During the start of the business, online fraud won’t be a big deal, when there is a minimum of ten transactions a day. However, as the business grows and the scale increases to five hundred transactions and starts accepting credit card payment, not taking care of it would not be a good idea. Statista states that in 2018 US merchants lost an estimate of $6.4 billion dollars in payment card fraud loss, small business has mostly been a victim of this and have suffered the most in case of fraud as an estimate of $155,000 year.
Credit card processor offers merchants basic security measures to reduce credit card fraud, before deciding on which payment gateway to use for your business, it is necessary to find out how your business will be protected in case of fraud transactions.
With the rapidly evolving digital economy, the business of all sizes needs to re-evaluate their position and tools when it comes to fraud management. The employing techniques that have been deemed most effective when it comes to tackling of card payment fraud and minimizing losses due to it.
Some effective ways in which the payment gateways should imbibe to reduce online fraud-related losses:
Address Verification Service (AVS)
AVS is an effective security measure to detect online fraud. When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card issuing bank has on file. Part of a card-not-present (CNP) transaction, the payment gateway can send a request for user verification to the issuing bank.
The AVS responds with a code that would help the merchant understand if the transaction is has a full AVS match. If they don’t match, more investigation should be carried out by checking the CVV (Card Verification Value), email address, IP address on the transaction or allow your payment gateway to decline the transaction.
Card Verification Value (CVV)
The CVV (or Card Verification Code) is the 3 or 4-digit code that is on every credit card. The code should never be stored on the merchant’s database. A CVV filter acts as an added security measure, allowing only the cardholder to use the card since it is available only on the printed card. If an order is placed on your website and the CVV does not match, you should allow your payment gateway to decline the transaction. While making a card-not-present transaction (online, email or telephone orders), the merchant gets the required card information from the customer to verify the transaction. Friendly fraud is a risk associated with CNP transactions, that can lead to a chargeback. Enabling a CVV filter helps merchants fight fraud and reduce chargebacks.
Device identification analysis the computer rather than the person who is visiting your website. It profiles the operating system, internet connection and browser to gauge if the online transaction has to be approved, flagged or declined. All devices (phones, computers, tablets, etc) have a unique device fingerprint, similar to the fingerprints of people, that helps identify fraudulent patterns and assess risk if any.
Companies like Threat Matrix, monitor the device ID, using it as a reference point to see if other people have flagged it as a suspicious or fraudulent activity. Fraudsters cannot impersonate a computer’s unique identity, making it a viable option for protecting your business against online fraud.
Flag Large Transactions
With stolen card information, fraudsters will take a shot at making large transactions before the card is blocked. This would be deleterious to your business (big or small) where you will have to bear the cost of allowing a fraudulent transaction to take place. It can also lead to a payment processor terminating your processing account, and your business would take a big hit.
You can limit the number of large transactions by specifying a flat dollar amount, which is an essential step towards avoiding chargebacks. In addition to this, you can limit the number of failed transactions that go through the payment gateway.
Payer Authentication (3-D Secure)
Payer authentication, also called Verified by Visa (Verb) and MasterCard Secure Code, is a cardholder authentication measure that secures online transactions for customers. This method allows cardholders to create a PIN (secure code) that can be used during checkout to confirm the user’s identity. By implementing this, merchants are provided chargeback protection and lower interchange rates.
This is one of the most sought-after fraud prevention tools that businesses undertake that also looks after their interests
If you are shipping items overseas, you need to exercise greater restriction for such orders. Pay more attention to orders made from countries considered to be “high-risk”. Customers in these countries have to call the company to verify their identities before their transactions are processed.
According to the Online Fraud Guide, some of the countries with the highest online fraud rates are Israel, Malaysia, Egypt, Pakistan, Ukraine, Russia, Bulgaria, Romania, Lithuania, Nigeria, and Yugoslavia.
The lockout mechanism is a type of fraud prevention system meant to deter fraudsters who use automatic card number generator programs. These programs circulate in underground fraud forums and can generate hundreds of “valid” credit card numbers. The fraudster will typically try hundreds of numbers on your website until he finds some that are valid and will then charge the accounts to their limits.
To prevent this fraud, merchants can
Lockout transactions from a particular IP with a large number of credit cards declined within a set time.
Disable transactions that fail the AVS test (since the fraudster will not have the account’s address. When you detect such actions, you should to immediately prevent orders from the originating address.
Risk scoring tools are based on statistical models designed to recognize fraudulent transactions based on a number of rules. When a payment is done on your website, the tools will indicate the probability of the transaction being fraudulent. A higher probability of a transaction being fraudulent indicates that you should verify the order.
Risk scoring tools provide a case by case evaluation and will flag transactions based on the rules you choose such as AVS failure test, IP range, use of anonymous emails, billing address and others.
How to protect your ecommerce store for payment fraud
According to the association of certified fraud examining the almost 50% of small business fall victim to fraud at some point in their business, costing then an average of $114.000 per occurrence.
Apart from scamming and hacking, if someone accept a fraud payment then they can financially be held responsible for the loss incurred by them. To be able to deal with the fraudulent transaction the chargeback process and the potential hit to your company’s reputation is unpleasant to say the least.
But there are some best practices for online business who want to be proactive about ecommerce fraud prevention to keep their ecommerce store safe from hackers.
Two types of online store fraud
1. Account takeover
Most of the ecommerce stores provide customers with accounts that store personal information, financial data and purchase history. Perpetrators can hack these accounts by scamming schemes. The use of bots has also been used to obtain confidential information from customers.
- Identify theft
Many businesses take many precautions to secure customer data, fraudsters still manage to hack into data bases and steal usernames, password, credit car numbers and other personal information.