opinion

Fighting Growing Ecommerce Fraud

Fighting Growing Ecommerce Fraud

Well, it’s that time of year again, and I am not talking about pumpkin spice lattes, leaves changing colors and the roving posses of trick-or-treaters, although that’s been happening too. Because of previous pandemic lockdowns, consumers have been advised to start their Christmas shopping early — which means the Christmas holiday shopping season has effectively been bumped up. As a small business owner, you should know what that means. In the past, this would be the time of year every business owner looks forward to. But it seems like small businesses cannot catch a break these days.

First, the good news: consumers have received stimulus checks, businesses are reopening and people are going back to work. As a result, consumer spending is rebounding and folks are ready to buy. The bad news: unfortunately, many stores have empty shelves due to shipping challenges and supply-chain bottlenecks.

Excessive chargebacks can easily cause you to lose your existing processing and you might find your business classified as high-risk, which will result in higher fees for you when you find a new processor.

Even with so much unpredictability, the holidays should be the “most wonderful time of the year” when it comes to sales, whether you have a brick-and-mortar business with an online presence, or your business is strictly internet-based. Unfortunately, while you are dealing with trying to get the product sold and in the hands of your customer, there are criminals out there that are going to do their best to cut into your profit margins.

WHAT IS ECOMMERCE FRAUD?

Ecommerce fraud is a broad topic that covers a wide range of situations. In a nutshell, ecommerce fraud is any fraud that occurs as the result of an online purchase. Identity theft can fall under this category, as well as the obvious credit card fraud, “friendly fraud” and refund fraud. As more businesses have transitioned to ecommerce, the instances of fraud have grown exponentially as have the methods of committing ecommerce fraud.

In the early days of the internet, a popular method of committing credit card fraud was “credit card banging.” In those days, card banging occurred when a website operator used a user's credit card information to enroll them in several subscriptions.

The main harm this caused is that people became wary of making online purchases. Today, this method has evolved to target the ecommerce merchant; you may know it as card testing, account testing or card checking. As you are likely aware, cybercriminals harvest credit card numbers and sell them on what is called the Dark Web. A couple of months ago, a new cybercriminal site reportedly leaked one million stolen credit card numbers to promote themselves to potential buyers.

As one might imagine, trying to verify whether one million credit cards are valid or not, with the correct CVV number, expiration date and zip code, would be quite time-consuming. However, scripts are available that will allow criminals to test hundreds of credit card numbers every hour. These stolen credit cards will be tested by purchasing hard goods, buying virtual services, paying bills and even making donations to charities. The reality is that if you accept credit cards over the internet, you are vulnerable to ecommerce fraud.

THE COST OF CARD CHECKING

Card checking can appear innocent enough; a customer is attempting to make a small purchase with their credit card and the card is denied for one reason or another, so your customer decides to use a different card, which works. Unless you are paying very close attention, you probably do not even know that your customer had one card denied; you just know that you made a sale.

The problem is that the merchant paid a small fee for both of those credit cards. If a cybercriminal runs a script that tests 20,000 credit cards, that would be $4,000 in fees charged to your account! Even if you did make a few sales from those tests, you can be sure that they will result in chargebacks and the associated chargeback fees. 

PROTECTING YOURSELF AGAINST CARD CHECKING

Virtually every merchant that accepts credit cards is a potential victim of card checking but it really is one of the easiest ecommerce fraud methods to prevent. You can do that by adding CAPTCHA to your checkout page. Any decent shopping cart should have this option available, and you should absolutely use it.

You can have the best-looking order form known to man, but if you do not set it up properly, it will not be of much use in minimizing fraud. Some countermeasures include requesting the CVV code, checking addresses and zip codes, limiting checkout attempts and blocking repeated transactions from the same IP address. 

If you find yourself hiring seasonal help that has access to the processing back end, be sure they get their own login credentials and when the seasonal work ends, terminate those logins. You should also make a monthly habit of changing the logins/passwords of your regular employees.

While you will want to be especially vigilant during the holiday season, the fact is that because of the pandemic, the growth of ecommerce is faster than ever and is unlikely to subside. This means it is more important than ever for you to maintain your PCI compliance and work with companies that have the experience to help you minimize these threats. This should be an especially profitable time of year; make sure it is you and not cybercriminals that are turning a nice profit. Good luck!

Jonathan Corona has over 15 years of experience in the electronic payments industry. As MobiusPay’s COO, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More