Fighting Ecommerce Fraud
Well, it’s that time of year again; the Christmas holiday shopping season has been moved up, and as a small business owner you should know what that means. In the past, this would be the time of year every business owner looks forward to. But it seems like small businesses cannot catch a break these days.
Consumers have received stimulus checks, businesses are reopening, and people are going back to work; consumer spending is rebounding, and consumers are ready to buy. Because of repercussions from the Coronavirus shutdown, consumers have been advised to start their Christmas shopping early. Many stores have empty shelves since so many of our products are shipped here from Asia and Europe and ports around the country are backed up, which is resulting in supply chain bottlenecks reaching from longshoremen, to truckers, to the warehouses where the products you are attempting to sell are stored. So, what should be good news is tempered a bit.
Whether you have a brick-and-mortar business with an online presence, or your business is strictly Internet based, Christmas should be the “most wonderful time of the year” when it comes to sales. Unfortunately, while you are dealing with trying to get the product sold and in the hands of your customer, there are criminals out there that are going to do their best to cut into your profit margins.
What is Ecommerce Fraud?
Ecommerce fraud covers a wide range of situations. In a nutshell, it is any fraud that occurs as the result of an online purchase. Identity theft can fall under this category, as well as the obvious credit card fraud, friendly fraud, and refund fraud. As more businesses have transitioned to ecommerce, the instances of fraud have grown exponentially as have the methods of committing ecommerce fraud.
In the early days of the Internet, a popular method of committing credit card fraud was a thing called “credit card banging.” This occurred when a membership site might use the member’s credit card information to enroll the member in several sites. The main harm this caused to small businesses is that people became wary of making online purchases. Today, this method has evolved to target the ecommerce merchant; you may know it as card testing, account testing, or card checking.
A couple months ago, a new cybercriminal site reportedly leaked one million stolen credit card numbers and as one might imagine, trying to verify whether one million credit cards are valid or not, with the correct CVV number, expiration date and zip code, would be quite time consuming. Fortunately for the criminals, and unfortunately for the banks and merchants, scripts are available that will allow criminals to test hundreds of credit card numbers every hour. These stolen credit cards will be tested by purchasing hard goods, buying virtual services, paying bills, and even making donations to charities. The reality is if you accept credit cards over the Internet you are subject to being a potential victim of ecommerce fraud.
The Cost of Card Checking
Card checking can appear innocent enough; a customer is attempting to make a small purchase with their credit card and the card was denied for one reason or another, so your customer decides to use a different card which works. Unless you are paying very close attention, you probably did not even know that your customer had one card denied; you just know that you made another sale.
The problem is that the merchant paid a small fee for both of those transactions. If a cybercriminal is running a script that tested 20,000 credit cards, that is $4,000 in fees assigned to your account! Even if you did make a few sales from those tests, you can be sure that these will result in chargebacks and the associated chargeback fees. Excessive chargebacks can easily cause you to lose your existing processing and classify your buiness as high risk, which will result in higher processing fees for you when you find a new proc
Protect Yourself against Card Checking
Virtually every merchant that accepts credit cards is a potential victim to card checking but it really is one of the easiest ecommerce fraud methods to avoid. And you can do that by adding captcha to your checkout page. Any decent shopping cart should have this option available, and you should absolutely use it.
You can have the best shopping cart known to man, but if you do not set it up properly it will not be of much use in minimizing fraud. Fields you want to ensure are set up properly include requesting the CVV code, checking addresses and zip codes, limiting checkout attempts, and blocking multiple transactions from the same IP address. Making the customer sign up to your site as opposed to making the purchase as a guest can be another effective way of minimizing fraud attempts because criminals do not typically want to go through the additional work.
If you find yourself hiring seasonal help that has access to the purchase gateway, be sure they get their own login/password and when the seasonal work ends, terminate those accounts. You should also make a monthly habit of changing the logins/passwords of your regular employees.
While you will want to be especially vigilant during the holiday season, the fact is that because of this pandemic, the growth of ecommerce is faster than ever and is not likely to slow down. This means it is more important than ever for you to maintain your PCI compliance and have a merchant processor with the experience to help you minimize these threats. Contact MobiusPay with any payment processing questions.
This should be a profitable time of year; make sure it is you and not cybercriminals that are turning a profit. Good luck!Return to Blog