How can merchants protect themselves from chargebacks?
Find all the information about chargeback in e-commerce here:
Online transactions are 12 times more susceptible to be subject to fraud than in-store transactions. Internet payment fraud is constantly increasing, seemingly unstoppable, according to the Nilson Report. While the increase is not surprising, the speed to which it is spreading is. Between 2013 and 2016, the number of online credit card fraud cases jumped by 19%. In 2017, for every 100 dollars spent online via cards, 7.15 cents were lost to fraud. Online fraud is much broader as just credit card fraud. Cybercriminals are creative when it comes to finding new ways to attack e-commerce transactions.
Online fraud is a crime in which individuals are deprived of funds, personal property, interest or sensitive information via Internet. Payment fraud can take the form of fraudulent or unauthorized transactions, lost or stolen merchandise and false request for a refund, return or bounced checks. Here are some common types of online fraud.
The type of fraud causing the most worries among merchants and consumers is identity theft. Criminals engaging in identity theft will carry out transactions using a different identity, taking over someone else’s. In online identity theft, fraudster will primarily target cards, as not much is needed to carry a “card not present” transaction. First, the criminal will acquire personal information, e.g. names, addresses, credit card or account information. With these, they can, for example, order items online under a false name and pay with a credit card belonging to someone else.
Fraudulent websites, emails or text message can be used to access personal data. This is called phishing. Alternatively, the information can be accessed through pharming, i.e. manipulation browsers to redirect customers to fraudulent websites. As clients often register their payment information to their accounts, criminals need nothing more than a password. Others means of identity theft include hacking e-commerce provider to steal customer data, malware spying for sensitive data, “man-in-the middle attacks” where communications between customers and merchants are spied on, intercepting cards sent by mail, duplicating cards used in stores or at cash machines, etc. Fraudster constantly adapt, constantly coming up with new ways to access personal data.
Merchants are susceptible to friendly fraud. The process is quite simple. Customers order goods or services and pay using a credit or debit card. After receiving their order, they declare that their card or account information were stolen, initiating a chargeback. The customer gets his money back and keeps the goods or services ordered. Alternatively, criminals might use re-shipping, using an intermediate or middlemen to avoid sending the purchase to their home address. This type of fraud is especially costly for merchants, as most payment service provider will charge an extra fee for chargebacks.
A more complex type of fraud is clean fraud. Here, fraudsters make purchases using stolen credit cards information and manipulate the transaction to avoid the fraud detection mechanisms. This method therefore requires a deep knowledge of the fraud detection systems. More personal data is required, with great accuracy. For this reason, fraudster often first test the stolen data with small purchases.
Affiliate fraud can be used to attack any payment method, either through a fully automated process or real people using fake accounts to log into merchants’ website. The aim is to get more money from an affiliate program by manipulating traffic or signup statistics.
As the name suggest, triangulation fraud is based on three points. First, credit card and address information are collected through a fake online store, offering extremely reduced high-demand goods. Then, the goods are purchased in a real store, using other stolen card data, and shipped to the original customer. Last, the stolen credit card information is used to make other purchases. This fraud often flies under the radar for a longer time, as the order data a credit card numbers are almost impossible to connect at this point.
Online shoppers and wholesale businesses are target by merchant fraud. Goods are sold at a low price, but never shipped. Payment is kept. While all payment methods can be targeted, methods without chargeback options are more vulnerable.
Many industries verticals are engaging in fraud detection, for example, banking and financial branches, insurance, government agencies and law enforcement. This theme has become more crucial in the past years, as fraud attempts became increasingly frequent. Fraud is an adaptive crime, therefore, the measure taken to fight and counter it must evolve quickly. Each year, hundreds of millions of dollars are lost to fraud.
Anticipating and detecting fraud quickly allows for immediate action to lessen losses. Various data mining tools have been developed to this end, analyzing millions of transactions to determine patterns and detect fraudulent cases. The predictive models created estimate an array of factors, such as probability of fraud or value of fraud, allowing to focus the resources efficiently. Those methods are either based on statistics or artificial intelligence.
Commonly used in data mining, decision tree is a predictive modelling approach. The model created aims at predicting the value of a target variable based on several input variables. It is a combination of mathematical and computational techniques describing, categorizing and generalizing a set of data.
Decision trees take different form. Here are some examples of methods used for fraud detection. Boosting tree (or boosted tree), is the progressive creation of a set, by leading each new event to highlight the training instances previously mis-modeled. Classification tree analyses the data in order to determine which class it belongs to. CHAID, or Chi-square Automatic Interaction Detector, is based on adjusted significance testing and produces highly visual and easy to interpret outputs. Random decision forests are an ensemble learning method operating through the construction of numerous trees at training time and outputting classification and regression of individual trees.
As the name implies, machine learning is the ability for computers to learn without being explicitly programmed. In other words, the algorithms are designed to learn from and make predictions on data. In a relation to fraud data analytics, the complex models and algorithms created by machine learning help predict fraudulent transactions.
Machine learning and artificial intelligence solutions can either engage in supervised or unsupervised learning. Supervised learning is based on manually classified records of fraudulent or non-fraudulent transactions. This sample is used to train the supervised machine learning algorithm, who will then classify new events by itself.
The artificial neural network is an information processing paradigm inspired by how biological nervous systems process information. The system progressively improves its own performance through examples, without task-specific programming. Increasing gradually its success at detecting fraud, for example. Bayesian neural network, a supervised machine learning solution, is implemented notably for credit card fraud detection. This method is predominantly used in credit card fraud detection since the late 80’s.
Fraud prevention develops solutions that prevent existing and imminent risks of fraud, misappropriation or assets loss. For businesses, fraud prevention and detection can be understood as the anticipation and uncovering followed by adequate reaction to fraudulent activities (fraud, embezzlement, through actions of employees related asset losses). In other words, fraud prevention develops solutions that prevent existing and imminent risks of fraud, misappropriation or assets loss. The aim is to minimize the probability of such cases as well as the resulting consequential damage by means of preventive action. In e-commerce, real-time solution might be necessary, eliminating the threat before any damage has been done.
Preventing fraud is no easy task. While merchants and payment service provider protect themselves and their customers, often using the above described tools, some further steps are recommended for merchants.
Online retailers must comply with the Payment Card System Industry Security Standards Council (PCI SSC). Payment processor often either help merchants get their PCI compliance, or fully integrate it in their solution. Risk management and implementing the right tools will help protect businesses and customers, reducing the risk of revenue loss and chargeback fees. Monitoring transaction and a daily bank account reconciliation can eliminate further threats. Tools tracking customer IP address can alert merchants to any address linked to previous frauds. Additionally, limits can be set, for example accepting only one order per account each day. Requiring complex password from clients also helps protect them and the merchant.
AVS verify the identity and ownership of a credit card. Numeral part of the billing address, i.e. street number and postal code, are compare with the credit card record, at Visa or MasterCard for example.
The three- or four-digit security code printed on the back of credit cards, or CVV, is a security feature for “card not present” transactions. It was instaured to help reduce the incidence of credit card fraud. Asking customers to enter their CVV at checkout is an extra step towards verifying the ownership of the card.
Find all the information about chargeback in e-commerce here:
The mobile channel is the newest victim of fraudster. Learn more about the fraud in mobile payment.
There is nothing more important than data security when talking about online payment. Find out what PCI means for your payment processes.
Get your free quote in only 3 simple steps!