Online Retail and Fraudulent Credit Card Transactions
At no other time have consumers made such a huge shift to digital use and eCommerce. Consumers were already moving towards a more digital life, but recent events have created an unprecedented shift towards eCommerce. This increase in digital activity has led to an unprecedented rise in eCommerce fraud. Online merchants have no choice but to learn how to manage e-Commerce fraud.
Increased e-Commerce during Coronavirus means learning how to Manage e-Commerce fraud is more important than ever.
And as we say, where the money goes, so do the fraudsters. Reports show that during the first quarter of 2020, more than a quarter of all transactions were fraud attempts. This represents a 20% increase over the last three months of 2019 and the highest attack rate seen by researchers.
Fraudsters are opportunists. They will gravitate to the easiest way to commit fraud successfully, or to the place least protected. They know businesses are experiencing an increase in traffic but may not have teams in place to monitor fraud. Now is the perfect time for them to exploit the opportunity. If your business accepts payments online, then you absolutely must pay attention to fraud prevention and management tactics.
At the same time, consumers want a fast and frictionless buying experience. The challenge for retailers? Keeping the payment transaction as painless as possible for the customer while also verifying their identity and then protecting it.
Fraud tactics are a moving target and cybercriminals are sophisticated. Counteracting fraud is a game of cat and mouse. Each time we create new security measures, cybercriminals find a way around it. eCommerce Merchants can’t fight fraud alone. Merchants must take a layered approach to cybersecurity to effectively reduce eCommerce fraud.
Merchants first need to commit to Best Practices in eCommerce sales. Staff should learn to recognize fraud tactics used in eCommerce fraud. Online merchants must partner with a high-risk merchant account provider that understands the importance of managing online fraud. And, lastly, merchants must implement fraud management strategies and tools and protect against fraud threats attempts.
The cost of e-Commerce Fraud
These aren’t your garden variety thieves. Today’s online fraudsters are very smart and tech-savvy. They are able to create and pull off elaborate schemes to get what they want. Whether that be data information or free products.
U.S. retailers incurred a cost of $3.13 for every dollar of fraud committed in 2019. Forecaster Juniper Research estimated retailers could lose up to $130 billion due to card-not-present fraud by the year 2023. And that estimate was made before the recent massive shift to a digital economy.
Many things contribute to the breadth of costs that businesses endure due to fraud. There is the cost of the goods lost as well as the refund to the innocent customer. There are the fees associated with the chargeback and all of the labor costs involved in fighting and managing them. But possibly even more detrimental to business is the potential loss of loyal customers.
Businesses that experience a data breach or large fraudulent event risk losing a good reputation and customers for life. Customer’s that have been a victim of fraud often stop using that service and turn to competitors for their needs. Learning how to manage e-commerce fraud in advance will increase client retention and save your business the cost to your reputation and bottom line.
e-Commerce Fraud on Every Device
Everywhere, on every type of device, and in many ways. Cybercrime networks operate on a global scale. A recent cybercrime report 2019 found that cybercrime “is operating on a global scale in vast, interconnected networks that are unrestricted by regional, country, or industry borders.”
What we know:
- Phones: Consumers are using their phones to purchase items now more than ever. Of 19 Billion transactions, 67% were on mobile phones and 72% were done within an app as opposed to a mobile browser.
- Cybercriminals: Are attacking mobile payments and apps. Mobile fraud attacks saw a 56% rate of growth YOY. This is the first time mobile attacks have outpaced that of desktop attacks. Mobile apps saw a 171% growth in attack rate over web browsers.
- Ecommerce: Fraud can entail many types of fraudulent actions. The most obvious being the use of fake or stolen personal or credit card data. We refer to this type of fraud as true fraud. But fraud can come in less obvious forms as well.
- Chargebacks: Then there is friendly fraud. This is the hardest to accept. Fraudsters are bad, but your own customers? Friendly fraud occurs when a customer mistakenly files a chargeback on a purchase they actually authorized.
One interesting finding from the True Cost of Fraud Study is that eCommerce businesses experience as much friendly fraud as true fraud. The study found that friendly/chargeback fraud accounted for 39% of losses while 36% was due to true fraud. It just goes to show that it’s just as important to manage your chargebacks as it is to fight crime.
How to manage e-Commerce fraud and protect your business.
There are many measures a merchant can implement to help reduce fraud. Some will help lower your incidence of friendly fraud and others help reduce true fraud. First, you want to make sure your website meets industry best practices for real consumers. Be picky about who you partner with for your high-risk merchant services and payment gateway. Lastly, make use of the fraud management and prevention tools available to you.
Follow industry Best Practices on your eCommerce website.
You will also have to provide superior customer service. Remember that more than a third of your fraud can be contributed to friendly fraud” or customer chargebacks. But there are a few things you can do to help reduce the chance of a chargeback.
Proudly display your shipping, refund, and return policies as well as your customer service contact information. Make sure that your customers clearly understand what you provide and how to get help.
Fulfill and ship orders on time and provide customers with tracking information. Many times a customer will file a chargeback when an item takes too long to reach them.
Change your charge statement descriptors to match your store name. Businesses tend to use an LLC or other formal name on the credit card charge statement. This can be very confusing for the customer who may not recognize the business name. Many times people will submit a chargeback simply because they don’t recognize the charge on their credit card statement.
Use dual authentication measures for customer account creation. Having customers provide an alternate email or cell phone number can reduce the incidence of fictitious account creation.
Partner with an experienced high-risk merchant service provider.
Experienced high-risk merchant account providers know what solutions will best serve your business model. They’ll have experience getting your account approved and provide you with a reasonable rate while guiding you to setting up the tightest security settings on your payment processing dashboard.
An experienced merchant account provider will already adhere to security standards set by the payment card industry (PCI). This means not only following standard security protocols but also maintaining your annual PCI compliance.
They will provide you with a payment gateway that has a PCI Level 1 certification (the highest certification available.
Require CVV and Address Verification to Prevent Fraud
When accepting payments, applying certain protocols to the transaction helps weed out common fraudulent transactions. Always apply the use of CVV and AVS tools. AVS stands for address verification service. This makes sure the billing address matches the cardholder’s address on file with the card issuer. Fraudsters will have a stolen credit card number but they won’t know the cardholder’s address. With AVS, the merchant can decide to either reject or accept mismatched addresses or flag them for further review.
CVV stands for credit verification value -the 3-digit number on the back of a credit card. This helps determine if the user has the physical card in their hand. Again, fraudsters may have a list of stolen card numbers, but they will not have that number from the back.
Requiring this code during a transaction reduces successful fraud attempts. But it can also qualify the transaction for a lower interchange rate helping to keep your processing costs down. It is not 100% since a physical card can be stolen, but it will suss out most fraudsters.
e-Commerce Fraud Signals
- Bulk orders or an order that’s larger than normal for your business.
- If the shipping address is in another country than the billing address.
- The shipping and billing address does not match (doesn’t always signal fraud).
- If they paid for overnight or fast shipping.
- Multiple orders with different cards to the same address.
Then there are attacks that you can’t easily see. These take sophisticated algorithms to detect. For instance, IP spoofing and device spoofing involve making it look like the fraudster is located at the victim’s address and/or is using their device. These are triggers that you wouldn’t be able to pick out unless you had time to pour over every single one of your transactions.
Fraud Prevention Software
In addition to learning how to manage e-Commerce fraud, there’s a final step to better transaction security: installing fraud prevention software is the best way to make your business less susceptible to fraudulent attempts. The software scrubs transactions based on a set of rules and blocks any transaction that triggers one or more of the preset rules. This allows it to attack fraud from many angles and take multiple factors into account at once.
Fraud prevention software uses advanced machine-learning technology and algorithms to analyze and compare multiple sets of data. It will analyze information based on IP geolocation, device fingerprinting, address verification service, and card security codes. Then it will compare it with additional information based on customer purchasing behavior, transaction histories, and other preset factors.
Access to this information enables it to assess the potential risk of each transaction and flag potentially fraudulent attempts.