Credit card fraud runs rampant worldwide and while it affects everyone in the payment cycle, it costs eCommerce merchants the most.
Fraud management software is no longer voluntary for online merchants, it has become an eCommerce obligation.
Card issuers, merchants and acquirers were subject to gross fraud losses of $27.85 Billion in 2018 according to the November 2019 Credit Card Fraud Worldwide issue from Nilson Report. However, fraud costs much more than just stolen products. This number only refers to the loss of sales and products due to credit card fraud. It does not include the expenses incurred for fighting these fraudulent transactions, which increased by 15% from 2017. Fraud costs companies a significant amount of money in managing fraudulent transactions, call centers, and investigation and recovery expenses.
The introduction of EMV chip technology has greatly decreased the incidence of credit card fraud at storefronts. However, this has unfortunately increased card-not-present fraud. Card-not-present (CNP) credit card fraud plagues eCommerce retailers and is growing exponentially.
Ecommerce involves card-not-present transactions. For this reason, eCommerce carries a higher risk of fraud than retail store transactions. When making a payment through an online gateway there is no opportunity to use an EMV chip reader terminal or enter a PIN to deter fraud. It is much easier for fraudsters to use stolen card information to make a purchase. While CNP purchase volume accounts for just less than 15% of all purchases, they are still responsible for 54% of all CNP fraud.
Because of this eCommerce merchants must be vigilant in their fraud detection and prevention measures.
Merchants must protect themselves from card-not-present credit card fraud.
There are three types of fraud that afflict merchants: friendly fraud, charge back fraud, and credit card fraud. Friendly fraud is just a misuse of charge back rights by consumers. Consumers are quick to raise concerns over a payment they don’t readily recognize on their statements. Immediate access to online account information allows them to file a charge back effortlessly. The main contributor to friendly fraud is the increased fear of identity theft due to an increase in major data breaches in recent years. With this type of fraud, customers don't set out to defraud the merchant, they're just quick to protect themselves.
Charge back fraud, on the other hand, is done with malicious intent and is considered a true form of credit card fraud. Charge back fraud occurs when a consumer deliberately employs the right to charge back with the intent to get an item they have purchased for free.
True credit card fraud then occurs when fraudsters steal sensitive personal and credit card data and use it to create a fraudulent card or account. They are all each a slightly different source of fraud, but they all cost the merchant greatly.
Credit card fraud affects merchants in many ways.
Credit card fraud affects the merchant in many ways, but the most significant are money, time, reputation, and even the ability to accept payments.
The liability for accepting fraudulent transactions always falls on the merchant first. Card brands do everything they can to protect their customers and card owners carry no liability for fraudulent charges.
If a customer initiates a chargeback for purchase, it is the merchant’s responsibility to prove the customer made the purchase. Merchants must track and keep extensive sales records if they expect to protect themselves from chargebacks. It’s the merchant’s responsibility to refund the customer if they accepted a fraudulent payment for goods, costing them both the product and the money.
If a merchant cannot prove that the customer made the purchase the liability falls with the merchant and the card owner will be refunded the charges.
Unfortunately, chargebacks stay on your merchant account record. Even when you win the chargeback. If a merchant racks up too many chargebacks, they can be fined up to $10,000 and risk having their merchant account shut down. This action greatly limits the ability to accept payments in the future, not to mention creating a marred reputation with customers.
Protect yourself from credit card fraud.
The best way to start protecting yourself is to start with the right type of merchant account and implement a fraud management utility.
For the best protection, you’ll want to start with a merchant service provider who understands high-risk processing and can provide you with a merchant account of your own. This way you will have more control than if you were to sign up under an aggregate merchant account such as the type used with Square and Paypal.
It's also imperative your merchant service provider supplies you with the best high-risk payment gateway that includes a fraud detection and fraud management software. Your eCommerce payment gateway will be equipped with 3-D Secure 2.0 as well as tokenization capabilities. Tokenization replaces sensitive data, such as the card number, with a digital identifier unique to that transaction. 3-D 2.0 provides for the secure transmission of an array of customer data to the card issuer. This data will include information such as the shipping address, the customer's purchase history, and even the customer's device ID.
This information assists the card issuer in the decision to approve or decline a transaction. All of these protections provide your first line of defense against hacking attempts.
Merchants can process online, in-store and in-app payments without exposing sensitive account details. On top of that, fraud detection software is designed to employ sophisticated credit card fraud detection avoidance strategies.
What does fraud management software do?
Fraud management software lets the merchant set rules and thresholds for their transactions. Setting transaction rules aids in the early detection of fraudulent transactions. These rule-sets allow for the screening of suspicious transactions throughout the processing lifecycle.
The best part is that the software is pliable since the rule-sets can be customized to meet the merchant’s specific needs.
Fraud management features:
Merchants can easily set ‘flag for review’ or ‘deny’ rules for specific red flags. For example, larger-than-normal orders, shipping address different than the billing address, or repeated attempts at entering an expiration date or CVV number.
Set rules based on transaction amount as well as the number of transactions with the same card. Setting limits on purchase attempts helps to mitigate a fraudster making numerous purchases from the same IP address or address. For example, with a monthly subscription, the sale shouldn't process more than once a month. Multiple attempts would likely be fraudulent if there were several within the same period.
High and low transaction limit rules help to stop card testing. Fraudsters charge small amounts to test cards and will do it with 100’s of cards at a time. A low transaction limit will deter this practice.
Block specific transactions such as ones that originate from a specific country or countries, or any transaction that is “non-US”. All of these can be flagged for review as well if the merchant does not want to outright ban them.
Decline a transaction even after authorization.
Set decline exceptions allowing transactions to clear, even if one of the triggers is hit. Set ‘user bans’ based on specific users, user types, or by a set piece of data. Options for banning/flagging include data such as customer ID, email address, IP address, and more. For example, merchants can ban any purchase from a specific IP address if it is found a fraudulent card was used. This helps to block the fraudster from trying again with new fraudulent cards.
Easily access all transactions flagged for review in one spot.
An intuitive back office makes it easy to manage all of these features and more. Quickly access all transactions scoured for fraud by iSpyFraud in the History Tab. This will easily allow merchants to see which rule was triggered causing the flag. Merchants can then review transactions and either clear the flag, block suspicious activity, or cancel the charge if felt to be fraudulent. This will all help to mitigate the incidence of chargebacks due to malicious activity.
All merchants who are processing transactions should take steps to prevent fraud. But with such a high risk of credit card fraud, E-commerce merchants must be more vigilant than most. In fact, they shouldn't process any transactions without taking fraud detection and prevention measures. Fraud management software is the easiest and best way for eCommerce merchants to protect themselves and their customers.
While all Ecommerce is at risk, certain merchants are targeted more than others. Among businesses targeted the most are ones who offer membership websites, online dating or gambling, or adult content.
Managing credit card fraud effectively requires a combination of utilizing tools and your processor’s expertise to employ a strategy for detecting and fighting fraud. At Bankcard International Group, we take secure payment processing seriously. We pride ourselves on providing our clients with the most cutting edge products to allow them to accept payments securely.
High-risk payment processing requires expert level experience paired with strategic partnerships. With over 2 decades of high-risk payment processing experience, we know how to provide you with the merchant services you need at a price you can afford.
Call one of our ETA-Certified Payments Professionals today and experience the “B.I.G. Difference”.