opinion

How to Thwart Attacks, Fraud in Payment Processing

How to Thwart Attacks, Fraud in Payment Processing

If personal fitness was among your New Year’s resolutions, great! Fitness is essential for your overall health and well-being — and the same can be said about ensuring the “fitness” of your business. To keep your business fit in terms of its overall financial health and well-being, it’s critical to have an effective strategy in place for dealing with fraud.

While it is only February now, I can confirm what all the pundits, analysts, doomsayers and I were prophesying at the end of 2021 with regards to ecommerce fraud, as there is no question that there was a record amount of attempted and successful ecommerce fraud this past holiday season. You may have noticed that I included “attempted” fraud; that is because, as expected, merchants who have enrolled in protective services from payment processors were not as dramatically affected. As I mentioned during the billing panel at XBIZ 2022 in Los Angeles, our Order Insight and Rapid Dispute Resolution capabilities have proven invaluable in preventing fraudulent purchases and disputes.

Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or user account can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks.

Since the COVID pandemic took off in March 2020, card testing has increased in popularity amongst the steal-from-home fraudsters. Card testing is done by cybercriminals to test the validity of credit card information they obtain. While the purchase may not go through, your business is going to be charged a transaction fee, say $0.20 for example. While that may not make or break you, when you have a criminal deploying a bot on your payment page that can test thousands of card numbers in an hour, those $0.20 transaction fees can add up quickly.

The thing about card testing is that virtually every ecommerce merchant that accepts credit cards is a potential victim of card testing; that being said, it is one of the easiest and least expensive means of ecommerce fraud to combat. The act of adding CAPTCHA to your checkout page will significantly reduce card testing attempts as scripts and bots can have a problem getting around it. There is no need to make it a difficult CAPTCHA as you are only trying to thwart robots, not frustrate your buyers. Any decent shopping cart will provide a CAPTCHA option.

A few other free tools are likely already available to you through your gateway provider. Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or username can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks. For example, suppose you run a membership site and offer a seven-day trial that converts into a 30-day membership. In that case, there’s no reason a single user, or more importantly, a single IP address, would need to attempt multiple transactions, since they would gain access with a single transaction. Allowing for normal declines, you could even up that number to six attempts every 30 days and still spare yourself having to worry about card testing.

Since it is the beginning of the year, how about setting up a best practices schedule for your ecommerce security? For example, set up a regular schedule for changing passwords for your individual employees as well as your ecommerce gateway. If you check out the December 2021 issue of XBIZ World, I go into greater detail on methods of fighting ecommerce fraud.

To those of you that I got to see at the shows last month, it was good to reconnect. Whether you are an existing, new or potential client, I enjoyed the opportunity to have a drink, chat, get reacquainted and get up to speed with the latest developments in our businesses. I hope you find some value in my suggestions, and may 2022 be off to an excellent start for you.

Jonathan Corona has nearly two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More