Online Retailers: How to Recognize and Reduce eCommerce Fraud
Updated October 13 2016, to reflect the latest industry news, trends and insights.
Credit cards have been consistently the single largest source of payment fraud for many years. A report on the true cost of fraud found that credit cards contributed to 52 percent of all U.S. payment fraud in 2014. To combat this problem, European card issuers have fully implemented EMV (Europay, MasterCard and Visa) chip cards for more than a decade. Consequently, the technology has resulted in a 75 percent decrease in credit card fraud at brick and mortar stores in the UK over 8 years.
The success of chip-and-PIN cards to reduce fraud in Europe encouraged the U.S. to undergo a switch from traditional swipe to EMV chip cards. Credit card companies have set a deadline of October 1 for American merchants to the make the switch to EMV card readers, after which businesses will be liable for any fraudulent transactions originating from a non-EMV terminal. However, industry experts are speculating that this change will not reduce the rate of payment fraud, but instead fraudsters will make the transition from card skimming to online fraud.
Update: According to Mastercard, counterfeit card fraud decreased by almost 40 percent from Jan. 2015 to Jan. 2016.
How can eCommerce businesses detect and reduce fraud in the face of the expected surge of online fraud?
Let’s start by looking at two of the most common types of fraud that impact eCommerce.
Account Takeover Fraud
When someone’s personal information is stolen by data breaches or other means, identity thieves can use it to take over an account by pretending to be the victim. Criminals gain access to an account by using the stolen credentials and then change the registered contact information to prevent the victim from being notified of any activity. Once this has been accomplished, the fraudsters then proceed to make purchases using the account as much as possible until they lose access once they have been detected.
This form of fraud is sometimes referred to as “friendly” fraud because of how the crime is perpetrated. Chargeback fraud happens when a consumer uses a credit card to make an online purchase and then later dispute the charge with the credit card issuer once the item has arrived. In some cases, the order may actually have been placed by someone close to the actual account holder, such as a family member or friend, who has access to the account information.
Steps Online Retailers Can Take to Detect and Reduce Fraud
Required Transaction Data Fields
By making certain fields such as telephone numbers, email addresses, and cardholder name and billing address mandatory, online retailers can more easily detect attempts at fraud before they are successful. For example, the telephone area code and prefix can be looked up to ensure that they match the city and state for the cardholder’s address.
Verify Cardholder Information
Using the cardholder’s full name and mailing address, verify this information against reliable datasources using electronic identity verification (eIDV) services. Ideally, the eIDV service should have access to data from multiple sources, such as credit header information, utilities, and public records, to ensure the highest confidence that fraud is not taking place.
Send Confirmation Email
To ensure that the email address provided by the consumer is valid, send a confirmation email for the transaction. A bounced message could be a sign that a fraudster is at work, and the online retailer should consider placing the purchase on hold until a valid email is provided.
Implement Transaction Controls
As part of a risk management system, eCommerce businesses should put transaction controls in place to identity high-risk transactions. For new customers, the review limit could be set lower for the number and dollar amount of transactions. As customers become more established and build history with the business, the review limits can be loosened to allow for bigger and more frequent transactions.
Internal Negative File
By establishing and maintaining an internal negative file, online retailers can protect themselves future fraud committed by the same person or group. The file should contain key information about the fraudulent transactions including names, email addresses, shipping addresses, passwords, telephone numbers, and credit card numbers used.
While this is not a comprehensive list, Visa has provided a helpful and detailed resource with more tips for managing eCommerce risk.
Online retailers have much at stake when it comes to reducing fraud. The cost for large eCommerce businesses has increased from $2.23 in 2013 to $2.33 in 2014 for every dollar of fraud. These costs include expenses like investigation and chargeback fees. When decisive measures, including eIDV, are put in place, merchants can reduce both their risk and losses from fraud.
Download our online retail and eCommerce resource and learn how GlobalGateway, Trulioo’s eIDV product, can help you cut down on online fraud while driving top line growth and bottom line results.
What actions will you take to protect your business from online fraud?
E-commerce Fraud News
How EMV is fueling an e-commerce fraud frenzy
The rollout of EMV-enabled credit and debit cards is driving a sharp decline in brick-and-mortar transaction fraud. But now fraudsters have a different target: online retailers.
Benchmarking Hackers And Their Attack Methods
Hackers are on the loose and coming to an online merchant near you. In droves. In fact, the rate of fraud attacks is up 163 percent from 2015 – and luxury retail is at the top of the fraudsters’ checklists.