Halloween is right around the corner, which means a lot of kids wearing masks. In the world of trick or treating, kids are rewarded with candy for pretending to be someone they’re not. This age old tradition of trick or treating and eCommerce fraud have a lot in common. Fraudulent shoppers will visit your website looking to make a purchase and some will mask their identity or pretend to be someone they are not in order to complete a purchase. Though masks are cute for Halloween, you certainly don’t want your website to fall victim to the tricks of a fraudster. In fact, without proper fraud protection you may be tricked into giving away your product or service for free, incur chargeback fees or penalties, and damage the reputation of your brand.
Equipping your website with proper fraud protection will prevent fraud losses by unmasking shoppers who may otherwise visit your site in complete anonymity. Three of the tools your fraud protection service should incorporate to prevent your site from being tricked are; device fingerprinting, proxy piercing, and velocity thresholds.
Device fingerprinting enables merchants to associate certain device anomalies with fraud patterns, making it easy to construct very specific rules to optimize fraud detection. For example, if a device is identified while making a purchase from your site with one set of cardholder data and that same device returns to your site with a completely different set of cardholder data later, a fraud pattern may be identified. This is similar to a trick or treater showing up at your door dressed as Batman and returning later that night dressed as Eleven from “Stranger Things.” We want to make sure not to reward people for this double identity.
Proxy Piercing is the ability to look beyond the device and determine the combination of network identifiable characteristics and jointly associate them with where and how the person is accessing your site to facilitate a transaction. This allows a merchant to detect when a shopper’s IP address is being reported from New Jersey but their computer browser, device time zone, and device language indicate they are located in Russia.
Velocity thresholds regulate the volume of purchases or purchase attempts a shopper is able to make from your business. Thresholds on both completed purchases and attempted purchases are equally important. Velocity thresholds on purchase attempts enables a merchant to stop fraudsters from card testing, running a bot attack, or even multiple transaction attempts on credit cards receiving ‘do not honor’ authorization declines. Having velocity thresholds on completed purchases allows merchants to monitor for purchase limits, coupon abuse, and prevents uncharacteristic shopping patterns from turning into huge fraud loses. For example, if your business sells laptop computers a low purchase threshold makes sense as your typical shopper will not buy laptops in bulk. Recently, I had to buy Starbucks gift cards for some people in our office. After I bought the first 10, my credit card was flagged for fraud and the transaction did not go through. Although it was annoying to login to my bank account to send the transaction through, I was happy to know that Starbucks had measures in place to prevent against fraudulent transactions.
So stay safe this Halloween and protect your site against fraudsters with best-in-class fraud protection.