Thankfully, there are basic steps small businesses can take to minimize their vulnerability. Here’s how you can minimize the risk of being a victim of e-commerce credit-card processing fraud:
1. Limit failed transactions.
There is a robust online market for stolen credit cards on the dark web. Fraudsters will buy credit cards by the dozens and use them to purchase e-commerce merchandise–especially from small businesses because smaller companies have fewer protections than larger business.
Thankfully, fraudsters who use stolen credit cards are often sloppy or have incomplete information about the victim cardholders. As a consequence, they often use software to guess at things like .cardholders’ zip code or CVV code, and with a payment gateway that isn’t properly configured, they can guess thousands of times via software, until they guess the right answer.
By simply limiting the number of failed transactions that process through the payment gateway before a card is completely blocked, you effectively limit the number of “bad guesses” that a fraudster can do. Generally, setting the number at two to three failed attempts is sufficient to ensure that legitimate customers can fix a typo, while also being a low enough number to ensnare most fraudsters attempting to guess at cardholder information.
2. Limit damage by flagging large transaction sizes.
Chargebacks and fraudulent transactions are bad, no matter the transaction size. They’re potentially devastating for small businesses, however, when the transaction size is large. Large transactions typically have higher underlying costs for the small business and the amount of money that must be refunded to the actual defrauded cardholder is higher.
These facts, combined with the fact that fraudsters typically try to push through larger transactions (in order to make their windfall larger), mean you should set up your payment gateway or CRM to automatically flag transactions over a certain threshold. For example, it could be anything more than 20 percent of your average ticket, or it might be a flat dollar threshold.
In any case, once a transaction is flagged it should be manually reviewed. The goal is to look for any other suspicious activity. If anything arouses suspicion, call the customer and reverify the transaction.
3. Flag non-AVS match transactions to ID employee fraud.
One of the largest areas of fraud in any small business–retail or online–is employee perpetrated fraud. In the e-commerce space specifically, this can take the form of employees stealing a customer’s credit card information and then attempting to use it to push through additional purchases.
By requiring each transaction to include a manually entered address match (a.k.a. AVS match), you can catch many of these transactions. Here you can configure your payment gateway to either block all non-AVS match transactions or merely flag them for manual review. Sometimes merely flagging them for review is actually a better technique for identifying employee theft because the employee will believe that the transaction was successful, thus leaving a paper trail for identifying him/her after flagged transactions are reviewed that day.
4. Track IP and use software to look through proxies.
Most high-risk payment gateways will allow you to restrict the IP of the purchaser to certain country codes. This is something you’ll certainly want to do as many purchases originating from outside your target market may be fraudulent.
In theory an IP filter means that the customer must be purchasing from a computer located in an “approved country.” And while that filter is effective against amateur fraudsters, true professionals use proxies to make it appear that their computers are located in an approved country.
Therefore, it’s important to not only track a customer’s listed IP, but also use fraud prevention software in conjunction with your payment gateway which will look through the listed IP and identify any proxies.
Don’t Be a Victim
Accepting credit cards is an essential part of any small business’s payment strategy, and increasingly, allowing customers to pay online is as well. Unfortunately, along with the benefits of accepting credit cards, comes the increased risk of e-commerce fraud.
As a small business, you’ll especially be targeted by employees and fraudsters that hope to catch you unaware. Thankfully, by taking some basic steps in payment gateway configuration and by purchasing front-end fraud identification software, you can minimize the risk for your company.
Comments
Post a Comment