By now, every eCommerce business owner should be well aware that online payment fraud is on the rise. The rollout of EMV chip cards in 2015 made it harder for fraudsters to pass off a counterfeit card at point-of-sale; now, all that criminal payment activity that used to happen in person has moved online.
There were 150 million attacks in Q1 of 2018 alone—an 88 percent increase over the same time period the previous year. And eCommerce businesses are expected to have shelled out around $42 billion in chargebacks by the end of 2018. One more interesting stat: Even though most eCommerce businesses have some type of payment fraud detection mechanism in place, the declined purchases that result because of those tools will total an additional $165 billion.
Digital payment fraud won't ever go away, but you can reduce the impact it has on your business by employing a more sophisticated fraud-fighting strategy—one that minimizes both criminal attacks and unnecessary declines. Click To Tweet
Keep reading to find out more about the types of online payment fraud you should be aware of—and about the tools that protect your revenue best.
“Some people think we’ve been fighting credit card fraud forever and it’s surely been solved by now—but it’s not. It keeps evolving, and it gets harder and harder for online and mobile businesses to balance a good customer experience and their fraud rates.”
—Tricia Phillips, Kount
Beware: Types of Online Payment Fraud You Need to Know
With all the data breaches that have happened over the past few years, fraudsters have relatively easy access to credit card numbers, expiration dates, CVV codes, billing addresses, and even social security numbers. But a lot of those card numbers get stale, meaning the cardholder or their issuer realizes the information is compromised and the card is shut down.
To see if cards are still active, fraudsters test them. Card testing is when an attacker puts a low-value item—maybe just a few dollars—into a shopping cart and runs card after card on the purchase to see which ones will be accepted. Once a card is accepted, they’ll make a bigger purchase (for the item they really want) either with that same merchant or another one.
Card testing usually impacts small and mid-sized businesses in particular because they aren’t aware of it and aren’t looking for it. It isn’t a sophisticated type of attack but it can be detrimental, in part because of the additional authorization processing fees it racks up. Also, some issuers may see that a particular merchant is experiencing a card testing attack and automatically decline all transactions from that merchant, simply because there’s no pre-authorization mechanism in place. That’s why it’s important to screen for fraudulent transactions before they’re submitted for authorization.
Synthetic Identity Fraud
Another type of payment fraud is called synthetic identity fraud, where fraudsters cultivate a false identity that includes getting a credit card and bank account. They then purchase something and disappear. At some point the bank may realize it was defrauded and, in some cases, pass that cost on to the merchant. Other times the issuer ends up taking the loss because it approved the card application in the first place.
Another more sophisticated type of attack is called session hijacking. While a consumer is online making a legitimate purchase, a fraudster uses malware to capture what they’re doing; the fraudster can then “take over” the session ID of that user and start a new session in the background, using the shopper’s payment information to purchase from either the same merchant or another. This type of attack typically targets high-value goods and services that the hacker would make some good money off of, so architecting the hijack is worth the extra effort.
Lately, eCommerce businesses are also seeing a type of chargeback called friendly fraud happen more frequently. This is where people make a legitimate purchase and then either forget about it, or don’t recognize the charge on their credit card statement. Rather than calling the number associated with the charge, they simply call their bank and charge it back.
Part of the reason for the increase in chargebacks is a change in customer behavior—people are less likely to make a phone call to investigate, and more likely to charge it back because banks have made it so easy. But sometimes chargebacks are intentional, with fraudsters making purchases they intend to dispute even though the product is received.
Payment Fraud Detection Tools That Work
Fighting digital payment fraud might sound like a losing battle, but it’s not—there are tools available that work better than others.
Most small and mid-sized eCommerce businesses get fraud protection via their payment gateway. While some gateways partner up with fraud experts to provide that service, others use “homegrown” fraud solutions they’ve built in-house. For the most part, those solutions are rudimentary, and analyze just a few basic attributes of a transaction, like whether the billing address matches what the bank has on file, and whether the CVV code on the back of a card is correct. But because so much of this data has been compromised, you’re actually more likely to get a positive match on those things if it’s a fraudster than if it’s the real person. Solutions like these don’t catch most types of fraud, and they tend to impact good customers way more than they should.
The most sophisticated fraud engines use machine learning, both supervised and unsupervised, to detect fraud. Machine learning analyzes various attributes of a transaction, for instance, device ID, email address, card number, billing address, etc. Supervised machine learning looks at the history of those attributes and makes a determination as to whether they are normal or not based on a comparison with past transactions. Supervised machine learning is currently being used by a number of fraud protection platforms, and while it’s an excellent tool to have in your toolbag, it’s not sufficient on its own. It won’t do as well in detecting friendly fraud or synthetic identity fraud, for example, though it will be fairly effective for card testing.
A better solution uses a combination of supervised and unsupervised machine learning. Unsupervised machine learning looks for anomalies, or things outside the norm, that haven’t necessarily been seen before but seem suspicious—like an unusual amount of sudden activity with a particular email address or card number. Sometimes “not normal” is fine, but a lot of times it’s an indication of a new type of fraud attack that hasn’t been seen before.
Payment Fraud Management Done Right
Because fraudsters can launch an attack at any stage of the buying process—from the moment of purchase to well after the sale—your business needs a full stack of payment fraud detection tools. Insufficient protection at any stage of the game will result in unnecessary losses—and could even impact your company’s ability to process credit card transactions in the future.
Few payment gateways provide high-level protection for all types of payment fraud, but BlueSnap does thanks to our partners in fighting payment fraud, Kount and Chargebacks911. Our payment fraud detection tools cover all three phases of the buying process:
Phase 1: Stopping criminal fraud in real time.
In this phase, your goal is to identify if a card is being used fraudulently—without authorization from the actual cardholder—at the moment the order is being placed.
We’ve integrated sophisticated fraud detection tools from industry leader Kount directly into our All-in-One Payment Platform. Kount’s fraud-fighting technology utilizes supervised and unsupervised machine learning to analyze every transaction against hundreds of data points in less than 300 milliseconds, so you instantly know whether a transaction is legitimate or not. And because mobile fraud patterns don’t always look the same as fraud patterns online, it uses a separate set of criteria to identify, validate, and authorize mobile purchases. Every merchant is different—so if your business has more complex needs, you can also customize your fraud prevention strategy with one of our enhanced service options.
All BlueSnap customers benefit from this payment fraud detection technology, which greatly minimizes the number of fraudulent transactions that actually get processed.
Phase 2: Resolving disputes before a chargeback occurs.
Once a sale is made, your goal is to avoid chargebacks—and the fees associated with them. The more chargebacks you incur, the higher the fees; at some point, you may even lose your ability to process credit card transactions.
Talk to us about how a single connection to BlueSnap can meet all your payment processing needs and provide extra-strength fraud protection.
To resolve issues before they become chargebacks, BlueSnap has two types of alerts:
- Notifications of a reported dispute. Whenever a cardholder contacts their bank about a dispute, we get notification from one of our partner companies, Ethoca or Verifi, and pass that information on to you. That gives you a window of time in which to either issue a refund or contact the customer to resolve the dispute before it becomes a chargeback.
- Notifications about lost/stolen cards. When issuing banks replace credit or debit cards that are believed to have been compromised, they notify Visa or Mastercard of the date it was replaced. Then, Visa and Mastercard report to BlueSnap, informing us of every transaction that was processed on the old card number after it was reported stolen (transactions that are highly likely to be fraudulent). Having advance notice gives you time to take action before the card issuers initiate the chargeback process.
Notifications like these can prevent up to 40% of fraud and non-fraud related chargebacks, so you keep more sales.
Phase 3: Disputing chargebacks after you receive them.
If you do receive a chargeback, we make it easy for you to challenge it. Our online CaseBuilder tool, provided through our partnership with Chargebacks911, is easily accessible in the BlueSnap portal. It helps you build a case against chargebacks you believe are invalid, prompting you to provide the required information, along with supporting documentation that will give you the best chance of winning. We’ll submit the information for you and notify you when a resolution is reached.
Or, if you prefer, BlueSnap and Chargebacks911 can handle the disputes for you. We’ll automatically challenge chargebacks that seem unjustified, which lightens your load while still giving you a way to protect yourself from friendly fraud.
Looking for a payment gateway with the most complete fraud stack?
Online payment fraud is a costly issue, but it can be managed successfully with the help of the right payment gateway. BlueSnap has the most complete fraud solution in the industry, fully integrated with our All-in-One Payment Platform. As a BlueSnap customer, you’ll have access to all our payment fraud detection tools, without any additional work on your part.
To find out how our tools can solve your own company’s payment fraud management challenges, talk to us!