Phone Validation

Phone validation represents the final practice of assessing and examining customers. Phone validation is also the only practice where manual reviewers and customers are in direct contact while decisions are made, which means that customers “confirm” whether they are genuine or fraudulent, albeit they are unaware of this process. Phone validation is performed when the decision is still in the balance for fraud agents despite all data-driven assessments, personal or group discussions and access to additional resources.

This approach usually entails confronting the customer with a set of pre-defined questions, while manual reviewers aim to “find out,” through the way customer responds, whether they are genuine. The decision results from the fraud agent’s perspective on the phone call. The following quote highlights how phone validation can be considered an extension of data-driven fraud assessments, a means of comparison and the final step in fraud assessment:

When you have the data, for instance what is customer’s name? What

mobile number did he give? What email address did he give? Then you can already see a bit, whether the customer looks suspicious. What is the email address? Or does he have a weird name? Too many numbers, or what is his IP address? When I have this data, then I already have an

idea what kind of customer we’re looking at and what I will ask him on

the phone and whether he is perhaps a fraudster or not. Well that already helps, and then what the customer says, whether he has no idea or difficulties while answering (Agent, 27 Male).

148

As outlined in the quote, all of the other assessments have been made before the phone call. During the conversation, customers are then expected to “prove” that they are who they claim to be. This procedure is based on the core assumption that while comparing data with the customer, agents will be able to identify a genuine or a fraudulent individual based on the answers provided as well as on the tone of voice; for instance, customers who hesitate or provide inaccurate answers are more likely to be considered fraudulent:

This is a decisive criterion, because we think that fraudsters place so

many orders and can’t necessarily remember whether they bought shoes today but also bought shoes yesterday. I experienced that myself with the phone validation, that people just could not answer or mixed

something up. But that’s just decisive. Another question is about the

items which they bought. When they can answer immediately and perhaps even to talk about the details, such as size and colour, then it’s

okay (Agent, Male 35).

Honest customers actually always go into it and say then that it is, for instance, it was for the family or for a sports club or something similar. They answer fairly quickly. Fraudsters avoid it (Team Leader, 33 Male).

Phone validation is grounded on the assumption that genuine customers provide the right information about their order details, while fraudsters cannot provide accurate information or are less likely to do so, given that they might place several orders using other people’s personal and transactional data and might not be able to remember all of this information during a phone call. Furthermore, the assumption is also that fraud agents can recognise whether they are genuine through the way customers speak. These are problematic assumptions, because as pointed out earlier, customer behaviour can be very diverse so that it is not possible to divide them easily into two categories.

This is because not all customers can completely remember their order details or are willing to talk on the phone, as this may cause inconvenience, while fraudsters being aware of this process can be well-prepared to answer the questions correctly.

149

Additionally, in this regard, as discussed in the first section of this chapter, manual reviewers might have varying understandings of suspicious behaviour, which in turn increases the likelihood that they will come to different conclusions based on their own preferences and understandings.

This also becomes clear when considering manual reviewers’ selections of orders for phone validation and the choice of questions posed during the phone call. The following quotes exemplify which orders can be chosen and which questions asked by manual reviewers:

We have to ask the last four digits of the credit card and if it is the first order to place. We have to ask for the email address. If everything is actually right, and the customer gives a logical answer, we accept it (Agent, 22 Female).

I normally ask whether the customer themselves placed the order. When the order amount is over 1000 Euros, then I ask what it was ordered for or why the amount is so high and for whom it is ordered, etc. (Agent, 23 Female).

I also called when one item was ordered in a big quantity, because I wanted to know what it was meant for (Agent, 55 Female).

As the quotes show, manual reviewers vary in how they select the orders and the questions they pose, which means this can also lead to varying fraud constructions. Another important point, though, is that while agents can vary in terms of their choices or understandings of unusual or suspicious behaviour, the following quote outlines that the vast majority of orders are indeed accepted after phone validation, regardless of the questions posed by manual reviewers:

Customers that are reached, I would say that 95 % are certainly released, and the ones you cancel are often not reached (Team Leader, 33 Male).

150

This means that the profiles of genuine or fraudulent customers are constructed not only through the answers they provide, but also simply whether they can be contacted. As the quote outlines, almost all customers contacted via the phone call were labelled as genuine, while customers who could not be reached were much more likely to be labelled as fraudulent regardless of the reason for not being available. This is highlighted further in the following quote:

Yes, the management wanted, ordered and left a wrong number, the number was unavailable, well, mistyped. Consequently, the order was blocked [cancelled] due to the suspicion of fraud, and then management called us totally angrily, but this also was sorted (Back Office Team Member, 29 Female).

As this case shows, the manager of an online retailer was categorised as fraudulent, as the number provided did not work. This is also because the reasons for not being available are usually not examined or taken into much consideration. The following quotes exemplify that phone validation provides manual reviewers very little support in the detection of online fraudsters:

Not always. Sometimes, you have cases 50-50. It is your decision to release it or to cancel it. I prefer cancelling it. He can always prove that he is a genuine one afterwards, but if we are wrong, we lose the money for this order, because we won't get the money and the products are gone (Senior Agent, 46 Male).

In my opinion, it is not really helpful. If I placed an order with a stolen credit card and somebody called me, I would say yes, I placed this order. Please release it. It is not very effective, in my opinion, but we still do it (Supervisor, 26 Male).

Of course, it helps when you talk with the customer, once more as a final criterion. As a last decision criterion, it is probably not wrong. But

a good fraudster manages that so that you don’t have doubts

151

There are some calls which are a bit weird. But that has mostly to do

with being rude, that they don’t want to answer the questions or

perhaps they are busy at that point. On the phone, you can’t clearly distinguish if they don’t want to answer or if they are just busy (Agent, 35 Male).

As the quotes outline, a clear distinction between genuine and fraudulent customers can remain challenging despite phone validation. While calling a customer can provide agents with some support in their assessment, it will not confirm genuine customers. Ultimately, it remains a subjective process involving various fraud agents with various preferences and values, armed with a selected set of questions and the hope of detecting criminals through this approach. One benefit of phone validation for manual reviewers is that it helps them to justify afterwards the decisions they make. As discussed in Chapter Four, some of the accepted transactions turn into fraud through a chargeback. In such cases, phone validation can then be used as proof that the manual reviewer has taken every step possible to identify the fraudster correctly, but this identification can still fail despite talking personally to the customer.

5.4 Conclusion

This chapter focused on the second sub-question of how online fraud is constructed through social practices, and it discussed how manual reviewers develop a number of internal and external practices to differentiate between genuine and fraudulent customers. While it was examined extensively in Chapter Four that fraud is constructed through generated and assembled datasets, and how they are joined and re-joined, this chapter expanded upon this understanding by exploring how data were utilised within social practices, how additional actors were mobilised and how fraud is constructed in social situations.

It was also argued in the chapter that these practices are developed to overcome the challenge of not knowing the real identity of fraudsters; however, this is a fairly subjective process, because manual reviewers vary in their choice and selection of

152

orders, preferences and understandings. For this reason, multiple constructions of fraud emerge based on the agent, the orders selected, data searches on the internet, the digital activities of customers, results presented by Google, the accessibility of information, the traceability of online activities, the relatability of datasets, time invested and the suitability of the practice. Furthermore, it was also outlined in the chapter that fraud is a fluid concept, given that the categorisations of genuine or fraudulent customers are not static and can change in line with new data entries, the involvement of customers is based on which manual reviewer examines the case.

The chapter was divided into two main sections. The first section explored individual and collective practices developed by manual reviewers to predict and prevent online fraud. As discussed, manual reviewers make data-driven fraud assessments by examining transactions within a historical context while looking for relations between present cases and past transactions. In this process, assessments of past cases are used in the examination of current transactions. However, as the data can be very diverse and unique, and represent combinations of datasets which were either previously not observed or did not fit into categories based on the examination of past cases, manual reviewers also develop additional practices to support their decision-making.

A popular method amongst manual reviewers is the reliance on one’s own feelings, judgement and experience while examining online transactions. This implies that manual reviewers vary in their understandings and preferences concerning online fraud, which in turn means that different results emerge from this practice based on who examines the online transactions and how these are scrutinised. Collective practices are performed similarly and usually involve two or more members of the fraud team, who discuss and negotiate ideas and understandings, eventually proposing a solution. Customers are then categorised as genuine or fraudulent based on which arguments are proposed and given more weight. The final procedure in the first section of this chapter was the cancellation of orders, which is done to provoke an action or to test a customer’s reaction. Customers who respond to the cancellation by contacting the customer service centre and filing a complaint are then usually

153

considered genuine thereafter as opposed to the customer who does not get back to them.

The second part of this chapter explored external practices that require mobilising additional actors to make fraud decisions. The first external practice was Web verification, which refers to searching for personal customer details on the internet while looking for relationships, for example through Google Search or on social media platforms. In this case, manual reviewers look for an external validator who can confirm that the customers are who they say they are. Web searching is also performed to uncover additional information about customers or to view their address and location and use these to construct profiles of genuine and fraudulent customers.

As addressed in the chapter, this raises serious ethical concerns, because on the one hand there is a lack of customer consent to and awareness of this practice, and on the other hand it has discriminatory effects. Customers are not aware that their personal and transactional data are being used for fraud assessments, that they are being Googled, their social media accounts are accessed, or their houses are viewed and that this information is used, even arbitrarily, to define them as good or bad customers.

The final external practice is phone validation, which requires calling a customer personally and confronting them with some questions. The customers are then categorised as genuine or fraudulent based on how they respond, while in most cases the outcome is positive as long as they can be reached.

Christl (2017) argues that data-driven business practices limit the freedom of individuals to make free choices and decisions. While these practices affect individuals and the society at large, they disproportionately target the disadvantaged individuals and groups and contribute to an increase in social inequality. This is also because these practices are kept secret so that it is not possible to have an open and a fair discussion on how such practices could be performed in a fair manner. This proposal does not necessarily contradict corporate objectives given that businesses have a keen interest in the identification of genuine customers and only denying

154

transactions made by fraudsters. This would nevertheless require that there is an awareness of data-driven social practices and their discriminatory outcomes.

Chapter Four and Chapter Five have discussed expansively how actors such as fraud management team members, technological systems, data, Google, individual and collective social practices and customers come together in the making of online fraud. The next chapter will expand upon these insights by exploring a number of other actors who come into play, and it will examine how online fraud is partly the result of the relationships between several heterogeneous actors.

155