Many people don’t like to consider negative outcomes until it’s too late. Unfortunately, in the eCommerce world, fraud is one of them. The excitement of getting sales can many times blind retailers and push them to disregard preventive measures necessary to fight against fraud. That is an especially bad decision, considering that eCommerce fraud is on the rise.
According to a report created by Experian, eCommerce fraud increased 33% in 2016. Surprisingly, the continued adoption of EMV cards (those with chips), seems to be one of the primary drivers in increasing fraud transactions. While EMV cards have made in-person purchasing more secure, they also appear to be more vulnerable online.
It looks like, as long as technology advances and eCommerce use continues to rise, fraud will, unfortunately, follow their lead. For this reason, every retailer needs to be concerned about its security and make sure it plans accordingly. Otherwise, retailers can risk going into debt, or, even worse, going into bankruptcy. In this guide, we’ll explore how fraud management can help you as a retailer. Let’s start by exploring 3 factors of fraudulent transactions you need to manage.
3 Factors of Fraudulent Transactions You Need to Manage
A chargeback is the charge paid from a card company to a cardholder that disputes a merchant transaction. For instance, if a retailer charges additional fees to a customer without their consent, the customer may request a chargeback from their card company. Then, the charge is deducted from the retailer, and the customer gets their money back. The customer or buyer doesn’t directly deal with the retailer; the card company does all the work.
Chargebacks are in place to protect buyers from unlawful charges. However, fraudsters use them to their advantage to commit fraud by getting free products. Besides the obvious negative impact caused by financial loss, chargebacks carry even more burden that can harm a business.
For instance, chargeback lag, which is a 45-day delay between the time the chargeback occurs and the retailer is notified, complicates the situation even more. This means a chargeback can happen after the retailer has already processed and shipped the merchandise—at which point, it would be nearly impossible to recover the merchandise!
Merchants are given the opportunity to challenge the chargeback, but credit card companies will generally side with the customer, and the fees can go as high as $100 per dispute. It may not seem like a lot, but multiple chargebacks can add up to a hefty sum.
To make matters worse, once a merchant has hit a threshold of chargebacks, they risk an increase in fees, being labeled as high-risk, and potentially losing their processing abilities—which, for an eCommerce vendor, could mean losing their business altogether!
A false decline occurs when a legitimate transaction is rejected for being “fraudulent.” This can happen due to strict fraud identification settings that flag more transactions as fraud than the system should. They are meant to protect the retailer from fraud, but they can end up doing more harm than good if the settings are too strict. For instance, a retailer can set up an algorithm to flag high-amount transactions from new customers. Thus, if a legitimate new customer wishes to make a large order, he or she may end up getting falsely declined.
It may seem like a small issue, but merchants lose more money with false declines than they do with fraud. It’s reported that retailers lose $118 billion per year to false declines and only lose $9 billion to credit card fraud. This means that retailers lose with false declines more than 13 times as much the amount lost with fraud.
Just in 2016, false declines represented 58 percent of declined transactions. This is not only harmful from a financial perspective, it also hurts the eCommerce store’s customer experience, retention rates, and overall brand reputation. Thus, it’s no surprise that MasterCard and Javelin found that 32% of customers experiencing a false decline choose not to shop with that merchant again.
Also note that that complex fraud prevention systems can lead to slow response times, which can frustrate customers even further—imagine waiting for a long time for a transaction to be approved only to find out it’s declined. However, giving 100% instant approval or decline will increase false positives. So, the challenge is finding the right balance between security settings and flexibility to avoid legitimate transactions from being unfairly flagged as fraud. The goal is to reduce chargebacks and false decline rates while offering fast order response times for every customer.
CNP stands for Card Not Present sales. This type of sale occurs whenever a physical card is not present in a transaction, as in the case of online or over the phone sales. This type of sale is riskier for businesses because it’s difficult to verify that the cardholder is placing the order. They are also easier for fraudsters to corrupt since they don’t require any physical assets to complete the transaction.
Unfortunately, many times, card holders aren’t even aware that their card, data, or identity has been stolen until much later. At which point, the fraudster probably has piled up many charges which merchants later have to account for.
Even with strict fraud prevention management, fraudsters manage to circumvent the system. They are becoming more sophisticated and aggressive than ever before. Sadly, the “harder is better” approach does not keep the bad guys out, but it can annoy the good customers by making them jump through additional unnecessary hoops or by slowing the transaction’s response time.
An average of 15-30% of customers fails to identify proofing challenges based on PII data and life history questions while up to 60% of criminals pass, according to Gartner information. Gartner’s U.S. State Government Clients say that more of their citizens’ identities have been compromised than have not.
There are 5 different types of CNP credit fraud:
Stolen Card Data
How Fraud Can Hurt Your Business
As we have discussed, fraud is one of the negative outcomes we must anticipate and plan for when selling online. The more a business grows, the higher risk it has of getting fraudulent transactions. This growing issue is expected to cause businesses total losses of up to $6 billion by 2018. This amount includes false declines losses as well.
Since merchants bear most of the weight caused by fraud, card issuers have done little to fight it. They simply collect the charges they are owed, and the merchants are the ones left with unbalanced finances and lost inventory. It is up to merchants to protect themselves by taking the necessary fraud management measures that fit their business. Let’s go more into detail to discover how fraud can really harm a business.
4 Ways Fraud Can Hurt Your Business
Causes Losses in Business Revenues
One of the main negative impacts caused by fraud is revenue loss. It makes retailers lose merchandise to fraudsters, get chargeback fees caused by illicit payments, and waste additional money in shipping and handling fraudulent orders. These unexpected losses in revenue can completely switch the performance of a business from looking good financially to being in debt.
Increases Operating Expenses
Besides making businesses lose revenue, fraud also increases operational expenses. It requires acquiring fraud detection systems or hiring teams necessary to manage fraud, any of which demanding additional expenses. They also require extra time for implementation, monitoring, and optimization.
Harmful to Reputation
If customers know that their personal information can be at risk in your store, that may damage your reputation. Existing customers that had a bad experience will label your business as untrustworthy, and potential customers that hear about the risk will avoid your business at all costs—in turn, making you lose sales and reducing customer retention rates.
Potential Merchant Account Loss
If your account is a victim of recurrent fraud, your processor could take away your merchant account. That loss can make it harder to find another processor willing to work with you. You can be put on the TMF or MATCH list for high-risk merchants, which could result in massive processing fees or loss of your business.
How to Protect Yourself from Fraud
Identify Legitimate Sales
You want to make sure that only genuine sales make it through. However, at the same time, you don’t want to make it so strict that even legitimate sales are tough to get approved. Your good customers shouldn’t be punished because of fraudsters. You have to find a good balance—set your filters too low, and you expose yourself to a higher risk of fraud; but set them too high, and you could lose real sales from actual customers.
Having a fraud prevention plan will help you mitigate the risk of fraud and be better prepared for sticky situations, such as holiday and seasonal sales spikes. It will also provide a clear guide on how to manage different types of transactions—for instance, transactions with foreign languages, currencies, or values.
Lay the Foundation
To create your own fraud prevention plan, start by following your processor’s protocol and the PCI Security Standards Council regulations. These guidelines will help lay the foundation for your prevention plan and make sure your business is complying with CNP transaction standards.
You may need to collect additional information, such as IP addresses, or use identity confirmation services like Verified by Visa or MasterCard SecureCode. For instance, it’s recommended to ask for card verification values or CVV as long as they are not stored. PCI rules prohibit the storage of card numbers, CVVs, or card holders’ names.
Don’t Ship Online Orders Before They Are Verified and Processed
This process will reduce the risk of shipping products to customers that get declined transactions—in turn, saving you from shipping products for free. Just make sure to send the customer an immediate email confirmation and explain that the shipment will be processed as soon as the payment is approved. In this way, the customer will know what to expect.
Consider Establishing a Holdover Policy for Large Online Orders
Most credit card thefts take up to a day to be reported. Make it a policy to hold large orders for 48 hours following a purchase so you can be sure a scam hasn’t occurred. As in the case above, make sure to email customers that purchase large orders to inform them of your policy. This will avoid customer cancellations due to delayed shipping orders.
Ship Orders with Tracking Numbers and Require Signatures
This can protect you from customers who say they never received their order, and it adds a paper trail if a fraudulent transaction slips through the cracks. Also, providing a tracking number will allow you to provide a better customer experience.
Restrict the Number of Declined Transactions Allowed
Thieves who have incomplete credit card data might try submitting the same card number multiple times with different expiration dates until they find the right combination. Set your system to lock a user out after a certain number of declines.
The main goal behind a detection strategy is to verify the customer’s identity. There are many guidelines you can follow to strengthen this strategy—see some of them below:
Require the Card Verification Number (CVV).
Use Address Verification Services—this compares billing address supplied by the customer with the address on file in the bank’s database.
Match the consumer’s IP location and credit card address.
Match the consumer’s telephone area code and zip code.
Match the card-issuing country with the cardholder’s country.
Check social media and other data sources to verify the customer’s identity.
Require customers to open eCommerce accounts.
Require phone numbers for different ship-to/bill-to addresses. A common trick in credit card fraud is to use the customer’s actual billing address, but have the goods shipped to a different address where the thief can pick up the stolen goods without the customer being aware of the transaction. A good rule of thumb is to require phone numbers for both addresses if the ship-to address is different from the bill-to address.
Additionally, be alert for outlier transactions since they can be a sign of fraud. See examples of outlier transactions below:
Unusually large orders, particularly with overnight/express delivery.
Large numbers of orders being sent to the same address.
Multiple orders being shipped to the same address but ordered with different credit card numbers.
Multiple orders shipped to different addresses but placed from the same IP address.
Multiple transactions involving credit card numbers that vary by only a few digits.
Shipments using non-street addresses.
Another clever way fraudsters are tricking companies is by rerouting packages. Once an order has been placed, the fraudster follows up with customer service or the delivery provider to request a change to the shipping address or delivery type. To outsmart this type of scam, establish processes for internal teams and shipping partners so that alerts are always created when packages are rerouted. Be savvy about cross-border transactions involving freight forwarders.
When beefing up security against repeat fraud attacks, look for patterns and not individual elements. This will reduce the risk of flagging legitimate customers who happen to fulfill the fraud parameters at one moment or another. Keeping a log of negative transactions will help you better see this patterns.
Make a running record of fraud attempts, chargeback records, and problem customers. Include customer name, shipping/billing addresses, phone numbers, credit card numbers, IP addresses, and email addresses. After creating the record, share the information with merchant networks. Finally, consider adopting a fraud score and outsourcing your fraud protection. If you’re working with a limited budget and resources, outsourcing this task will save you money and time.
When evaluating detection tools, consider having a business analytics team build and/or manage your ongoing fraud score. They can also help define the score’s cutoff threshold, define queue by fraud based on store profile and analyst capabilities, manage seasonal changes, and develop reports.
Make sure you are managing your main KPIs and taking the right actions on time by performing ongoing quality checks on fraud analysts through customer service, decisions, quality, etc.
Fraud management companies like ClearSale can help with all these tasks. ClearSale has a “no singular identity assessment” method that, when used on its own, is sufficient to keep determined fraudsters out or sufficient to verify the legitimacy of an individual identity claim. It uses tools such as ID and email check, device fingerprinting (mobile and PC), and location tracking to detect fraud. It also uses velocity tools, social media checks, and data from different sources to make sure the information collected is as accurate as possible.
How Fraud Management Can Increase Your Bottom Line
The best offense is a good defense. Fraudsters might be more aggressive and sophisticated, these days, but so is fraud detection technology. Preventing fraud and recovering losses are fast becoming the most cost-effective strategies to increase a company’s bottom line. In one example, ROI was over 1200%.
Advancements in technology continue to drive fraud detection costs down while simultaneously increasing efficiency. Businesses can now generate strong ROI on fraud detection. The latest evolution of anti-fraud solutions empowers the fraud investigator to drive operational efficiency and lower labor costs in the continuous fight to tackle fraud by doing the following:
Better detect incidents of potential fraud by using more accurate rules to improve fraud detection precision and reduce the likelihood of false positives. This eliminates wasteful time investigating non-fraudulent incidents.
Prioritize the focus of investigations by using a risk-based approach so fraud investigators can first review potentially fraudulent transactions that have the highest risk or nominal value. This optimizes the allocation and usage of resources.
Improve decision-making and assessment of fraud through an easy to view and centralized environment, as well as by reducing manual tasks to gather, analyze, and review information. This increases the efficiency and effectiveness of the investigators.
Focus on your main KPIs: chargeback rates, approval rates, and analysis time.
In the case study below created by ClearSale, we can see how Avianca was able to cut chargebacks significantly with a customized fraud score and implementing a successful review process.
Embed this gifographic on your site (copy and paste the code)
Join 150+ Leading eCommerce Brands
And see how Visiture can grow your revenue online through award-winning transactional focused marketing services.
Ronald Dod is the Chief Marketing Officer and Co-founder of Visiture, an end-to-end eCommerce marketing agency focused on helping online merchants acquire more customers through the use of search engines, social media platforms, marketplaces, and their online storefronts. His passion is helping leading brands use data to make more effective decisions in order to drive new traffic and conversions.
Receive a Free eCommerce Marketing Audit Today!
Streamline the eCommerce Subscription Process: How to Generate New Subscribers
March 1, 2021
10 Innovative Ways to Garner eCommerce Reviews
February 26, 2021
How to Create Value Through Influencer Marketing and eCommerce