As EMV chip cards become more and more prominent throughout the US, fraudsters are turning their attention to more vulnerable targets: online businesses. This is a widespread issue, and one that can cut deeply into your bottom line. A new study released by PYMNTS.com projected that merchants will lose $130B to card-not-present (CNP) fraud by 2023.
Maybe your business has received a chargeback before. Perhaps you’ve even had to request a chargeback as a customer yourself. With fraud, no one wins. Your customer has to deal with the initial shock of seeing something they didn’t purchase show up on their account, then the inconvenience of disputing the charge. As the business owner, you’re stuck footing the bill. But what can you do?
Creating an effective fraud detection and prevention plan is the first step. Balance is important here. You want to scare off fraudsters, but not the rest of your client base. Not sure where to get started? Here are our top tips to protect your business from card-not-present fraud:
Utilize technology to protect your business
Buying stolen credit card numbers is easier than ever. We wish we were kidding, but unfortunately, even just typing “buy credit card numbers” in your web browser’s search bar provides multiple options for unsavory characters. But if thieves can use technology to purchase stolen information, why can’t you utilize technology to protect your business?
Various tools exist to help you catch fraud before the sale. One thing your business can implement is CAPTCHA or a similar solution designed to distinguish between robot and human users. Fraudsters will often use automated programs to mass enter card information until they find a number that works.
You can also restrict the number of declined transactions on a purchase. This means that thieves testing out multiple cards will be unable to make a purchase after so many attempts. There’s little risk of this flagging an honest customer. It’s unlikely that someone will miskey their own card number five times.
Lastly, Address Verification Service (AVS) can be used to verify that the billing address provided by the cardholder matches what is on file with the issuing bank. We don’t recommend using AVS as your only method of fraud prevention, as it can result in legitimate orders being declined. Think of AVS as just another hurdle that thieves will need to overcome before they’re able to defraud your business.
Do your own research & trust your instincts
Technology and automated systems are instrumental in protecting your business from CNP fraud but relying completely on those methods will still leave you at risk and might mean losing out on honest purchases. For example, maybe a sincere customer just moved and hasn’t updated their billing address with their credit card company. Do you want to miss out on that sale?
Reviewing questionable transactions with your own eyes can help you differentiate between an understandable mismatch and obvious fraud. So, how do you know when you need to do a little more digging?
Here are some situations that should arouse suspicion. If you run into any of these, it’s a good idea to review the purchase before approval:
- Billing and shipping addresses differ, and expedited shipping is requested
- Orders that contain multiple items that wouldn’t typically be purchased together (who buys 30 iPhone cases at a time?)
- Multiple purchases made on the same day
- Multiple purchases made with different cards, but coming from the same IP address
- A request for overnight shipping
- International orders from countries in which you don’t typically have customers
If you’re curious about an IP address, you can even do some research on your own. An online IP lookup tool can quickly tell you where your customer is actually located. Here’s an example. A high-ticket item is purchased by Jane Doe with a billing address in Atlanta, GA. Since it’s an expensive item, you decide to review the order and look up Jane’s IP address: 18.104.22.168.
If you typed that into the IP lookup tool, you’d discover that the purchase was made from Berlin, Germany. Now, maybe Jane is traveling or has recently moved abroad, but before you proceed with the sale, you know that you should investigate further.
Don’t overlook the mainstays
Many thieves turn to online credit card fraud for one reason: it’s easy. Even a simple deterrent will often send fraudsters running off in search of easier prey. One of the simplest ways to discourage online credit card fraud is to add a CVV filter to your site.
CVV stands for Card Verification Value. You might also hear it referred to as the “CCV2” or a “security code.” Those three-digit numbers on the back of a credit card are more important than most would think. The vast majority of fraudsters don’t have the physical card—they’ve either purchased a list of card numbers or stolen the hacked information themselves. Either way, without actually being in possession of the card, they most likely don’t have the CVV code.
Requiring a CVV match at checkout won’t protect you from fraud 100%, but it’s a powerful tool in your arsenal and shouldn’t be ignored.
Preventing CNP fraud might seem like a lot of work, but it’s worth it. It is very hard to stay out in front of the fraudsters. What can you do to protect yourself? Request and employ technologies to mitigate CNP fraud.
CNP fraud is on the rise, and it’s up to you to protect yourself and your business. There’s no such thing as too much security when it comes to accepting cards.