Credit card fraud affects everyone involved in it: the consumer whose card information is stolen, the merchant whose product is purchased, the processing bank that facilitates the transaction and the issuer who is charged with protecting its cardholders, to say nothing of Visa and MasterCard who spend millions developing products to help prevent it from happening. In previous posts we have written in detail about the various products and procedures that can be utilized to protect your web-based business from fraudulent transactions. In this post, we will offer a general overview of the e-commerce fraud prevention tools and strategies that we believe all e-commerce merchants should use to build their sales processing system around.
Firstly, however, it should be pointed out that no system is 100 percent fraud poof and yours will not be an exception. Even your best efforts will not protect you from processing a fraudulent sale or two on occasion. Whenever that happens, you will bear a certain financial responsibility. Although the merchant is just as much a victim of fraud as the cardholder whose card information was stolen, there are transaction fees that have been incurred in processing the payment and the merchant will end up paying them. On top of that, you will most likely be hit with a loss for the cost of the item that was sold and for shipping charges, if applicable.
It is important to emphasize that in credit card transactions, the payment information does not actually get to your processor until you submit your daily batch at the end of the day. The reason it is important is that it gives you some extra time to verify the validity of the orders that you accepted that day. If yours is a small business, you can probably go through each transaction every day. Larger organizations, however, will not have this option and should develop a process to set higher risk transactions aside for further review. Don’t hesitate to ask your processor for help. Remember that they also have a financial incentive to minimize fraud, just as you do.
There are several tools that were specifically developed to help e-commerce merchants fight fraud and you should take the time to get to know how these tools work and provide support for them all:
- Card Security Codes (CVV2, CVC 2 and CID). The three-digit codes on the back of Visa, MasterCard and Discover cards and the four-digit codes on the front of American Express cards were introduced as an additional tool to help merchants verify that the cardholder is in a physical possession of the card at the time of the transaction. You should never store these codes in your system.
- Address Verification Service (AVS). AVS enables merchants that accept card-not-present transactions to compare the billing address (the address to which the card issuer sends its monthly statement) provided by a customer with the billing address on the card issuer’s file before processing a transaction. A mismatch is a strong indication of fraud.
- Verified by Visa and MasterCard SecureCode. These are payment authentication systems that validate a cardholder’s ownership of an account in real-time during an online payment transaction. When the cardholder initiates a payment at the checkout page of a participating merchant’s website, a new screen automatically opens up in the cardholder’s browser. The cardholder enters a previously created password that allows the card issuer to verify his or her identity.
- Validating credit card numbers. The Mod 10 algorithm is used to verify credit card numbers before submitting transactions for authorization. Its algorithm detects all single-digit errors, as well as almost all transpositions of adjacent digits.
In addition to the tools, you should develop strategies for fighting fraud and implement them consistently:
- Understand e-commerce risk. Fraud, customer disputes, chargebacks come in various shapes and forms, yet all of them are costly, time consuming and require constant attention. You should invest the time to understand the risks associated with processing internet transactions.
- Learn how to process e-commerce transactions. Processing e-commerce transactions presents challenges that you will need to be prepared to handle.
- Learn how to handle chargebacks. Chargebacks are the single biggest reason why e-commerce businesses get into trouble with their credit card processing account. Processing banks are required by Visa and MasterCard to monitor their merchants’ chargeback levels and must ensure that the number of charged back transactions for any given month is below 1 percent of the total number of transactions. Because if their merchant’s chargeback ratio is above 1 percent they are assessed fines by the Associations, processors will suspend and close merchant account before their chargeback rates come even close to 1 percent.
- Learn how to manage authorization responses. All card-not-present transactions must be authorized before they are processed. The authorization response will typically be approval or decline. You should develop a process for handling transactions after the authorization response has been received and apply it consistently.
- Screen international transactions. International orders generate more fraud and should be scrutinized more rigorously than domestic ones. You will not be able to use AVS, unless the card issuer supports International AVS and then AVS can validate addresses in the United Kingdom. Moreover, the legal environment is different in each country and there is likely to be a language barrier that you should consider.
- Use fraud scoring. Fraud scoring is a system of predictive fraud detection models or technologies that payment processors use to identify the highest-risk transactions in card-not-present environment that require additional verification.
- Set up transaction velocity limits and controls. Set review limits on the number and dollar amount of transactions approved for a customer within a specified period of time. As you accumulate transaction data over time, adjust these limits to reflect the customer’s purchasing patterns.
- Comply with the Payment Card Security Data Security Standard (PCI DSS). The Payment Card Security Data Security Standard (PCI DSS) is a set of requirements for security management, policies, procedures, network architecture, software design and other protective measures. Compliance is mandatory for all e-commerce merchants.
Avoid?áusing voice authorizations because they bypass your processor’s?ásystems and cannot be used as supporting evidence in chargeback re-presentments. Also, whenever?áyou get an order from a new customer, check the?áprovided information and make sure there is nothing suspicious. Often, common sense is the most effective tool for fighting fraud?áthat you have at your disposal.
Image credit: Techi.com.