Payment fraud is a serious threat to all online businesses – regardless of their size. When it comes to data breaches, larger organizations typically have the financial resources to handle the penalties, fines, and fees and eventually rebound. By contrast, smaller companies often can’t recover, with an estimated 60% going out of business within half a year of a cyberattack[1].
Fortunately, there are proactive steps you can take to help reduce exposure and provide a safer experience for employees and customers. The following outlines some of the more common types of eCommerce fraud – plus tips on how best to help protect your business.
The importance of PCI compliance
The Payment Card Industry (PCI) is responsible for setting data security guidelines for all organizations that accept, store, or transmit credit and debit card payment information. Making your payment environment secure is an industry requirement. Failure to become and remain compliant may result in penalties – even if fraud never directly impacts your business.
However, it’s important to work with a payment processor that goes beyond basic PCI-compliant data security. For the ultimate in protection, you also need fraud prevention tools such as:
- Tokenization and encryption
- An address verification service (AVS)
- Two-factor authentication (2FA)
- Hosted payment pages
- Blacklist filters for suspicious IP addresses
As an eCommerce merchant, you also need a Secure Sockets Layer (SSL) certificate to help securely accept card-based payments online. Having these security methods in place will help prevent and detect eCommerce fraud.
1. Card testing fraud
With card testing, online criminals test stolen cards by making tiny purchases of just a few cents. Once they know that a card works, they then go for bigger purchases – with you or some other online vendor.
A few pennies here and there might not seem like much. That said, consider that for every dollar in direct losses, you could end up losing more than three times as much once factoring in penalties, fees, and lost time.[2] You may likely lose sales if customers learn of the breach.
To help prevent card testing fraud, set up your payment environment with fraud management filters to help make suspiciously small transactions impossible. If your lowest priced item is $5, there should never be an online sale below that threshold.
2. Stolen credit card fraud
With this scam, criminals use working stolen credit cards to buy physical items online. They use the billing address of the customer and the shipping address of a reshipper.
Although you could reject all online transactions in which the shipping and billing addresses don’t align, you may miss out on legitimate sales. A better solution involves working with a payment processor that allows you to flag address mismatches. The sale still goes through, but only after you’ve had a chance to connect with that customer and authenticate the purchase.
3. Overpayment fraud
With this scheme, a cybercriminal deliberately overpays with a stolen card before having the difference credited back to another account that the thief owns. Fortunately, preventing this type of eCommerce fraud is simple. Only offer balances and refunds to the original funding source behind the transaction.
Speaking of refunds…
4. Friendly fraud
Friendly fraud is called so because your customers are the perpetrators. Here’s how it works.
Sarah orders a blouse online. When it arrives, however, she claims she never made the purchase or that it never arrived. Sarah then initiates a reversal of the charge through her credit card company, which allows her to get her money back and keep the blouse. Meanwhile, you’ve lost the shirt and the sale. Now you have to battle with banks and payment processors over the next several weeks or months to try and prove that the customer received the item.
Also known as chargeback fraud, this type of scam costs online merchants between $33 billion[3] and $50 billion[4] a year. While you can’t stop friendly fraud completely, you can help reduce it by disabling guest checkout, requiring two-factor authentication (2FA) logins, and adding signature requirements to all outgoing packages. The first two strategies help prevent the “I never ordered it” excuse. Requiring signatures makes it harder to claim a package never arrived.
In our increasingly connected world, fraud management is now one of the many hats that all eCommerce merchants must wear to stay in business. It’s important to understand the real threats that exist and how best to protect your employees, customers, and business.
To learn more about eCommerce fraud prevention, be sure to read the accompanying resource.
Author bio: Dori Bright is Senior Vice President of Marketing Intelligence and Small Business Market Development at Fiserv, a leading global provider of eCommerce payments and financial technology solutions, helping businesses connect with customers through physical, digital, and mobile payment experiences that drive commerce.
This information is provided for informational purposes only and should not be construed as legal, financial, or tax advice. Readers should contact their attorneys, financial advisors, or tax professionals to obtain advice with respect to any particular matter.
1 “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself,” Inc., 7 May 2018
2 “CNP Fraud Costs US Merchants $3.36 for Every $1 of Direct Fraud Loss,” Card Not Present, 30 July 2020
3 “Merchant Credit Card Fraud: a $33 Billion Problem in 2020?” Chargebacks911, 4 August 2020
4 “Friendly Fraud Will Cost Merchants $50 Billion in 2020, Says Report,” CardNotPresent, 16 January 2020
