Ryan for contributing his insight.
If you’d like to learn more about Cybersource, you can learn more on their website https://www.cybersource.com.
If you’d like to learn more about the future of marketplaces, we’d be glad to help you. Get in touch today and book your free 90-minute discovery session.