Fraud is something most e-commerce business owners are familiar with – whether it be chargebacks, false orders, or other methods. There are many different tools that can help your business prevent and protect against fraud – however payment gateways are one of the most powerful and understated tools.
Payment Gateway Fraud
You might think that you only need a payment gateway to process and accept credit card payments. But, your payment gateway can do way more than that. It can actually help you prevent fraud as well.
What is Payment Gateway Fraud?
Payment gateway fraud happens when a customer uses a stolen credit card to make a purchase from you. The fraudster will make the purchase, but the real credit card owner will report the charge as fraudulent. If a chargeback is filed, you’ll have to return the money. You also may be on the hook for other penalties and fees.
Chargebacks aren’t the only downside of payment gateway fraud either. You’re also going to have to deal with unhappy customers dealing with theft from their accounts and poor reputation from negative customer reviews.
Your payment gateway is a powerful fraud prevent tool. When configured properly, it can halt fraudsters in their tracks and save your reputation.
Not all gateways are the same, though. Some actions you can do on your own, some require a 3rd-party developer, and others can be done by contacting your provider.
Is Stripe a Payment Gateway?
Yes, Stripe is a payment gateway. While Stripe does connect you with payment processing services, those services aren’t their own. Stripe offers you a sub-merchant account beneath their own and allows you to process payments via the relationship they have with credit card payment processors.
This is why we call company’s like Stripe, Shopify, PayPal, and Square payment aggregators or 3rd-party processors.
How can I make changes to my payment gateway?
If you have your own merchant account, then there are two ways to make changes to your payment gateway:
Log in. Simply log into it and you’ll see options, messages, and more. Every gateway is different, so we can’t say definitively what you’ll see, but there will be areas for viewing messages in the gateway, data, options, code, plugins, etc.
Contact your provider. Some providers don’t allow such easy manipulation to the gateway. But if you want to make changes, you can simply call or email your provider and ask them to turn features on or off as well as add in addition items from plugins or APIs.
Depending on what you want to do, the level of difficulty when implementing features on your payment gateway varies. Some things are literally a flip of a switch. Others require developers to program in the new feature.
Can I make changes to my Stripe gateway?
Stripe generally only allows cosmetic changes to their gateway. There are some other things you can do, but they all require a developer to implement the approved integrations.
Stripe doesn’t offer direct access to their gateway, but they do allow you to perform some actions when it comes to fraud. For example, if a card gets declined then you can have the gateway automatically send that customer an email asking for a new card or new payment method. You can also read decline codes from the gateway.
If you’re looking to up your game against fraud, then it’s probably best to look for gateways beyond Stripe. That’s not to say Stripe is a bad gateway—on the contrary, it’s one of the world’s leading payment gateways to date. But it doesn’t offer the customization a lot of businesses require, especially when faced with specific types of payment gateway fraud.
Why Use Your Gateway for Payment Fraud Prevention
If you’re not using your payment gateway for fraud prevention, you’re leaving money on the table.
By taking advantage of the tools that come with your payment gateway, you can easily set up a few simple rules that will help you prevent fraud and reduce bad transactions.
Preventing fraud is important for several reasons. First and foremost, it’s important to protect your business against chargebacks and disputes. These are very costly and they can quickly eat away at your bottom line. Second, it’s important to protect your customers from having their cards stolen or their accounts taken over.
While there are many ways to defend against fraud (even friendly fraud), leaving it up to solutions past your payment gateway is a huge risk. Once that fraudulent payment reaches the payment processor, eyebrows start getting raised, approval ratios get lowered, and banks get suspicious about your business. You don’t want any of that.
Ways to Prevent Fraud in Your Payment Gateway
Here are some really simple things you can do right now using your payment gateway as a fraud prevention tool.
The Address Verification Service (AVS) is a system used to verify the identity of the person claiming to own the credit card being used. This system checks that the billing address provided matches the address on file at the bank that issued the credit card.
AVS is a good preliminary security measure, matching card information with customer input, but it doesn’t protect you from everything especially if you feel your business is under attack.
Card Verification Value (CVV) or Card Security Code (CSC) is the three or four digit code on the back of the credit card. CVV helps protect against fraudulent transactions by verifying that the person using the card has physical possession of it.
Again, this is a great preliminary security measure and should be turned on no matter what, but it won’t entirely protect you from fraud.
3D Secure (3DS) is an important security protocol used by Visa and Mastercard (it’s sometimes called Visa Secure or Mastercard Identity Check). It helps prevent fraud by allowing the issuing bank to verify that the cardholder is the same person making the purchase.
Every time you make a purchase with your credit or debit card, the merchant must ask the issuing bank whether your card is eligible for the transaction. The issuing bank will then authorize the transaction, or decline it if it suspects fraud.
The 3DS process takes this one step further by adding an extra layer of authentication for both parties: the consumer and the merchant are given a “proof of ID” to complete the transaction in an added level of fraud protection. Consumers can verify their identity directly through their online banking account or via SMS verification, while merchants can use 3DS to generate a unique code that they can use in their anti-fraud system. This ensures that they know exactly who they’re dealing with and reduces their liability if something goes wrong with the payment.
This process makes it more difficult for criminals to use stolen credit card details, because even if they have access to someone’s financial information, they won’t be able to perform the security check.
You can think of 3DS as 2 Factor Authentication (2FA) for transactions.
One of the cool things about payment gateways, when you have access to them, is the ability to set limits based on time of day, card number, and amount. You can really get into the specifics and customize it depending on the type of fraud you’re experiencing.
Transaction limits can be set at a specific hour, on certain days, for holidays, specific weeks, and even months.
You can also set a maximum number of transactions per card based on either the credit card number, the BIN (which is the first 4-6 digits of the card), or even the customer’s IP address and email. BIN is the most useful, based on our experience, because fraudsters like to bombard gateways with hundreds of attempts using the same BIN.
This free tool from Google allows you to block automated attempts to use stolen credit card numbers by requiring visitors to take an extra step to prove they’re human before submitting their information.
This tool is usually used before submitting forms, logging in, and other non-financial activity. Having said that, it’s still a good tool to use that can take you one step forward in preventing fraud.
As a final layer of security, you can void transactions if the email receipt bounces.
Many gateways allow you to set up rules that automatically void transactions that do not provide an email address or phone number. If no contact information is provided, there’s no way for you to reach out to the customer later and warn them of a fraudulent purchase or ask them to confirm the purchase was legitimate. Consider setting up rules to reject these orders as well.
While it’s not a gateway manipulation, fraud scoring tools use data to create a risk score for each transaction, which can be used to determine whether to accept or reject the transaction. They use algorithms and machine learning to analyze thousands of data points, including IP address, geo-location, device type and ID, email address age, proxy usage, payment history and more.
A fraud scoring tool is a software layer between your checkout and gateway, and can also help prevent you from paying gateway fees for fraudulent transactions. However, these tools do add their own fee for every transaction they score.
Stop Fraudulent Activity Before It Reaches Your Processor and Keep Your Approval Rating High.
If you’re struggling with fraudulent activity on your online store, follow these steps to keep your business protected. Most payment gateways like come with fraud detection and some level of fraud management (like decline messages) as well as PCI-compliance. But there’s always something more you can do to protect yourself.
DirectPayNet can connect you with a gateway that allows all the features mentioned and more, as well as a payment processor that won’t shut you down the second someone tries to scam you.