Fraudulent transactions represent a drain on every company’s profits, and minimising their occurrence should be a priority for any entrepreneur or business manager. Online fraud encompasses everything from identity theft and the use of stolen credit/debit cards through to merchant fraud, where bogus retailers receive payment for non-existent items. In fact, it’s hard to think of a form of online fraud which hasn’t yet been attempted.
The scale of this problem was recently illustrated in a report published by CyberSource. While their findings focused on North America, the conclusions are equally pertinent for companies on our side of the Atlantic. They claimed that one per cent of ecommerce revenue from web store operators was fraudulent in nature, with a comparable figure for mobile operators. Almost three times as many overseas orders were rejected compared to domestic ones, while manual review – the single most effective method of identifying fraudulent transactions – remains a uniquely time-resource-intensive process.
Fortunately, vigilance isn’t the only way for an online retailer to reduce the risk of fraudulent transactions. Below are other checks that every ecommerce business or online store should take to minimise their exposure to crime, theft and phishing attacks:
Don’t accept Cardholder-Not-Present payments without a CVV code.
There’s a one in 999 chance of a fraudster correctly guessing a credit or debit card’s validation code. It’s easy to install software which locks or times out multiple incorrect CVV entries.
Compare IP addresses with suggested locations.
This isn’t always foolproof, especially if consumers are using a VPN. However, someone in Nigeria attempting to order six iPads from a shop in Carlisle should be treated with a degree of suspicion.
Being forced to verify an email address deters many fraudsters from persisting as it provides another way of identifying them. CyberSource’s report indicated firms are rapidly adopting email verification rollout for this reason.
Two-factor authentication (2FA).
This is another area where companies in America are looking to increase their investment, and it’s predicted that 2FA will double in the next year. Few criminals will have stolen both account login details and the victim’s smartphone.
Sage Pay’s 3D Secure reduces Cardholder-Not-Present fraud, though it does increase cart abandonment. With the support of MasterCard and Visa, fraud detection liability shifts to the card issuer, at no cost to the retailer.
Be suspicious of account takeover fraud.
If a client who’s bought three printer cartridges from you since 2014 suddenly places a £3,000 order, a quick phone call to confirm its legitimacy seems fair. Don’t email – that could be compromised as well.
Alongside validation services, there are other ways to slash the chances of falling victim to fraudulent transactions:
These are usually in-house databases, preventing people with certain IP addresses or contact details from completing a transaction. While blacklists occasionally return false positives, many high-profile firms like PayPal rely on them.
Fraud scoring models.
Companies including Experian offer fraud scoring for credit applications, combining their own statistical models with client company data. This determines the likelihood of a particular transaction as fraudulent.
Automatic card expiry notifications.
Subscription clients may continue to receive products or services after the card linked to their account has expired. Flag this up a month in advance, giving time to contact the customer and request new payment data.
Follow industry news.
Firms like Worldpay and SAS publish regular reports on ecommerce fraud. For instance, SAS claim identity thieves have stolen $107 billion in the last six years. Knowledge is power when it comes to preventing fraud.