How card frauds are caught

Selling online has revolutionized commerce, opening and expanding doors for countless businesses around the world. Yet, e-commerce also opens doors to fraud. It’s important to understand the risks accepting online payments and the security measures that can help keep your business safe.

E-commerce continues to grow: Worldpay’s 2022 Global Payments Report projects U.K. online sales surpassing U.S.$356 billion by 2025, with nearly half ($150 billion) of that total coming from mobile commerce.

E-commerce also involves risk from the criminal activities of increasingly sophisticated fraudsters. Those risks and costs include direct financial losses, fines and fees, increased operational costs and reputational risks to your business. These risks mean security should always be the priority when selling online – especially when it comes to payment systems and your customers’ personal data.

Cost of online fraud

If you’re unsure about the importance of online payment security, consider just some of the costs of e-commerce fraud.

Trade body UK Finance estimated that in the first half of 2022 alone, a total of £609.8 million was stolen through authorized and unauthorized fraud and scams.¹

According to its “2021 Fraud – the Facts” report, roughly £376.5 million worth of e-commerce fraud took place on cards in 2020 – 66% of all U.K. card fraud. This was up 4% from the previous year.²

Business email compromise was the source of most payment fraud attempts in 2021, with 58% of respondents in a JP Morgan survey reporting that their accounts payable departments had been compromised through email scams.³

Setting up a secure online payment system

Retailers need to be more vigilant than ever about security and their operations. When setting up an online store for your business, consider these four leading measures when setting up a secure online payment system.

1. Take time to understand suspicious purchasing activity.

Fraudsters are sophisticated criminals that cause real harm to businesses and consumers alike. But fraudsters are far from perfect: Everyone leaves a trace. Those traces can add up to patterns of suspicious activity that raise the red flag of fraud.

Multiple orders from a single IP address using multiple credit cards can represent a red flag. This pattern suggests a single fraudster is using multiple credit cards, either stolen directly in data breaches or purchased from the dark web. Remarkably large orders – especially when the purchaser requests next-day shipping – could also raise a red flag for fraud. That’s why it’s important to learn how to identify suspicious transactions.

In its “2022 Cyber Security Breaches Survey,” the U.K. government noted that of the 39% of businesses who identified cyberattacks, 89% of those attacks were phishing attempts.⁴ This is when employees are encouraged by seemingly reputable email addresses to reveal sensitive information in order to commit fraud. Follow the National Cyber Security Centre advice to defend your organization from phishing attacks. 21% of attacks were reported as denial of service, malware, or ransomware attacks.⁵

Single points of suspicious activity aren’t sufficient to definitively identify a transaction as fraud. For strong payment security, we recommend utilizing multiple data points to help model both “good” and “bad” transactions. Taking the time to understand the range of suspicious activity you’re likely to face when selling online will help you make more informed decisions. Leading e-commerce platform providers and payment partners can help you dial in the right mix of security and convenience.

2. Enable address verification system (AVS).

An important tool to help reduce fraud is the AVS. This system verifies the billing address against the cardholder’s data from the issuing bank. Systems which verify the user’s identity before existing information can be changed is a key way to combat business email compromise.

AVS helps prevent fraud, since the criminal often doesn’t have access to the billing address of the legitimate cardholder. AVS systems are often used in conjunction with CVV2 verification, the three- or four-digit code on the consumers’ physical cards. Requiring both CVV2 and AVS at checkout can help protect against fraudulent transactions.

A failed AVS may not necessarily mean the transaction is fraud. Similarly, a verified AVS doesn’t necessarily mean the transaction is legitimate: The address could have been connected to the card by other means. AVS represents an important data point that can help reduce e-commerce fraud.

3. Achieve compliance with industry standards like PCI DSS.

Data breaches can be devastating to businesses of all sizes. IBM/Ponemon Institute’s “Cost of a Data Breach Report 2022” found that the average cost of a data breach in the U.K. is £4.56 million, or £148 for every lost or stolen record of sensitive information.

The importance of keeping data safe led to the development of the Payments Card Industry Data Security Standards (PCI DSS). PCI DSS is an important set of guidelines and best practices that apply to any entity that receives, transmits or stores sensitive card data.

Achieving and maintaining PCI DSS compliance takes an experienced partner that understands payments security. Leading credit card processors offer comprehensive support on meeting and maintaining PCI compliance through system vulnerability checks, training programs and customer support.

4. Partner with a processor who knows online payments.

Choosing the right payment processor is the first step to safely and securely accepting credit cards online. When you work with a reputable payments processor that prioritizes security, you can breathe easier knowing that your data is secure.

Staying vigilant with the security of your online payments systems and e-commerce store is a process. A great place to start is to consult with a payments expert. A reputable and experienced payments partner will take the time to understand your business and craft online payment security measures that fit the way you do business.