With simple ecommerce pricing packages available and shopping cart solutions that require no technical skills to set up an online store, more and more Canadian businesses are selling over the web. According to Visa Canada, card-not-present fraud accounted for 80% of total fraud[1] last year, and in 2015 it’s estimated that Canadians lost approximately $2 billion to cybercrime[2]. With a combination of tactics and the right fraud prevention tools in place, ecommerce merchants can protect themselves from a number of different fraud schemes.
The most common types of fraud
Let’s take a look at some of the most common types of card-not-present fraud:
Many fraudsters purchase stolen credit card numbers from websites that allow anyone to buy and sell lists of card numbers.
How to detect and reduce ecommerce fraud
Detect Address Mismatches
Address Verification Service (AVS) is one type of prevention tool for identity fraud. The address the customer provides during checkout is cross-referenced with the address the customer’s card issuer has on file. If the address details match, there’s less risk that the card data has been stolen. AVS can be effective, but it’s not a fool-proof solution - you should use multiple validation tools to solidify ecommerce transaction security.
Know your customer
Understanding the habits of customers and taking steps to identify abnormal activity can help strengthen your internal fraud strategy. Unusual orders should be flagged for further evaluation. This may include:
Enforce the Use of Card Verification Value (CVV)
Enforcing the use of the CVV – a 3 or 4 digit code, typically on the back of credit cards, which verifies the purchaser is in possession of the card – acts as another barrier for fraudsters targeting your website. It is harder and more expensive for fraudsters to get both the credit card numbers and CVVs. This simple tool will help reduce the number of fraudulent purchases and may even prevent card testing attacks on your website.
Real-Time Cardholder Authentication (3D Secure)
This security feature redirects the customer to an authentication page where the customer will be asked to verify their identity with their issuing bank. Once the customer’s identity is confirmed, the transaction is processed.
Collectively known as 3D Secure, the major card brands each have a version of this solution:
Using real-time authentication (3D Secure) will assist with fraud-related chargebacks and card testing attacks on your website. However, each additional step at checkout reduces the conversion rate of browsers to buyers. Research has indicated that 3D Secure merchant accounts may fail to finalize up to 30% of sales. Prior to installing this solution merchants should review their fraud-related chargebacks and evaluate whether the cost of the added friction is worth implementing 3D Secure.
Final Thoughts
Employing fraud prevention measures may seem resource intensive but they are important when you consider the cost of fraud to your business (chargebacks, lost time, penalties, lost inventory, lost customers, etc.) As fraud continues to evolve, a layered security approach works best to help prevent it. Implementing both fraud prevention tools and tactics will ensure maximum protection of your ecommerce website.
Sources
[1] http://www.visa.ca/en/aboutcan/mediacentre/news/fraud-prevention-tools.jsp#_ednref2
[2] http://canada.creditcards.com/credit-card-news/images/012116%20NortonReport_2015_Canada_Stats%20Sheet.pdf
Patrick Brophy, CPP Product Manager, Online Payments Moneris Solutions
As the Product Manager for Online Payments at Moneris, Patrick is responsible for ecommerce and omni-channel solutions, most notably the Moneris Gateway. With 13 years of experience in the payments industry and a focus in integrated and emerging customer solutions, Patrick carries a broad expertise on many subjects important to the online merchant experience.