How to Detect and Prevent Credit Card Fraud
Ecommerce has made it easier than ever for merchants and consumers to conduct business online. Unfortunately, cybercriminals and thieves can also steal without leaving their houses.
Credit card fraud has become somewhat of an epidemic. According to a recent report, 56% of Americans have been victims of online fraud.
While enhanced hardware and EMV chip cards have helped reduce the risk of fraudulent transactions in physical store locations, online fraud has been growing at an astronomical rate.
Today, card not present fraud is now 81% more likely than card-present fraud.
Anyone with an ecommerce website needs to read this guide. If you have a brick-and-mortar presence as well, you should also check out our resource on credit card processing fraud prevention for merchants.
Types of Online Credit Card Fraud
Before you can stop online credit card fraud, you need to understand the different ways that it can happen. These are some typical online scams you’ll see in the ecommerce industry.
Phishing Fraud
Phishing occurs when a hacker uses someone else’s information online. This is also known as account takeover fraud.
These attacks work by convincing victims to voluntarily disclose secure information, such as login details for an email account or customer profile. This can give the thief access to stored payment information on various online shopping websites.
Friendly Fraud
Sometimes people don’t realize that they are committing fraud.
For example, let’s say a customer orders something from your ecommerce website. Instead of returning it, they simply file a chargeback with their credit card company.
As the merchant, you lose the money, but the product stays with the customer. Sometimes, this is an honest mistake, known as “friendly” fraud. But other times, people will intentionally take advantage of the system.
Refund Fraud
Often enough, cybercriminals don’t want physical goods; they prefer to have cash.
So it’s common for thieves to buy something online with a stolen credit card, and then return it using a card issued to themselves. It’s a quick scam for getting credits on their statements.
Card Testing Fraud
Before making lots of large purchases, it’s common for criminals to test stolen credit card information by making a small purchase.
If the transaction processes, they’ll start making larger purchases with a valid card before the victim has a chance to realize what’s happening.
True Fraud (Identity Theft)
Identity theft occurs when a criminal knowingly and illegally gets ahold of someone’s personal information. They make online purchases under that person’s name, and the victim is stuck with the bill.
According to Experian, credit card fraud is the most common type of identity theft.
Banks and credit card companies have made it easy for fraud victims to dispute these transactions to get full reimbursement. The liability usually gets passed to the merchant. So you’re out on the money, as well as the cost of goods sold.
Pagejacking Fraud
This is also known as website redirection fraud.
Advanced hackers redirect traffic from one site to another one that looks exactly the same. If a customer doesn’t recognize the redirection, they might unknowingly enter sensitive information (like credit card details) into a fraudulent page.
Signs of Credit Card Fraud
There are certain red flags that should tell you if a transaction is suspicious. Sometimes just one of these signs won’t be enough to assume it’s fraud. But if you see multiple red flags on one transaction, you should consider shutting it down.
Unmatched Addresses
Sometimes, there are perfectly legitimate reasons why a billing address and shipping address won’t match. It’s possible that a customer is just sending a package to a friend or family member.
With that said, a thief will almost never send a package to the victim’s billing address. So an unmatched billing and shipping address is usually the first sign of potential fraud.
Unusual Item Quantities
Obviously, it’s normal for people to order more than one of an item. But certain quantities should definitely draw a red flag.
Unless it’s coming from one of your normal B2B accounts, most people aren’t buying 200 speakers or 500 pairs of headphones. These types of transactions will almost always be fraudulent.
Larger Ticket Size
If the average ticket order of your ecommerce site is $50 or $100, you should be raising some eyebrows if one person is buying $5,000 worth of merchandise in a single order.
Before you start celebrating the big purchase, make sure you verify that it isn’t fraudulent prior to shipping anything.
Multiple Orders to the Same Address (With Different Payment Methods)
Are you shipping multiple orders to one address? That may not be unusual.
However, it’s very suspicious if ten different orders are going to the same address, and each order was paid using a different credit card.
Abnormal International Orders
How often do you get a sale coming from an international country?
If the answer is never, and international orders start coming in out of nowhere, it could be a sign of credit card fraud. This is especially true if your company isn’t marketed anywhere outside of a local region.
Tips and Best Practices to Prevent Online Credit Card Fraud
According to a recent merchant survey, these are some of the most effective tools to prevent fraud.
Not all of these will be necessary or realistic for an ecommerce website. For example, if you’re selling t-shirts online, you don’t need to run a credit check on your customers or have them go through a two-factor phone authentication process.
It will be hard to sell anything if you start making people do this.
Instead, follow these quick tips and best practices to protect your business from fraudulent online transactions:
- Address Verification System (AVS) — Detects a mismatch between shipping address and billing address.
- Device Fingerprinting — These tools can detect if a specific device has been flagged in the past for making fraudulent transactions.
- Implement Easy Return Policies — This will help reduce the risk of chargebacks and “friendly” fraud.
- Manual Screening — Train your staff to recognize the signs of credit card fraud before they fulfill an order.
- Remain PCI-Compliant — This isn’t a suggestion. Your merchant account must be PCI-compliant to protect your customers’ credit card information.
- Analyze Actual Fraud Cases — If you’ve processed fraudulent transactions in the past, figure out how it happened, and learn how it can be prevented moving forward.
- Use Encryption and Tokenization — This is part of being PCI-compliant. It’s also pretty standard with most payment gateways today.
Consider developing a fraud scoring model, which will encompass multiple tools and methods for identifying and preventing fraud. If a transaction has numerous red flags, it should be investigated as fraud.
Final Thoughts
Credit card fraud is a concern for all merchants. But ecommerce retailers are the most vulnerable.
You don’t have the luxury of processing chip cards on EMV terminals, so it’s easier for cybercriminals to make fraudulent transactions using stolen credit card information on your website.
Understand the common signs of credit card fraud and implement the best practices that I’ve listed above as prevention methods.
0 Comments