opinion

Fighting Growing Ecommerce Fraud

Fighting Growing Ecommerce Fraud

Well, it’s that time of year again, and I am not talking about pumpkin spice lattes, leaves changing colors and the roving posses of trick-or-treaters, although that’s been happening too. Because of previous pandemic lockdowns, consumers have been advised to start their Christmas shopping early — which means the Christmas holiday shopping season has effectively been bumped up. As a small business owner, you should know what that means. In the past, this would be the time of year every business owner looks forward to. But it seems like small businesses cannot catch a break these days.

First, the good news: consumers have received stimulus checks, businesses are reopening and people are going back to work. As a result, consumer spending is rebounding and folks are ready to buy. The bad news: unfortunately, many stores have empty shelves due to shipping challenges and supply-chain bottlenecks.

Excessive chargebacks can easily cause you to lose your existing processing and you might find your business classified as high-risk, which will result in higher fees for you when you find a new processor.

Even with so much unpredictability, the holidays should be the “most wonderful time of the year” when it comes to sales, whether you have a brick-and-mortar business with an online presence, or your business is strictly internet-based. Unfortunately, while you are dealing with trying to get the product sold and in the hands of your customer, there are criminals out there that are going to do their best to cut into your profit margins.

WHAT IS ECOMMERCE FRAUD?

Ecommerce fraud is a broad topic that covers a wide range of situations. In a nutshell, ecommerce fraud is any fraud that occurs as the result of an online purchase. Identity theft can fall under this category, as well as the obvious credit card fraud, “friendly fraud” and refund fraud. As more businesses have transitioned to ecommerce, the instances of fraud have grown exponentially as have the methods of committing ecommerce fraud.

In the early days of the internet, a popular method of committing credit card fraud was “credit card banging.” In those days, card banging occurred when a website operator used a user's credit card information to enroll them in several subscriptions.

The main harm this caused is that people became wary of making online purchases. Today, this method has evolved to target the ecommerce merchant; you may know it as card testing, account testing or card checking. As you are likely aware, cybercriminals harvest credit card numbers and sell them on what is called the Dark Web. A couple of months ago, a new cybercriminal site reportedly leaked one million stolen credit card numbers to promote themselves to potential buyers.

As one might imagine, trying to verify whether one million credit cards are valid or not, with the correct CVV number, expiration date and zip code, would be quite time-consuming. However, scripts are available that will allow criminals to test hundreds of credit card numbers every hour. These stolen credit cards will be tested by purchasing hard goods, buying virtual services, paying bills and even making donations to charities. The reality is that if you accept credit cards over the internet, you are vulnerable to ecommerce fraud.

THE COST OF CARD CHECKING

Card checking can appear innocent enough; a customer is attempting to make a small purchase with their credit card and the card is denied for one reason or another, so your customer decides to use a different card, which works. Unless you are paying very close attention, you probably do not even know that your customer had one card denied; you just know that you made a sale.

The problem is that the merchant paid a small fee for both of those credit cards. If a cybercriminal runs a script that tests 20,000 credit cards, that would be $4,000 in fees charged to your account! Even if you did make a few sales from those tests, you can be sure that they will result in chargebacks and the associated chargeback fees. 

PROTECTING YOURSELF AGAINST CARD CHECKING

Virtually every merchant that accepts credit cards is a potential victim of card checking but it really is one of the easiest ecommerce fraud methods to prevent. You can do that by adding CAPTCHA to your checkout page. Any decent shopping cart should have this option available, and you should absolutely use it.

You can have the best-looking order form known to man, but if you do not set it up properly, it will not be of much use in minimizing fraud. Some countermeasures include requesting the CVV code, checking addresses and zip codes, limiting checkout attempts and blocking repeated transactions from the same IP address. 

If you find yourself hiring seasonal help that has access to the processing back end, be sure they get their own login credentials and when the seasonal work ends, terminate those logins. You should also make a monthly habit of changing the logins/passwords of your regular employees.

While you will want to be especially vigilant during the holiday season, the fact is that because of the pandemic, the growth of ecommerce is faster than ever and is unlikely to subside. This means it is more important than ever for you to maintain your PCI compliance and work with companies that have the experience to help you minimize these threats. This should be an especially profitable time of year; make sure it is you and not cybercriminals that are turning a nice profit. Good luck!

Jonathan Corona has over 15 years of experience in the electronic payments industry. As MobiusPay’s COO, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More