How can merchants protect themselves from chargebacks?
Find all the information about chargeback in e-commerce here:
The convenience of the mobile channel attracts a growing number of customers. As the popularity of the mobile channel increase, fraudsters are increasingly targeting mobile payment. LexisNexis reported that, in 2016, fraud costs were higher for m-commerce merchant, in proportion of their total revenues.
Generally, mobile payment is vulnerable to the same types of fraud as in e-commerce. The complexity of m-commerce, however, implies more weakness options for fraudsters. The lack of technological standards in mobile payment, combined with the fact that mobile apps are installed rather than navigated to, increases the complexity of content crawling and requires proprietary screen-rendering tools. The infinite number of available apps only contributes to make this task even harder. Mobile commerce is particularly vulnerable, however, since device can be easily stolen. Thieves can then make purchases through apps where the user is already logged in, notably through the “keep me logged in” option.
We have listed here some of the biggest fraud threats in m-commerce. More information on types of fraud can be found in our fraud detection and prevention guide.
The type of fraud causing the most worries among merchants and consumers is identity theft. Criminals engaging in identity theft will carry out transactions using a different identity, taking over someone else’s. In online identity theft, fraudster will primarily target cards, as not much is needed to carry a “card-not-present” transaction. First, the criminal will acquire personal information, e.g. names, addresses, credit card or account information. With these, they can, for example, order items online under a false name and pay with a credit card belonging to someone else.
Fraudsters target loyalty programs. Members’ accounts, for example, might be attacked and the loyalty points transferred to another account. Sometimes, points can be sold or transferred for monetary gain.
Merchants are susceptible to friendly fraud. The process is quite simple. Customers order goods or services and pay using a credit or debit card. After receiving their order, they declare that their card or account information were stolen, initiating a chargeback. The customer gets his money back and keeps the goods or services ordered. This type of fraud is especially costly for merchants, as most payment service provider will charge an extra fee for chargebacks.
Thieves can hack into gift card accounts and drain the customers’ prepaid card or, worst, any associated credit card, bank or PayPal accounts. Online services or physical kiosk can be used to then convert the gift cards into cash, redeeming usually around 60% of the value. For example, in 2015, the Starbucks app was targeted by hackers. Who, after gaining access to consumer’s credit card information, repeatedly reloaded gift cards through the app before gifting themselves the cards. Apps without two-step authentication are especially vulnerable to this.
Scammers can lure users into installing fake apps by making them look like those of renown companies. In 2014, a scam fooled people into paying for cheap cars through a fake version of Google Wallet, which wired the money to the fraudsters.
In 2017, the most used fraud prevention tools used in mobile payment were the verification of card security number (58%), of address (46%), fraud scoring (48%), device fingerprinting (38%), velocity checks (35%) and a complete fraud platform (47%), as reported by the annual Mobile Payment & Fraud report. Most merchants combine multiple tools to prevent fraud in the mobile channel, 44% of them using four or more tools.
The most important prevention tools are here described. More information on this topic can be found in our fraud prevention tool guide.
Also known as card verification value (CVV), the three- or four-digit security code printed on the back of credit cards, is a security feature for “card-not-present” transactions.
Credit card providers can check the address provided with the registered address. If, for example, the customer specifies a German delivery address, with an IP originating from another country, this can already be a sign of fraud.
Fraud scoring evaluate the probability of each customers to commit fraud and rank them accordingly. The higher the score, the higher the risk. This fraud detection and prevention tool can alert merchants of potential risks, allowing them to determine manually whether the transaction should be accepted or rejected. Merchants can also personalize their criteria list, e.g. the use of anonymous proxies or free email addresses.
Device “fingerprinting” remotely collects information about the buyer through the purchase device used. This can effectively help detect and prevent fraud by identifying devices previously used to commit fraud but also by determining the likelihood of a customer committing fraud, based on their signal profile.
Monitoring relationships between transaction through velocity checks help identify high-risk orders. Velocity checks are a basic fraud prevention tool. Typically, card-not-present fraudsters will test a stolen card before maxing it out through multiple transactions. Velocity checks review transactions to determine a repeating pattern over a short period of time. If, for example, the same customer information is used multiples times into a payment gateway in a designated period of time, the gateway can choose to reject the transaction, or request a manual review from the merchant. Velocity checks is made up of 3 or more variable, always including quantity, data element and timeframe. Data element checked can include, for example, the user ID, IP address or payment method.
Do you need advice in finding the best fraud prevention solution for your business? Contact us.
Request a free quote?
Find all the information about chargeback in e-commerce here:
The mobile channel is the newest victim of fraudster. Learn more about the fraud in mobile payment.
There is nothing more important than data security when talking about online payment. Find out what PCI means for your payment processes.
Get your free quote in only 3 simple steps!