Online Security: A shoe e-retailer takes steps to improve its fraud detection

Fast-growing Schutz Shoes upgrades its fraud detection software to slash manual reviews and improve order processing.

Online orders were flowing into shoe e-retailer Schutz Shoes, the U.S. division of Brazilian-based shoe retailer Arezzo & Co., but the small team spent an increasing amount of time checking whether an order was fraudulent. When one employee on a staff of seven has to manually review the legitimacy of an online order, that’s time away from customers and other business, says Kimberly Gort, e-commerce manager for Schutz.

Schutz Shoes started selling online in 2014 operating its e-commerce site in the basement of its New York City store. That first year, Schutz had about $350,000 in online sales. In 2015, about half of its product catalog was available online and sales grew to $1.5 million. Now, with all of its products available online, Schutz Shoes projects about $3 million in online sales for 2016, Gort says. The retailer also opened a store in Los Angeles.

With triple-digit percentage growth comes growing pains. When the e-retailer received a modest five online orders a day, using the free tool from its e-commerce platform provider (Shopify Inc.) worked fine, Gort says. The plugin would flag orders that might be fraudulent, and the retailer decided to approve or decline such orders.  For example, the tool flagged an order if the credit card and shipping addresses didn’t match, so a Schutz employee had to call the customer and determine if it was a legitimate order. Deciding what was and wasn’t fraudulent often was difficult, Gort says.

“There’s always a risk,” she says. “It was like we were playing roulette.”

The situation frustrated the retailer and the shopper, as some shoppers were blocked from placing an order or their order was delayed or they had to deal with a phone call from the retailer. Schutz was missing out on orders, devoting almost a full employee to manually check the orders and seek out consumers to verify information. As order volume and sales grew, the manual-review model no longer worked, Gort says.

In July, Schutz Shoes decided to integrate fraud detection software provider ClearSale onto its platform, choosing the vendor because it was used by parent company Arezzo. It took about two weeks to integrate the technology onto Schutz’s site, Gort says.

ClearSale factors in about 100 variables to approve or deny orders, and then has its 500-person team to dig deeper on flagged orders, says Rafael Lourenco, vice president of operations at ClearSale. Orders can be approved within three seconds, while an order that requires manual review will take 24-48 hours, he says.

The impact of adding ClearSale was almost immediate, Gort says, as Schutz Shoes was no longer on the hook to manually check flagged orders. The e-retailer now approves 94-96% of its orders, which is about a 5% increase from when it relied on its free plugin, Gort says.

ClearSale charges per transaction and takes a 0.4-1.5% cut of the sale. The commission is worth it, Gort says, as more sales are approved. In August, Schutz Shoes paid ClearSale $1,500. The retailer processed 1,200 online orders that month, 1,002 of which ClearSale reviewed in some capacity; of those 1,002 orders, 973 (97.1%) were approved.

ClearSale has about 2,000 clients, and more than 90% are retailers, Lourenco says. Across all of its clients, 93.5% of orders are automatically approved, Lourenco says.

Recently, ClearSale updated its formula with another variable to approve or deny orders. The feature factors in how long a consumer is on the website before she purchases. The shorter it is, the more suspect. However, this is only one variable and a short time between landings on the site and purchasing will not automatically flag an order, Lourenco says. The new feature increased ClearSale’s average approval rate by 1%, he says.


Heimdal Online Security – 15 Steps to Maximize your Financial Data Protection


We use computers to pay bills, shop online, chat and even keep in touch with friends on social media platforms. You might not realize it, but this makes us vulnerable.

Because we willingly broadcast over the Internet valuable details, such as our credit card information or bank account credentials – information usually needed by cyber criminals – we can never be too careful when securing our financial transactions or personal information.

A 2016 report from the PricewaterhouseCoopers indicates that cybercrime is the “2nd most reported economic crime, affecting 32% of organizations.” And the same study reveals another cause for concern, apart from the economic impact:

“The insidious nature of this threat is such that of the 56% who say they are not victims, many have likely been compromised without knowing it.”

The data clearly shows that cybercrime affects individuals and global economic growth. Cyber-attacks on financial institutions or with financial consequences for users like you and me are putting financial assets at risk. Consequently, financial data protection should be a strong concern for anyone.

So is there a way to for our online activities to remain private and safe from cybercriminals?

Definitely! Here are a few best practices that will keep your system protected:

  1. Check the link before you click it

Pay attention to the links you want to access. To make sure you are not deceived; simply hover the mouse cursor over the link to see if you are directed to a legitimate location.

If you were supposed to reach your favorite news website, such as “”, but the link indicates ““, then you should resist the urge of clicking the link. Hyperlinking is a common practice in phishing attacks and it’s always best to double check embedded URLs.

Most of us use shortening services for their links, such as or tinyurl. But in some cases an unknown link may send you to a malicious site that can install malware on the system. So, how can you know where you’ll arrive if you click it?

To make sure you are about to access the right online destination, use a free tool such as Redirect Detective. This tool will allow you to see the complete path of a redirected link.

Alternatively, you can also check the suspicious links using a reliable URL checker, such as VirusTotal.

  1. Check the file before you click it

We all know malware is everywhere. But how can we make sure a file (or an executable file) we just downloaded is what it’s pretending to be? Can we tell the difference between a safe file and a malicious one?

An important step for everyone is to use a browser which integrates a reputation-based technology. This technology uses a cloud scoring system to analyze each application downloaded and where it comes from. As a result of the analysis, websites that distribute malicious software – not yet detected by existing defense mechanisms – are more easily blocked. For more details, you can access the following article.

To make sure you are not running a malicious executable file (which may download a Trojan virus on your system), use VirusTotal, which analyzes suspicious files on multiple antivirus solutions.

  1. Use secure websites to run financial transactions

Financial operations and transactions should be given high scrutiny, as they hold the key for cyber criminals to cashing out your life’s savings.

Here’s how to make sure you visit a secure website:

  1. Look to the left of the web address and find the “Lock” icon. This indicates that you are visiting an encrypted and/or a verified website.
  2. Make sure the web address starts with “https://”. The “s” comes from “secure socket layer” and it indicates you are connected to a website where data, which is sent and received, is encrypted.
  3. Set strong passwords for your accounts

Your passwords should contain around 20 characters. Don’t forget to combine upper and lowercase letters, numbers, and symbols. Don’t use the same password for all your accounts. Make a habit of changing your main passwords every 30 days. Even if you are hacked, having different passwords for each account will help you limit a potential loss.

For more information on how to set strong passwords and manage them safely, see our step by step guide on password security. This includes details on how to use a strong and secure password manager like LastPass or Sticky Password.

  1. Use two-factor authentication

This is one of the best ways to ensure your online accounts or your email inbox are not accessed by anyone else but you.

This option means that, besides entering your credentials, you will be required to enter a one-time code sent to your phone. Use this method to protect confidential information from social media accounts, such as Facebook, Twitter or valuable data from email accounts.

Read More About 15 Steps to Maximize your Financial Data Protection