Fraudulent payments and chargebacks are a real problem for online merchants, and it’s forecasted to get worse. One catalyst is the U.S. roll out of EMV technology. These “chip” credit cards make it more difficult for crooks to steal point-of-sale, so thieves are expected to turn their attention to online fraud.
Fortunately, there are many easy and automated ways to reduce fraud risk. Internet retailers who develop strong fraud prevention best practices can drive loss well below 1% of sales, making it a manageable cost of doing business online.
Here are 10 practical tips for detecting and preventing fraud:
1. Use fraud detection software
There are many outstanding fraud detection systems – from basic fraud scoring to modern machine learning software. Some ecommerce shopping cart vendors have fraud detection built-in, and there are a lot of 3rd party software applications. These tools, used in conjunction with strong internal practices, can greatly reduce fraud risk and automate the task.
2. Decide what payment methods you’ll accept
As an online merchant, you’ll want to maintain awareness that not all payment methods are equal in terms of risk. Some payment methods (like AMEX) tend to favor the cardholder in disputes. Others like PayPal are relatively merchant-friendly in disputes and have seller protection using shopper verification and other techniques. And, by the way, PayPal has really been a pioneer in the area of machine learning algorithms for fraud detection. As an online merchant with fraud risk, choose the methods that best suit your business.
3. Analyze AVS (Address Verification System) codes
Your ecommerce website should allow you to see industry standard AVS codes so you can verify if the billing address entered by the shopper is what the credit card issuer has on file for that cardholder. An AVS mismatch doesn’t necessarily mean it’s fraud, but it should alert you to look closer at the order.
4. Use Card Verification Codes; CVV2 fraud prevention
Use functionality in your website payment processing to require a card verification code for all purchases. This is the 3-digit code (name varies depending on the credit card company – Visa calls it the CVV2 code) that is printed on the backof the physical card. The code is not stored in the magnetic strip, thus making it difficult to purchase without the physical card in possession. The EMV chip cards continue to use these codes.
5. Use gateway settings to ‘authorize at sale, capture before shipping’.
Usually the merchant is liable for chargebacks and fees as a result of capturing funds on a fraudulent order. By using the gateway settings to ‘authorize at sale’, you can inspect each order for fraud before you capture payment and ship the goods. (Note: not all payment gateway vendors offer this functionality, so you’ll want to choose one that meets your ecommerce needs!)
6. Map the shopper’s addresses
As the merchant, you know the shopper’s bill-to and ship-to address. Map it! You can use Google maps to see the location, satellite view, and even street view.
7. Call the shopper
As part of the normal checkout process, you collect the shopper’s phone number. If an order looks risky, call the shopper. Ask for the shopper by name. Can you get through? Who answers? Is the number legitimate?
8. Critique the bill-to and ship-to addresses
A lot of legitimate orders have different bill-to and ship-to addresses. But card thieves overwhelmingly use a different ship-to address. So critique these orders closely — especially if high dollar risk. If you want to take a very conservative stance on fraud risk, you can set a site policy to require matching addresses on credit card purchases above a certain dollar amount. Otherwise, the shopper must use PayPal. Doing this will probably limit your web sales, and increase abandoned carts. But it is an option.
One of the most important tools is to develop individual awareness and intuition about the online orders you receive. Use a critical eye and a practical mind. Even a second opinion helps, if an order looks suspicious but you’re not sure.
10. Don’t be afraid to say “no”
While you may not want to miss out on making a sale, you could end up being the real loser if you ship a fraudulent order. It’s ok to say no, and cancel a shopper’s order if you suspect that it is fraudulent. Make sure to do your research and look for all the cues listed above. If you feel it in your gut, and the data suggests fraud, you can politely decline the business.
These are but a few practices and tools to reduce online fraud risk. It’s a moving target. The fraudsters keep changing their tactics, but there is available technology and expertise to mitigate risks.