How to detect online fraud transactions and protect your business
Online activity is booming like never before. In Europe, 96% of consumers said they shopped online in the past 12 months. Similar figures are found in other geographies, also.
But as the volume of online sales goes up, so do the instances of online fraud, creating new challenges for merchants across all sectors. The Cyber Security Breaches Survey 2020 points out that large businesses saw a 78% increase in fraud. Medium-sized companies saw a 68% increase. In the ecommerce space, fraud cost the industry $35.54 billion. So this is obviously a problem that can't be ignored.
Given the negative impacts of fraud, both direct and indirect, businesses cannot afford to stand still. Now more than ever is the time to put in place best-in-class fraud prevention practices to reduce costs, protect the business' reputation and customers.
Find the tech, data and payment solutions to stay one step ahead of fraudulent transactions here.
How to identify fraudulent transactions
As fraudsters' methods evolve, so does the technology and intelligence needed to stop them. Identifying who is behind the threats and where they are coming from is vital. And to do this, businesses need to have the right technology, support and service on hand to detect online fraud transactions and stop them in their tracks.
Who are you doing business with?
1. Use an Address Verification Service
As paying online is a card-not-present (CNP) transaction, an Address Verification Service, or AVS, will send a request at the payment gateway asking for user verification from the issuing bank.
At the point of purchase, the card user has to provide their billing address and postcode. If these don’t fully match (known as an AVS mistmatch), the transaction needs further investigation.
2. Check CVV (Card Verification Values)
Card Verification Value (CVV) — the three numbers on the back of a card take merchants a step closer to identifying online fraud transitions. If the CVV entered at the checkout doesn’t match the card, the transaction should be declined.
Also, those merchants that ask for the CVV in combination with using an AVS also give themselves the best chance of winning should the cardholder dispute the payment.
3. Use 3D Secure payer authentication
3D Secure payer authentication is a triple-threat tool against online fraud transactions. The latest 3D Secure protocol, 2.0, requires customers to provide a combination of a minimum of two of the following authentication elements:
- Something the consumer knows: One-time password, SMS code, PIN, password, personal information or security question.
- Something the consumer owns: Credit or debit card, key fob, mobile device, token, or wearable device.
- Something the consumer is: Biometric data like a fingerprint, iris scan, or facial or voice recognition.
3DS 2.0 also facilitates a richer exchange of data between the cardholder’s device and the issuer. This enables the issuer to perform Risk-Based Authentication (RBA). And, depending on the issuer’s decision, the authentication will either go through a frictionless flow — where the transaction is perceived as secure. Or through a challenge flow where the user may be prompted to provide further verification.
4. Look up email addresses
An email is practically an online passport. Checking an email is genuine is a smart idea in the fight to identify online fraud transactions. Using a reverse email lookup service is a quick way to find out who the email owner is.
5. Use device identification
Just like people, devices have unique fingerprints — ones that fraudsters can’t manipulate. Device identification analyses the computer, not the user. It looks at the operating system, internet connection and browser to see if it’s been declined or flagged for risk. This practical step can block and detect possible online fraud transactions from slipping through the net.
6. Flag large transactions
Fraudsters with stolen cards will try to pull off the largest transaction they can before the card gets blocked. So setting a limit that automatically flags transactions over a certain amount is necessary to stop any potential fraud and chargebacks. If a fraudulent charge does go through, the business will have to bear the cost, it'll damage their standing with the schemes, and their cost of accepting payments will likely increase.
7. Look for patterns
A mixture of these red flags can quickly help detect online fraud transactions. Paying attention to who the user is, how much time they spend on a website, checking their ID and the device they’re using will rapidly surface patterns you’ll know to recognize. And importantly, know when to shut transactions down.
Where are you shipping to?
Understanding a user's location is another significant aspect of identifying online fraudulent transactions.
1. Compare user location and shipping destination
Most legitimate transactions will have the same billing, shipping and IP address location. Transactions that have a big distance between different addresses should be flagged and investigated.
However, some legitimate customers may use a virtual private network (VPN) to give them anonymity online. Fraudsters also use VPNs, but when building a profile of them, other elements can be pulled in to double-check the origin of the transaction.
Learn more: what is an IP fraud score?
2. Check the shipping destination
If a business is shipping products overseas, it must do due diligence on its customer base. If any red flags are found in particular markets, it's a good idea to request extra ID verification, such as direct contact with the company, and further checks to mitigate the risk of fraud.
3. Be aware of IP proxies
Proxies are a popular tactic for fraudsters to hide behind. The proxy acts as an intermediary, passing information from one computer to another, while masking the real IP address of where the information is coming from.
Proxy piercing is a method merchants can use to identify whether the potential fraudster uses an IP proxy.
What tools can stop fraudsters and keep them out?
Preventing online fraud before it happens is the best strategy for keeping a business safe. Part of this approach is choosing a payment provider that gives businesses the data needed to understand patterns of fraudulent behavior.
However, Checkout.com finds most organizations don't receive this data — or the desired support — from their payments provider. This puts them on the back foot when it comes to fighting fraud, potentially impacting the bottom line of the business and damaging its reputation.
Checkout.com offers businesses an end-to-end platform that leverages data in order to give them a detailed view of every transaction. Businesses are also able to get advice from the inhouse teams to know how to take action. To stop fraudsters, a business should have a custom risk strategy that can be easily adapted when tactics change.
To find out more about how you can use data in fraud prevention to gain a competitive advantage, speak to our team.