Ecommerce Fraud Prevention with a Payment Gateway
The U.S. continues to see record highs in ecommerce transactions in 2020. According to data reported in Forbes, as of May 10, 2020, the year-over-year increase in online orders is 110%. As internet payment authorization occurs without a credit card present, an increase in ecommerce activity opens the door for an increase in ecommerce fraud.
Prior to COVID-19 and the spike in online shopping, ecommerce fraud prevention was already on the minds of online business owners. Multiple sources reported increases in ecommerce fraud by 30% each year from 2016—2018, with financial losses of $7.2 billion previously projected for 2020. Online merchants should ensure that they are prepared with the proper knowledge, tools and technology to keep their revenues safe.
Ecommerce Fraud and Chargebacks
The most common ecommerce fraud activity is a transaction that is completed with stolen credit card numbers. Cyber criminals get stolen credit card data in a variety of ways: hacking into databases, purchasing stolen account numbers off the dark web, robbery, etc. While credit card companies go to great lengths to prevent the use of stolen cards, this type of fraud hurts merchants the most because it results in chargebacks.
What are chargebacks? When a consumer who, upon reviewing their credit card transactions, sees a charge (or charges) that they did not make, they initiate a process that can result in a chargeback. Here is a simplistic breakdown of how this may happen:
- Assuming fraud, the consumer contacts their credit card company to dispute the charge
- The credit card company initiates an investigation with the business that originally received the payment (assume it’s a retailer)
- The retailer responds to the dispute with the documentation requested
- If the transaction is deemed to be fraud, the funds are restored to the consumer
- The retailer is subject to fees for the reversed fraudulent payment
Chargebacks carry the potential for significant financial loss for online businesses: while the monies are returned to the credit card holder, the stolen goods are not returned to the seller. The chargeback fees levied by the merchant bank can also add up. Choosing an experienced merchant services provider, such as eMerchant, can really benefit a business owner going through this process—eMerchant can draw on its 18 years of ecommerce experience, guide the business owner and advocate on his or her behalf.
A chargeback can result from other types of fraud besides stolen credit cards. One example is Friendly Fraud. This refers to a situation where a customer legitimately made a purchase, and has the product in hand, but files a dispute as if the transaction were unauthorized in an attempt to get the product or service for free. According to one source, Friendly Fraud accounts for 18% of all fraud. If this occurs, eMerchant walks its clients through gathering the right documentation, such as a verified address and proof of delivery, to respond to the claim. Perhaps a customer merely forgot making a purchase at your online store? eMerchant always recommends that clients use a descriptor close to the store name so that customers will recognize the charge on their credit card statement.
Watch Out for Card Testing
Once fraudsters get their hands on a stolen card number, they use card testing to confirm if the card is still valid. Card testing occurs with a series of low-dollar transactions to see if any are approved. An approved transaction means they have a “live” card and can then use the number for a larger purchase on a different site or sell the number to someone else. Testing these credit cards manually can be time consuming, so more sophisticated criminals turn to botnets to test a lot of cards quickly. A botnet is a network of security-compromised computers controlled by the fraudster. These machines will rapidly test card numbers with small transactions throughout the web. Over 1,000 cards can be tested in one minute through a retailer’s ecommerce site, which can be extremely damaging to the retailer.
Most card testing transactions do get declined as the cards are already cancelled. Given the volume of tests, and therefore the volume of declines, online businesses may first notice the problem in their declines report. But, if business owners aren’t reviewing this data, they may not realize excessive card testing has occurred until they see the larger-than-normal credit card transaction fees on their monthly merchant bank statement. eMerchant recommends that online sellers monitor their transactions often, even daily if possible. We help our clients identify the right reports to use and provide tips on spotting trends that require action.
The Payment Gateway as a Fraud Prevention Tool
Most ecommerce business owners authorize transactions thorough a payment gateway: either through an API key integration with a shopping cart or by creating online payment pages. The best gateways also provide access through a secure online portal, or app, for customer invoicing, recurring billing set up and customer/transaction reporting.
Within their settings, a gateway will have a set of fraud modules to help online merchants prevent fraudulent credit card transactions. At eMerchant, our eMerchantGateway is built on industry-leading technology and provides 18 fraud modules, with multiple choices and settings, for the highest level of fraud protection. We educate our clients about all of the fraud modules available to them. At a minimum, most online sellers use the following to increase their payment security:
- Address Verification System (AVS) Response – Verifies that the billing street address and ZIP code provided during online checkout match those that the credit card company have on file. This is valuable because, if a card number is stolen, the thief may not also have access to the card holder’s address. The merchant can adjust the gateway settings so that, if there is a mismatch in the data, the transaction can be declined.
- Card ID Checker – Verifies the unique 3-digit number (VISA, MasterCard, Discover) on the back or 4-digit number (American Express) on the front of the credit card. This provides an additional assurance that the customer has the credit card in his/her possession. A merchant can choose to block a transaction if the code provided during checkout does not match the bank.
- Multiple Credit Cards – Allows you to block transactions when multiple cards are processed (and declined) within a specified period of time. This is especially beneficial in preventing excessive credit card testing.
eMerchant has developed ecommerce platform and gateway integrations with advanced fraud prevention and chargeback protection software providers. Contact us for more information if you want to maximize your fraud solution.