All high-risk merchants suffer from holiday fraud.
Fraudulent transactions happen throughout the year. But, scammers like targeting the Q4 shopping season. This makes Christmas sales and revenue thereafter a very real threat.
As a typical medium-sized online merchant, you will have already fended off an average of 206,000 web attacks a month this year. The majority of these attacks are as small scale as a hacker trying to guess the password to someone else’s account. But in other cases, sophisticated attacks harvest payment data which aims to defraud merchants out of thousands of dollars per day.
As consumer activity rises during the holiday season, so does criminal behavior. Many look to hide their malicious activity within the hordes of genuine transactions in the hopes of going unnoticed. Sales for e-commerce stores are set to top $630 billion this year. Yet fraudsters and other criminals will inflict losses of $12 billion in just the USA alone.
Given the threat-level, what fraud prevention measures can you take to protect your business before, during and after the holiday shopping season?
Preventative action against external threats before they happen
As stated, fraudsters take advantage of the fact that merchants will be dealing with huge volumes of website traffic and orders. Naturally, you aren’t going to have the same amount of available time to scrutinize suspicious transactions. So, you need to get ready for the fight against holiday fraud ahead of time.
Here are some steps you need to take to make sure your website is as bulletproof as it can be before orders ramp up.
Make sure order page/checkout is PCI compliant
The fees associated with non-compliance charged by card companies mean this should be top of your priority list. A breach of your non-compliant pages could result in crippling fines, costs associated with forensic research, legal fees, and ultimately the possibility of becoming MATCH-listed. If you don’t have time to undertake a PCI-compliance audit, there are several companies who can do this for you. They will also highlight any weaknesses on your checkout and order pages.
Update payment pages to request more information
Card not present (CNP) fraud is one the biggest threats you’ll face during the holiday shopping season. Thus, implementing preventative measures to stop fraudsters in their tracks is a must. When someone steals credit card information they often only know the long number on the front. You can eradicate purchases made solely with that information by requesting CVV/CV2 (the three-digit security code on the back of a card). Each sale then requires proof of a card’s physical presence.
You can also implement Address Verification Service (AVS). This ensures that attempted card purchases made to an address that doesn’t match the one kept on file are blocked. Preventing those with stolen card information from making purchases.
Add extra layers of purchase authentication
Another way fraudsters can be stopped in their tracked is by implementing an additional layer of authentication. Tools like 3DS2 and PSD2 protocols force buyers to identify themselves with personal information. The process adds an extra step to the checkout process. But, genuine customers shouldn’t mind entering extra information to protect the integrity of their credit card.
Lean on acquiring banks and merchant account providers for latest fraud-prevention tools
High-risk merchants often forget that it’s in their acquiring banks interests to see lower fraud and chargeback ratios. Some of these providers are using the latest advances in artificial intelligence to mine huge sets of payment data. Machine learning is helping to spot fraudulent transactions that are:
- From an unusual location
- Made for an amount much higher than the average spend associated with the card
- From an IP address known to make fraudulent transactions
- Made from an unusual device
- Done using a card associated with multiple chargeback claims
- Made in error (e.g. duplicate transaction)
Tighten up mobile versions of your website to prevent holiday fraud
More criminals search for fragility and weak spots in mobile and app versions of websites. There has been a 680% increase in global fraud transactions from mobile apps over the course of the last three years. Failure to check the security of all mobile versions of websites and applications could give back-door access to scammers.
After implementing steps to defend your online store from fraudulent activity, focus on the actions you should be taking on a daily basis to prevent fraudulent activity.
Does your business struggle to get a grip on holiday fraud and chargeback ratios at Christmas time? Read our top tips for keeping them low and avoiding merchant account termination!
Remain vigilant during the holiday shopping season
This is the time of the year that merchants have to be more vigilant than others when it comes to transactions. The steps taken above will reduce daily tasks. But, you still need to remain alert during the busiest period of the year for merchants processing of online orders.
Verify suspicious orders by phone
A simple but effective way to reduce holiday fraud is by requesting a phone number with each order. Before shipping, call the number to verify the details of the order. Criminals will be less likely to be able to describe the transaction. This is because they are making hundreds of purchases every day with stolen information and aren’t likely to keep detailed records. If the customer has no clue about the order then you know the card details were compromised.
Watch out for shipping scams
There are a few different methods that fall under shipping fraud. Before we get to those you should examine all priority shipping orders. Especially if you already offer free shipping. Criminals don’t mind paying for expedited shipping. After all, it’s not their money their spending. If all previous purchases associated with that card haven’t paid for shipping, then it could be fraudulent. You should call to verify.
The first shipping scam involves a fraudster ordering the items to the usual address to avoid suspicion. Once the package is en route, a call to the courier is made to switch the delivery address. The first you know about it is when the original customer files a chargeback. By that time, the merchandise and criminal are long gone. You can avoid this scenario. Just ensure your delivery partner informs you of any requested changes of address before authorization. That way suspicious changes are flagged and blocked before the fraud takes place.
The second method is when the scammer asks for the package to be sent with a different courier to your usual supplier. These are usually couriers that the scammers know they can easily change their delivery address with. Simply refuse to do so, cutting off yet another avenue for potential fraud.
Analyze account transactions
Despite your best efforts, criminals may be able get through your anti-fraud defenses. This means you need to dedicate time to looking at the transaction-level data. Some of the most common scams are account takeover and card testing fraud.
Account takeover fraud represents almost a third of all attacks on e-commerce stores. But you can avoid processing fraudulent orders by looking at how purchases fit in with previous consumer behavior. You can look at several items. One example is huge increases in spending. Others are increased frequency of orders and a sudden preference for items with a high resale value.
You should also keep a close eye on international transactions. Outside of America, Brazil and South-East Asian countries account for the highest number of malicious web requests. Look at orders placed that originate from these countries. Particularly if the order came from a North American or European credit card. The probability of attempted purchase fraud is high.
Finally, look at transactions that fit the pattern of card testing fraud. This is the process whereby a criminal has illegally gained card information but they do not yet know anything about it. Card testing fraud will follow a set pattern of lots of very small purchases (to see if the card works). What will follow are several large purchases (to max out the credit line on the card). So, the initial purchases can be difficult to spot. But, the immediate ones to follow should set alarm bells ringing.
Be vigilant against internal threats
Not all fraudsters come from outside of an organization. There are increasing instances of staff defrauding their own employers.
The best way to protect yourself against internal fraud is to perform extensive background checks on new employees. Credit checks, criminal background checks, social media background checks, and even international background checks should be carried out on new staff members to reduce the chances of employee theft.
Next, ensure that staff are aware that they can unwittingly provide the “keys to the castle” by taking a lax approach to their own security. Here are some best practice tips to prevent accidentally laying out the red carpet to criminals:
- Enforce regular password changes, especially before employees leave for the Christmas break.
- Bring in two-factor authentication to all mission-critical software and applications.
- Shut all computers down during the Christmas break to suspend updates.
- Remind employees to refrain from doing their personal shopping on work computers.
- Avoid setting up out of office emails telling criminals exactly how long they have to try and hack into to your systems. Always maintain the façade that there will be plenty of staff working throughout the Christmas period, even if there aren’t.
- Retrain staff on how to spot phishing attacks via email.
- Perform all necessary software updates to avoid security flaws and weaknesses.
Regardless of efforts put into anti-fraud measures both before and during the holiday shopping season, a lot of holiday fraud actually starts after it’s over in the form of both friendly and chargeback fraud.
So what can you do to tackle holiday fraud after Christmas?
Reduce chargebacks from remorseful buyers in Q1 2020
The third phase of the holiday shopping period sees buyers’ remorse kick in. In the case of many chargebacks, buyers actually commit friendly fraud by not remembering what they bought. However, others with malicious intentions receive products and then issue a chargeback.
With that in mind, what measures can you take to reduce the effect that the post-Christmas blues has on your business?
Retain extra staff in the immediate aftermath of holiday shopping season
An easy way to keep chargebacks low is retaining the extra staff you hired for the rush of Christmas sales. You can now use them to deal with customer support issues and issuing refunds. A toll free number makes it simple for customers to seek help with their order.
Next, use your staff to keep communication lines open with customers. Email them order confirmations, dispatch confirmations, and follow ups asking for feedback on the product. Doing so makes it more difficult for customers to claim they have no recollection of ordering your product. Incidentally, emails bouncing from an inbox could be a sign the email address is fake, arousing suspicions about the order.
Make descriptors on card statement as clear as possible
A huge chunk of friendly fraud occurs when a customer doesn’t recognize the charge on their credit card bill. Make the descriptor for your product and/or service as clear as possible. Then communicate to customers how the charge will appear on their statement.
Some products or services are potentially sensitive (such as adult entertainment or sex advice e-books). In this case, choose a discreet name to avoid chargebacks done out of embarrassment. Once again, this moniker should be clearly communicated to the customer.
Tighten up your shipping policy to avoid holiday fraud
One of the most common customer complaints is that the order never arrived. This is easily avoided by merchants. Use couriers that have unique tracking numbers, and signature upon delivery. Once again, for more sensitive products, use discreet delivery methods so that a product is never turned away at a customer’s address.
As mentioned, you should always verify the delivery address and prevent unauthorized changes being made to the delivery destinations.
Review marketing practices to reduce misselling
The post-Christmas period is also a great time to review your marketing practices. Ensure that your advertising is not driving up chargeback ratios that can threaten your merchant account status.
Retire expired coupons, and perform a thorough audit of those who sell products on your behalf such as affiliates. If false claims are made, then it’s much easier for a customer to say what they received did not match what was advertised. Pushing up chargebacks in the process.
Battling holiday fraud requires action before, during and after the Q4 shopping season
For high-risk merchants, the battle against fraud is never-ending. But, it comes into ever sharper focus during the holidays. Criminals exploit rising volumes of transactions to commit their holiday fraud undetected. By following these steps, you can fight back against the scammers. Protecting your sales against fraudulent purchases and chargebacks is vital. Leaving the door open to criminals can permanently cripple business growth.