Home>
Merchant Communications
>
Security reminder - Protecting your business from payment fraud
Online payment fraud will exceed $206 billion by 2025. As online payments become more widespread, the reality is that card fraud will increase too.
Fortunately, there are steps that your business can take to help prevent fraud events and protect your customers. We’d like to remind you of the best practices to help prevent card testing attacks and other types of fraud.
What you can do to prevent attacks
- Be aware of the risks associated with accepting payments – read our managing fraud and risk blogs to find out how to balance fraud protection and approval rates
- Have tested incident response plans in place and ready to use to respond to fraud events
- Contact your providers quickly if you or your customers experience fraud – the faster we know, the better the chance we can put action in place to protect your business
Fraud prevention tactics
- Monitor and review the language and timezone of your customers’ IP addresses and devices. This can help you detect inconsistencies in data such as mismatch of billing address and IP and flag these transactions as higher risk
- Add IP addresses that have regular failed payment attempts to a block list for review
- Use EMV 3D Secure (3DS2) to authenticate cardholders
- Use 3RI authentication to authenticate Merchant Initiated Transactions such as subscription and recurring payments
- Lock a user’s account if they make a high number of incorrect password or incorrect username attempts
- Monitor for account usage across multiple IP addresses. This may not always be fraudulent behavior, but could indicate the need for more investigation
- Block users from using common or suspicious passwords and review logins that are using these currently
- Review customer sessions for excessive bandwith consumption, and look out for multiple transactions using different cards from the same email address or device ID
- Use random pauses (throttling) on account checking and increase these checks on BINs that see higher fraud attempts
- Implement CAPTCHA and RECAPTCHA controls, botnet detection, and fingerprint authentication
- Consider implementing velocity checks on lower transaction values as well as high-value purchases
- Use AVS (Address Verification Service) and CVV (Card Verification Value) checks
- Use anomaly detection to monitor transactions and sales patterns
How Checkout.com can help
3D Secure Authentication
Fraud Detection
Implement our Risk SDK on your payment pages

ABOUT THE AUTHOR
Tom is the Merchant Communications leader for Checkout.com, responsible for keeping merchants aware of product changes, scheme updates, and regulations. With 12 years of payments industry experience, Tom also writes blogs on general industry topics across all the solutions we offer.
Follow on Linkedin