Fraud prevention is a huge and growing concern for many online merchants. Glance at some of the recent stats, and it’s easy to understand why.
Studies show that cases of existing account fraud jumped from 39,407 to 44,855 between 2022 and 2023. That’s a year-over-year increase of more than 12%. All totaled, eCommerce companies lose $48 billion to fraud each year, and roughly half of US eCommerce merchants consider payment fraud to be their biggest fraud risk.
In short: you can’t afford to not be worried about fraud.
It’s undeniably important to prioritize fraud protection. But, “fraud protection” can cover a wide range of technologies and practices. Are you getting the most out of your efforts? How do you know?
In this post, we’re going to check out credit card fraud prevention best practices, as well as fraud prevention solutions and tools that can help protect your business. We’ll outline common prevention tactics, and also discuss some lesser-known fraud mitigation secrets.
Recommended reading
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- Payment Authentication: How to Verify Buyers Before a Sale
- ECI Indicators: How to Understand 3DS Response Codes
- Fraud Scoring: A "Must-Have" Tool for Fraud Management
What Is Fraud Prevention? How Does It Work?
“Fraud prevention” is an overarching term. It covers the strategies, processes, and technologies organizations use to detect, prevent, and minimize fraudulent activities and financial losses.
A proactive approach is your best bet, and that starts with identifying all your potential vulnerabilities and threats. Once you have that, you can begin putting security measures in place. You’ll also need to plan on a program of continuously monitoring and analyzing transactions and customer behaviors.
Among other things, an effective fraud prevention strategy should cover:
- Authentication and verification procedures
- Advanced data analytics
- Employee and customer education
- Compliance with regulatory standards
- Use of sophisticated fraud detection systems
The goal is to create a secure environment that stops the unauthorized use of resources, theft of sensitive information, and other deceptive practices that could harm your organization's financial health and reputation
If it sounds like a lot of work, that’s because it usually is. At the same time, a comprehensive strategy is the only way to intercept fraudulent activity before it can impact you or your customers.
Learn more about fraud detection
Know These Red Flags
Fraudsters are pros. They know all kinds of tricks for scamming you out of your money. We’re talking about account takeover, new account fraud, sophisticated tactics such as triangulation fraud, friendly fraud, and more.
The first step towards preventing fraud is knowing what to look for. Criminal tactics continue to evolve, but there are a few key indicators that remain telltale signs of fraudulent actions. Red flags to watch for include:
New Email Addresses
Did a customer create a new or temporary (“burner”) email address to make a purchase? This may be a sign that the buyer is planning to commit fraud and then disappear.
High-Ticket Value
Fraudsters want to get the most value out of their efforts. To do this, they often buy high-value goods that they can easily flip and turn into liquid cash.
Transaction Velocity
When fraudsters gain access to valid account information, they often submit multiple transactions in quick succession to maximize profits before being discovered.
Expedited Shipping
Fraudsters tend to pick the fastest shipping option. They want the goods to arrive before they’re intercepted. They don’t mind paying extra. After all, it’s not their money.
Buying in Bulk
Again, fraudsters look for opportunities to maximize their efforts. They might pick a TV or other high-ticket item, and order as many as possible before maxing out the account.
Address Mismatch
The shipping address used by a fraudster will not match the billing address kept on file with the bank or that you have listed in previous transaction records.
Repeat IP Addresses
If the same IP address is tied to multiple transactions and multiple cards, it’s a sign that the fraudster may be using information stolen from multiple consumers.
While these are some of the most common signs of fraudulent activity, it's hardly an exhaustive list. Criminals come up with new strategies every day. Defrauding you is their full-time job, which makes them resourceful. They can afford the time to learn, and will leverage new technologies, shopping channels, and industry practices before you even realize you’re looking at new threats.
Learn more about fraud red flags
Using 3-D Secure to Prevent Fraud
Of course, recognizing a fraud red flag is just part of the equation. You’ll still need to find ways of preventing the fraud. One of the most powerful tools you use is 3-D Secure (3DS), a security protocol that adds a layer of protection against unauthorized online card use.
The “3-D” stands for “Three Domain Secure,” which refers to the three parties involved in the process: the merchant, the issuing bank, and the security infrastructure that connects them.
Putting 3DS into play not only helps reduce fraud, it also shifts liability away from you if fraud does happen. Here’s how it works:
The evolution of 3DS technology — like the updated 3DS2 protocol, for example — has led to a more powerful and effective solution. 3DS now incorporates advanced technologies like biometrics for authentication and other tools to enhance the user experience without compromising security. There are more prevention tools to consider, however.
Learn more about 3D-Secure technology
Better tools. Better tactics. Better results. Learn how you can optimize your fraud prevention strategy today.
Getting the best fraud prevention results starts with using the right tools for your situation. Implementing 3-D Secure is great, but it’s really just the tip of the solution iceberg. Let’s look at other common tools you can use to screen out risky transactions:
CVV2
CVV2 is that three- or four-digit security code printed on payment cards. It helps verify that the actual cardholder is in possession of the card being used during online or over-the-phone transactions.
Learn more about CVV2
Address Verification Service (AVS)
Address Verification Service helps reduce risk by automatically checking the billing address listed in the transaction against the address registered with the issuing bank.
Learn more about AVS
Tokenization
Tokenization technology allows users to submit a randomized placeholder number (called a token) in place of sensitive personal data. Tokenization helps keep information during transmission.
Learn more about Tokenization
Proxy Piercing
Proxy piercing can be used to identify the true IP address of a user who is accessing a service through a proxy server or VPN, which hides the user's actual IP address.
Learn more about proxy piercing
Fraud Blacklist
A blacklist helps ban known or probable fraudsters. Whether these individuals are engaging in criminal fraud or other suspicious activity, establishing a blacklist can ensure they never cause trouble more than once.
Learn more about chargeback blacklists
Device Fingerprinting
Device fingerprinting is a forensic technique used to identify a device. The methodology can gather unique information based on device configurations, hardware, and installed software.
Learn more about device fingerprinting
Geolocation
Geolocation technology pinpoints the user based on the IP address associated with the order. Comparing the user’s IP address against the information on file with the issuer lets you verify the buyer’s location.
Learn more about geolocation
Liveness Detection
A biometric authentication tool that is used to distinguish between a real person and a fake representation (like a photo, video, or mask) by analyzing characteristics of a live subject.
Learn more about liveness detection
Velocity Limits
Fraudsters often make bogus transactions in rapid succession. Velocity limits, or velocity checks, scan for potential fraud based on the rate at which a buyer submits multiple transactions.
Learn more about velocity limits
Fraud Prevention: Best Practices
We’ve looked at a few of the fraud red flags, and talked about some prevention solutions you can use. But tools are just that: tools.
If you don’t have an integrated fraud protection strategy, the best tools in the world will only provide limited help.
Every company is going to be different, but this is where “work smarter, not harder” comes into play. Yes, you’ll need to tailor your strategy, but there are fraud prevention best practices that you can start today to help get a handle on fraud. We suggest that you:
Leverage AI & Machine Learning
Explore the idea of machine learning technology to help determine whether to accept — or reject — a transaction. These algorithms use past evidence and data to refine your decisioning. The more data used, the more accurate results become, meaning the system gets better over time.
Look for Multiple Data Sources
Fraud decisioning can be largely automated, but the results will be skewed if you’re only drawing on your own data. Try to incorporate fraud signals from sources beyond your own networks. That will help you identify trends faster, meaning you can react more quickly to developing fraud threats and tactics.
Authenticate Buyers Based on Risk
In many cases, things like address and geolocation can indicate that a buyer poses relatively little risk. On the other hand, some buyers may require more in-depth screening or even manual review. If you segment lower-risk transactions from riskier ones, you’ll only introduce friction when it’s most necessary.
Be PCI-Compliant
PCI standards help ensure you’re doing all you can to safeguard customers’ personal data. It protects buyers and helps insulate you from fraudulent purchases. PCI compliance is an important baseline, but it can get complicated. Full compliance often requires assistance from a third party.
Train Staff Properly
Think about your staff as your best line of defense against fraud. You won’t be able to check every transaction. You’ll want your employees to be aware of the warning signs of fraudulent activity, especially when conducting manual reviews. Be sure they're updated on emerging trends.
Keep Software Up to Date
Outdated software of any kind is usually bad news, but outdated fraud prevention solutions are less likely to intercept new threats. Older software can be exploited by fraudsters, so keep up with all software updates and patches and apply them as soon as possible.
Conduct Regular Audits
You can’t just assume that your fraud prevention solutions are getting the job done. Conduct regular audits of internal operations to gauge results. Fraud is an ever-shifting landscape, with new threats appearing daily; your prevention efforts will need constant fine-tuning to remain effective.
Learn more about fraud prevention best practices
What is Strong Customer Authentication?
It should be clear by now that payment authentication is the cornerstone of fraud prevention. Not all merchants are savvy in that area, though, so lawmakers have stepped in. Some governments are now mandating base standards for buyer verification, including Strong Customer Authentication, or SCA.
SCA is a regulatory requirement introduced under the European Union's Second Payment Services Directive (PSD2). It helps beef-up the security of electronic payments by requiring a multi-factor authentication process for electronic transactions. Specifically, it requires buyers to be verified using at least two of the following three elements:
- Something the customer knows (like a password or PIN)
- Something the customer has (such as a phone or hardware token)
- Something the customer is (fingerprints or facial recognition)
While SCA is a great move overall, it does add a bit of friction to checkout. In response, many low-risk transactions may be exempted based on transaction risk analysis.
This is where algorithms analyze the risk level of a transaction in real time. It determines whether SCA is necessary, taking into account the amount of the transaction, the payment history of the customer, and any abnormal spending patterns.
Learn more about strong customer authentication
Take the first step toward a more effective fraud prevention strategy.
Automated Decisioning & Fraud Scoring
Many of the fraud prevention strategies we’ve talked about above incorporate automated decisioning and fraud scoring mechanisms. Both involve data-level analysis to help you identify and act on potentially fraud.
Fraud scoring assigns a numerical value (a “score”) to each transaction based on a wide range of potential fraud indicators. Unusual purchasing patterns, for example, could be a sign of a stolen card. Other considerations might include discrepancies in billing or shipping information, the geographical location of the purchaser, and deviation from typical customer behavior.
Each element is given a risk score, and the scores are tallied in real time. The higher the number, the higher the risk of fraud.
Fraud scoring speeds up the entire verification process. In clear-cut cases, it can reduce or eliminate the need for human interaction: transactions with low scores can be automatically approved. At the same time, high-scoring transactions can either be rejected or flagged for manual review.
Learn more about fraud scoring
What is Manual Review?
If everything else fails, a transaction may need a manual review. Basically, a hands-on check by you or one of your staff. Manual review comes into play when an automated system detects evidence of possible fraud, but not enough evidence to automatically reject the transaction.
During a manual review, trained staff essentially do everything the automated system already did: assess the transaction details, look at various factors such as customer transaction history, and so on. They may also reach out to the customer for additional verification or clarification.
Manual reviewers have the ability to judge circ*mstances in a way that computers are not yet capable of. It’s a tedious and time-consuming process, but it could prevent you from losing a valued customer to false positives.
Learn more about manual review
The Bottom Line
Fraud prevention is all about combining the right tools in a coordinated manner so they work together and complement one another.
Of course, even with the optimal strategy, tools, and tactics in place, there’s still no way to “fraud-proof” or “chargeback-proof” your business. Criminals get more sophisticated all the time, and staying up-to-date on the latest threats can be a full-time job on its own.
Chargebacks911® offers the most comprehensive chargeback management services and products available on the market today. Our experts are constantly uncovering new fraud threats and developing innovative strategies and technologies to fight back. This applies not only to fraud prevention but even to hard-to-fight challenges like friendly fraud.
Whatever you need to prevent chargebacks, we can help. Contact us today for a free demo.
