How Method is Reducing Fraud in Commerce

One of my early e-commerce memories is buying things online for my parents during the transition from dial-up to early DSL. Because our billing and shipping addresses didn’t match, every purchase triggered a manual review. We had to make a call, send a photo of the card, upload an ID, and wait days.

This didn’t scale with e-commerce.

So the industry made a compromise; we decided to use card presence as a proxy for trust. Existing tools look at a basket of signals (e.g. IP address, device, billing address) and guess: “Do we think this transaction looks suspicious? Is the person checking out the person with the card?” 

Sometimes these tools are right. Often, they’re not. And when they’re not, it costs a lot of money and creates a lot of headaches: for payment companies, for marketplaces, for merchants.

We wondered whether we could use our infrastructure to build a better version of fraud detection. Over the past year or so, we have launched fraud tools to fix the problems with tools today: Method verifies the cardholder directly by linking (1) identity, (2) phone possession, and (3) real-time authorization.

Since we launched these tools, our customers have reduced fraud across the board. We believe that our solution will save billions of dollars in fraud and lost revenue due to false declines. 

Fraud tools fail today because they rely on inference

None of the fraud tools we saw in the market actually verified whether the person making the purchase was the person who opened the card. Instead, they relied on inference. 

The reliance on inference makes doing fraud just a series of rather straightforward hoops to jump. Data breaches sell complete card packages. There is tooling to beat IP constraints and device fingerprinting. If you are a savvy person and can get someone’s complete card info, I bet you could commit fraud in the span of a calm afternoon without any prior technical knowledge.

So the natural response we saw from most companies was to tighten the filters. Hire people to review more orders manually. Be stricter about IP address requirements and the like. Batten down the hatches.

But then you start blocking real customers, which is often worse: false declines usually account for a lot more (often 3x or 4x more) lost revenue than the fraud itself. Now you have two big, expensive issues.

To help customers escape this mess, we decided to build a tool that verifies directly at the source.

Method verifies at the source

The main way we prevent fraud in physical commerce is quite basic: do you have the card? 

This doesn’t work with e-commerce. And it’s deteriorating as commerce moves towards agents, one-click flows, and invisible checkout. When there is no human “moment” at checkout, legacy fraud models have even less to anchor to. So we decided to take a different approach entirely.

Instead of asking: “Do you have the card?” we ask “Are you the person who opened the card?”

We answer this in two steps. First, we verify the person. We confirm that the user is who they say they are and that they are present on their phone right now, authorizing this transaction.

Then, we take the user’s identity to credit bureaus (the same sources banks use!) and ask those bureaus which cards this person has opened. If there is not a match (or the user wants to use a card that isn’t on their report), they’ll enter those details manually. This creates a higher fidelity second-look pipeline.

This whole process happens in milliseconds. And it can play out in two ways:

1. If Method’s embedded UI is integrated into a checkout flow, then we automatically surface the user’s cards once we have confirmed their identity. They do not even need to type in the card number.

2. If Method is not integrated on the front end, we cross-reference the card number they input with systems of record about that person’s cards. 

Both versions of this are equally effective because they rely on the same backend infrastructure. And this infrastructure enables what decades of fraud tools have not: verification.

Only possible with the best connectivity in the industry

We didn’t set out to build fraud tools; we started by connecting liabilities with just name, phone number and consent. But once we had built this connectivity infrastructure, we realized we could make it useful in other places. In this case, we realized we could answer the question that every fraud tool dances around:

Did this person really open this card?

We have already deployed this verification technology at scale with companies like Bilt, SoFi, Figure, and Cleo. Now we’ve redesigned it to plug directly into checkout.

Book a demo to see how Method works here.