fraud-prevention

‘Tis (Almost) The Season: 9 Ways to Guard Against Fraud
By now, holiday online retail trends should be no surprise to merchants: both sales volume and fraud rise dramatically. Last year, fraud attempts were up over 30% during the holiday season, and the trend is sure to continue in the 2017 holiday shopping season.

Merchants should keep tight reigns on fraud prevention and risk mitigation year-round; however, the holiday season often calls for extra measures. While we’re still several months out from the peak period, merchants need to start thinking about fraud prevention measures now to be prepared in time. We’ll break down nine different ways online merchants can prevent fraud this holiday season – and beyond.
1. MasterCard SecureCode and Verified by Visa – These are both 3D Secure protocols that ensure the person attempting the purchase is the owner of the card prior to authorization. Not only do these tools cut down on fraudulent transactions, but they boost consumer confidence that their information is being verified and protected.
2. Address Verification Service (AVS) – This is another tool that validates whether the person using the card is the cardholder or not. It works by validating the billing address offered at the time of purchase with the one on file with the issuer during authorization. If the authorization is approved and the AVS response indicates a match, merchants can proceed with the transaction.
3. Card Verification Value 2 (CVV2) – This protocol requires the purchaser to enter the three-digit security number printed on the back of a Visa card to verify that the customer making the purchase is in possession of the actual payment card.
4. Tokenization – Payment tokenization eliminates the need for merchants to handle or store payment data. Instead, sensitive payment data is replaced with a unique identifier – called a “token” – while the actual payment data is stored in a third party data center.
5. Chargeback alerts – Some third party solution providers offer chargeback notifications that alert a merchant when a dispute is filed with an issuing bank in the solution provider’s network. This gives the merchant an opportunity to handle the dispute directly with the customer rather than after the entire chargeback process has already occurred. Since chargebacks result in fines and penalties for merchants, it is optimal to address disputes before they turn into chargebacks.
6. Device fingerprinting – A device fingerprint is a pattern of online behavior that is identified and attached to a particular device. It can be used to identify devices which have previously been known to commit credit card fraud or online identity theft, making it easy to block purchases and transactions from those devices.
7. IP geolocation – IP geolocation can be used to identify anomalies in CNP transactions that may signal fraud. For example, if a billing address and zip code associated with Chicago is entered during the purchase authorization, but the IP address is located in Brazil, this could signal possible fraud. Depending on the type of tool, it may block the transaction altogether or route to a manual review team for further research.
8. Behavioral modeling/profiling – Some third party payment solution providers have created algorithms based on machine learning technology that enable behavioral modeling and profiling. This rules engine can identify and detect potential fraud based on anomalies to established behavioral patterns associated with payment card data. When “out-of-the-ordinary” patterns or behaviors are identified, the engine alerts the merchant to the inconsistency. From there, merchants can decline the order or submit to manual review for further authentication.
9. Big Data – Merchants can tap into multiple data sources in real-time to identify inconsistent or anomalous transaction behavior. Some tools gather social data to detect inconsistencies in location or other identifying information. Some solution providers offer access to negative information databases and behavioral databases, which merchants can use to sniff out suspicious orders and route them for additional verification or review.
The best bet for merchants looking to curb fraud this holiday season is to employ a tailored combination of some of the tools and protocol listed above depending on their unique needs. There is no silver bullet when it comes to fraud prevention, but having a fine-tuned, layered suite of tools that can be adjusted in real-time proves to be the most effective strategy.
Payarc

November 15, 2021

Fraud Prevention, Industry Insights, Security

fraud-prevention
Top 5 Tips to Preventing Fraud in the Wake of Big Breaches

“Data breach” is a term no one likes to hear. It causes customers to lose faith in the retailers that put their sensitive payment card data at risk, and it triggers a massive scramble to recover from the fallout for the retailers that are targeted by hackers.

In the wake of what is arguable the worst breach of all time at Equifax, many merchants are re-thinking their data security strategy altogether. On top of that, many merchants must consider the long-term ramifications from breaches, including identity theft and increased fraud.

Card-not-present (CNP) merchants, in particular, face a daunting reality: it is very difficult to be 100% sure that the person using a payment card online is who they say they are.

That said, there are some steps merchants can take to guard against true fraud chargebacks and protect their bottom line.

1. Get back to the basics

Merchants should always use authorization methods like CVV2 verification and AVS authentication. The former ensures the buyer is in possession of the payment card being used by asking for the three-digit code to complete a purchase. AVS authentication allows merchants to verify the billing address provided by the purchaser with the one on file at the issuing bank. These are baseline tools that merchants should always be using to authenticate online transactions.

2. Use social data for authentication

Merchants must become as shrewd as fraudsters when it comes to fighting online fraud. One way to do this is by using social data verification. Merchants can combine social media profile information with other trusted sources of data to verify the identity of someone attempting a purchase online. Given the degree to which the public has become active on social channels, this is becoming a more effective fraud prevention tactic.

3. Device fingerprinting

This can be an effective anti-fraud measure for online merchants. By tracking the characteristics of devices that log onto your website (browser, device model, screen size, etc.), certain patterns can be identified and attached to specific devices. Once a device exhibits malicious behavior, the digital fingerprint associated with that device can be tagged and blocked from making additional transactions on your site. It’s a powerful tool that can put the brakes on repeated fraud attempts from the same device, a scenario that happens when bad actors try to make purchases en masse from a repository of stolen card information.

4. Biometrics

With the announcement of iPhone X and the included facial recognition technology, biometrics have become a hot topic. As a fraud prevention method, biometrics use a person’s biological features to authenticate and verify his identity. We see this with Apple’s Touch ID, which allows users to confirm payment via their fingerprint to complete online transactions with Apple Pay. Since a person’s biological attributes are unique only to them, it can streamline and improve authentication while eliminating the need for pesky (and forgettable, hackable) passwords.

5. Geolocation

Geolocation technology enables merchants to detect the location of an IP address and flag any unusual activity. Unusual activity may include an attempted transaction from an IP located outside of a typical range of access. It may also flag transactions that originate in high-fraud areas of the world, facilitating a manual review of those transactions. Geolocation solutions are also able to identify the use of proxies – a notorious signal that online fraud may occuring by a party that wishes to remain anonymous or avoid detection.

Each of the tools and tactics described above should be considered carefully for merchants looking to fight fraud. Each merchant has unique needs and should consider the implications for the big picture.

It’s also important to remember that there is such a thing as overprotection. Employing too many fraud tools (or fraud tools that overlap) can be costly in more ways than one. When fraud controls are too tight, merchants end up driving away good customers and legitimate sales – and risk permanent alienation if the customer experience was a poor one. Additionally, fraud tools that trigger too many manual reviews can bury a merchant in the time and resources it takes to handle the load.

Merchants should understand their unique vulnerability profile from the bottom up to apply the correct set of tools to battle bad actors. Working with a payments consultant who understands your business model and the current fraud landscape can free up resources and help you focus on your core business.

Payarc

November 15, 2021

Uncategorized

fraud-prevention
Top Ecommerce Fraud Prevention Tricks for the Holidays

The holiday season is the most important time of the year for online businesses. While an increased number of shoppers are perusing ecommerce sites, an increased number of bad actors are, too. Even though Christmas is behind us, the holiday selling season is not over. Many consumers will take advantage of post-holiday sales and begin redeeming gift cards received during the holiday season (typically spending more than the gift card amount). Without the right ecommerce fraud prevention tricks, merchants are at risk for serious losses. It’s important to have the right tools in place to combat fraud year-round, but merchants are especially at risk during this busy time of year.

ACI Worldwide found that attempts to commit fraud online during the 2017 holiday season increased by 22% year-over-year. Additionally, the company found that overall online transactions were up 19% compared during the 2017 holiday season compared to the 2016 one.

This research helps to paint the picture of how prevalent fraud is in the online retail world nowadays as cybercriminals capitalize on ecommerce sites’ vulnerabilities. Here are the best ecommerce fraud prevention tricks your business should implement for the holidays.

Clearly Defined Rules and Communication

Every person involved in helping your online business run smoothly should be trained to identify potentially fraudulent activity. They should also know how to handle these situations, including working with other departments in separating true fraud attempts from false alarms.

One of the top ecommerce fraud prevention tricks is to create checklists designed to minimize risk. These checklists can be shared with team members and help to identify situations that may throw a “flag”. This may include an unusually high number of orders originating from a certain location, inconsistent patterns in purchasing behavior, or other suspicious activity. Staff should also be aware of processes for approving and declining orders as well as escalation paths for each situation.

Ideally, business owners should train each staff member to understand the fraud-prevention tools that have been implemented. This can streamline operations when orders are rushing in. It is much easier to maximize legitimate sales if each team member knows how to identify potential fraud and react to suspicious activity to prevent chargebacks and loss merchandise from taking a bite out of business.

Similarly, every team needs to be aware of what is going on during the holiday season from a marketing perspective in order to identify whether or not online traffic increased due to holiday promotions and coupons or nefarious activity. Everyone should be aware of new product releases and volume expectations to ensure that legitimate sales are not being declined due to a misunderstanding.

This is one of the most important ecommerce fraud prevention tricks as keeping the lines of communication open across multiple teams can help every staff member identify and flag fraudulent activity in real-time.

Monitor Transactions and Fine-Tune Fraud Controls

The best ecommerce fraud prevention tricks help merchants stop fraud and chargebacks, saving thousands of dollars in losses during the holidays. Monitoring sales during the holidays is integral. Ecommerce businesses should monitor accounts and transactions for any potential red flags, including billing information that differs from the shipping address.

Automated fraud prevention tools run the gamut. Consider implementing tools that identify customer IP addresses. Geolocation tools can identify transactions originating from a country that is known for fraudulent activity. Alternatively, they can also identify “high-risk” IP addresses that have been flagged for fraudulent activity in the past.

Minimize False Declines Without Sacrificing Security

Flagging “unusual” activity can be a slippery-slope for businesses during the holidays and may hamper seasonal earnings potential if fraud controls are too strict. Merchants can research the types and patterns of transactions the business experienced during the previous holiday season to help anticipate what may be expected this year. These learnings can help inform settings for fraud tools to ensure that legitimate transactions are not unnecessarily declined.

Also consider additional steps to take rather than declining a suspicious transaction outright. Instead of flagging a transaction or escalating a dispute, merchants can request that the customer authenticate themselves through additional means to confirm their identity. There should be a healthy balance between enabling frictionless transactions and properly authenticating customers. Onerous checkout experiences can impede on the customer experience and damage a brand’s reputation.

Bulking up customer service teams another way to manage customer expectations and reduce fraud. Having a well-staffed team to handle customer questions and concerns can alleviate the stress customers feel, leading to a better brand experience. It can also reduce post-holiday chargebacks from customers who use the dispute process because they were unable to easily contact a business for returns or other issues.

Our team at PayArc can help you enjoy a smooth and profitable holiday season as we implement the top ecommerce fraud prevention tools in the industry. Contact us today to see how we can help your business reduce fraud and boost sales this holiday season.

‍

Payarc

November 15, 2021

Fraud Prevention, Industry Insights, Security, Technology

fraud-prevention
What to Do About Post-Holiday Returns
Post-holiday returns are a reality for merchants of all shapes and sizes. Last year, UPS projected a whopping 1.4 million returns on January 3, 2018. Ecommerce returns are projected to smash previous numbers, meaning merchants need to get prepared.

Jared Ronski discusses tips for merchants to get a handle on post-holiday ecommerce returns to keep customers happy and chargebacks at bay.
- Have a crisp return policy
- Automate
- Keep things flexible
Providing a clear returns policy that supports automation on the merchant’s backend and flexibility on the consumer-facing side is a win-win. Merchants should conduct post-mortems after each holiday season to see what can improve and how previous years’ experience can inform future years’ policies and processes. You can read the full article here.
Payarc

November 15, 2021

Industry Insights

fraud-prevention
Secure Processing Solutions: Payments Data Security Best Practices
Retail ecommerce grew to a healthy $409.208 billion in 2017, but that growth came at a price: 16.7 million reported victims of fraud in 2017 (6.64 percent of the US population). Unfortunately, this doesn’t come as much of a surprise. With both increased rates of ecommerce transactions and consumer data on the web, fraud is becoming easier and more accessible for criminals.

This is all the more reason for merchants to buckle down and get serious about payments data security. Merchants want customers to trust that their payments data is safe, otherwise these consumers may well take their business elsewhere. Investing in a secure payment processing solution is just the first step towards cultivating a reputation as a safe and trustworthy merchant. And as anyone who has experienced identity theft knows, getting your good name back is a tough uphill battle once it’s been compromised.

The Danger of Data Breaches

Data breaches are one of the top dangers for both customers and ecommerce merchants. These aren’t just limited to big businesses: approximately 90 percent of these data breaches will impact small merchants, according to a study by Trustwave.

And this comes at a big cost, especially for smaller merchants. PCI standards indicate that the average cost of a breach is $4 million for larger websites, and the average cost for a small business can be over $36,000 — a hefty sum to bear if you aren’t a large corporation. This doesn’t even take into account the non-monetary costs that might be involved to rectify the breach, like time spent and resource allocation.

This also doesn’t take into account the damage such a data breach can have on a small business’s reputation. The Ponemon Institute has a study that indicates that a data breach can have a grave effect on any organization: 57 percent of people said they lost trust in confidence after a data breach, 31 percent terminated their relationship, and 75 percent said it had an impact on the business’s reputation. This kind of loss is difficult to quantify, since it can vary by organization size. Still, these statistics make the danger of data breaches very clear.

Data Security Best Practices

Clearly, data breaches and identity fraud are things that merchants should strive to avoid for the sake of both for their businesses and their customers. Luckily, there are plenty of tips and suggestions for beefing up your business’s security practices floating around the internet. Here are just a few best practices and requirements for maximum payments data security.
- PCI DSS Compliance: This one is a must. Formed by the major credit card companies, the Payment Card Industry Data Security Standard is a set of policies and procedures that optimizes the security of payment via credit or debit card. These procedures are important because they have methods to protect credit card data, along with ever-evolving standards for encryption, anti-malware software implementation, monitoring and risk analysis. One of the best ways to ensure your ecommerce business is at the correct level of compliance is to find a payment service provider that has already obtained PCI DSS certification and who can assure you they are up to date with the latest security technologies.
- Hypertext Transfer Protocol with Secure Sockets Layers (SSL): You probably know this better as HTTPS. This is an extension of the Hypertext Transfer Protocol for secure communication over a computer network, and is already widely used on the Internet. It’s also mandatory for PCI compliance. This uses encryption to ensure all sensitive information, including payments data, is transferred securely by making the data unreadable to all except the destination server. Implementing HTTPS on webpages with sensitive data will ensure that your payments data security is top notch.
- Two factor authentication: By combining a password and username with a second means of identification (like a code sent to a phone or email), two factor authentication providers an extra layer of security against identity theft and fraud. Allowing customer the choice to opt into two factor authentication will help them feel secure on your site.
- Tokenization: This protects sensitive information by replacing the data with random tokens that are impossible to read if intercepted. This tokenized data can only be read by a third party, like a payment processor.
- DoS and DDoS Protection: You’ve probably heard of a denial of service type of attack, where a website is bombarded by requests that overwhelm the bandwidth and render a site unavailable and vulnerable. A firewall can protect against these kind of attacks. Ecommerce sites in particular can incorporate firewalls like proxy firewalls or application gateways.
Conclusion

Maintaining payments data security is paramount for any ecommerce business. Educating yourself, implementing best practices, and selecting a trustworthy payment services provider with robust security offerings are excellent ways to reduce risk. Using payment data security best practices is essential for protected customers and a successful business.
Payarc

November 15, 2021

Industry Insights, Uncategorized

fraud-prevention
How AI & Machine Learning Are Transforming the Payments Landscape

PAYARC was recently in the news! Jared Ronski shared some insights with Business2Community.com on

How AI & Machine Learning Are Transforming the Payments Landscape. The article discussed preventing fraud, new opportunities, how AI improves efficiency, and other innovations resulting from advancements in technology. You can read the full article here.

Payarc

November 15, 2021

Uncategorized

fraud-prevention
Six Ways to Fight Fraud on Valentine’s Day – And Beyond

Valentine’s Day Might be over but you should still read this article about how to fight fraud online. Love and fraud are a match made in cyber-heaven, and they both persist year-round. Love may make the world go ’round but there’s nothing “friendly” about friendly fraud. Online merchants see it all the time – from customers who simply missed the mark at playing Cupid, or fraudsters seizing yet another opportunity to cash in – and the bottom line can really take a hit. Don’t let chargebacks break your heart; be sure you’re properly prepared to prevent and deal with costly chargebacks.

Payarc

November 15, 2020

Industry Insights

fraud-prevention

‘Tis (Almost) The Season: 9 Ways to Guard Against Fraud

Top 5 Tips to Preventing Fraud in the Wake of Big Breaches

1. Get back to the basics

2. Use social data for authentication

3. Device fingerprinting

4. Biometrics

5. Geolocation

Top Ecommerce Fraud Prevention Tricks for the Holidays

Clearly Defined Rules and Communication

Monitor Transactions and Fine-Tune Fraud Controls

Minimize False Declines Without Sacrificing Security

What to Do About Post-Holiday Returns

Secure Processing Solutions: Payments Data Security Best Practices

The Danger of Data Breaches

Data Security Best Practices

Conclusion

How AI & Machine Learning Are Transforming the Payments Landscape

Six Ways to Fight Fraud on Valentine’s Day – And Beyond