Payment fraud continues to be a pressing concern for eCommerce merchants. Though fraud extracts a toll on the whole economy, retail merchants often feel fraud’s impact most directly. The mounting costs are measured in excessive chargeback fees, fraud prevention efforts, and lost merchandise.
Fraud demands the urgent attention of every business that accepts payments online. Protecting your eCommerce business requires a strategic commitment to fighting back, an awareness of best practices, and flexible tools to manage fraud’s evolving threat.
The good news is that eCommerce retailers have tools at their disposal to fight back. First we’ll examine the state of eCommerce fraud in 2019 to see the costs on our businesses. We’ll look at some of the most effective fraud prevention strategies available to retailers. Finally, we’ll consider the delicate balancing act of fighting fraud while simultaneously providing frictionless consumer experiences at the point of sale.
The state of eCommerce fraud—2019
If you own or operate an eCommerce business you already appreciate fraud’s destructive power. The most recent statistics confirm what you already know: payment fraud is a real and growing threat to your bottom line.
LexisNexis estimates that fraud costs US eCommerce an average of 2.38% of revenue in 2018. The costs vary by sector—for example, fraud takes a larger toll on digital versus physical goods, and larger companies are targeted more often than smaller ones. Yet overall eCommerce fraud trends are clear and disturbing: 2018 saw more than 30% year-over year increases in fraudulent transactions from 2017.
The widespread adoption of chip card technology is a fraud-fighting success story. Visa’s September 2018 chip card update reported that merchants who had completed the EMV chip upgrade witnessed an 82% drop in counterfeit fraud dollars in-store from September 2015 to June 2018. An unfortunate side-effect of this success is that fraudsters are now looking to uncover new vulnerabilities.
Fraudsters aren’t giving up. They’re simply evolving.
Fraudsters are following the money as eCommerce—and especially mobile commerce—continues to explode in popularity. Worldpay’s 2018 Global Payments Report projects US eCommerce will average 9% compound annual growth for the next five years, rising to $1.15 trillion in 2022. Fraud’s growth is a function of eCommerce growth: as more of the economy moves online, criminals will inevitably follow.
Finally, the growth and scope of data breaches is exposing the personal and financial data of hundreds of millions of consumers to criminals. The non-profit Identity Theft Resource Center estimates that the number of compromised records of sensitive personally identifying information exceeded 450 million in 2018 alone. Data breaches provide the raw materials used by fraudsters and that data is more available than ever.
Warning signs of eCommerce fraud
Fraud is increasingly organized and committed by skilled hackers using bleeding-edge technologies. But they’re far from perfect and often leave clear red flags to their crimes.
How can you spot fraudsters and prevent them from taking a bite out of your profits? Here are some examples of suspicious behaviors indicating potential fraud:
- The shipping address and billing address differ
- Multiple orders of the same item
- Unusually large orders
- Multiple orders to the same address with different cards
- Unexpected international orders
These are all potential warning signs of fraud. They also highlight the inherent difficulties in fighting fraud: none of the warning signs are guarantees. Perfectly legitimate transactions by rightful cardholders can feature any number of these warning signs. Denying legitimate transactions can cost as much or more to your bottom line as accepting a fraudulent transaction. Investing resources to investigate the red flags therefore becomes critical.
Card security codes
eCommerce transactions—i.e. “card not present” or CNP—are considered a higher risk for fraud than card-present transactions because of the difficulty verifying a cardholder’s identity. Card security codes were developed specifically in response to the rise in eCommerce.
These three-or four-digit codes are referred to as CVV2 or CVC2 (Card Verification Value/Code), CMID (Card Member ID), or the CID (Card Identification Number). Requiring card verification codes reduces the likelihood of fraud and can also qualify transactions for a lower interchange rate.
Card security codes are far from foolproof. They don’t account for “friendly” fraud, lost or stolen cards, or unauthorized card use. Hackers obtain security codes via data breaches or guess them with malicious programs. Nevertheless, card security codes remain an important tool in the retailer’s anti-fraud arsenal.
Address Verification Service
Address Verification Service (AVS) validates a customer’s billing address with the billing address on file with the card issuer. AVS adds two data elements to the authorization request: the cardholder’s numeric house or apartment number and their ZIP code. AVS helps minimize fraud by allowing you to decide whether to accept, reject, or flag for follow-up by customer service to obtain more information.
The rise of fraud scoring tools
Combating fraud often requires attacking the problem from all angles and taking multiple factors into account to judge the legitimacy of each transaction. All of this needs to happen within seconds.
Fraud scoring tools rely on the predictive power of data to create models about fraud patterns. Payment processors, for example, leverage databases of billions of transactions in order to model what “good” transactions look like. Each payment request is assigned a fraud probability score using tools such as IP geolocation, address verification service, card security codes, device fingerprinting, transaction histories and other proprietary factors.
Fraud scoring can identify abnormal transactions. Fraud scoring tools use a combination of intelligent software, data engines, and teams of experts to analyze and manipulate the constant growth of relevant payment data. Fraud scoring allows you to take control of your payments and calibrate your checkout experience with your risk tolerance.
The right security balance
Generally when we think about security we think in absolutes. We expect our locks to protect us, every time. We expect our alarms to warn us of intruders, no exceptions. It’s tempting to consider security measures that combat fraud in a similar way: we want to protect our businesses so no fraud takes place.
Yet absolutist approaches aren’t effective for eCommerce. You want to keep out fraudulent transactions, certainly. But just as important you want to let in all the good transactions. Legitimate transactions that produce a “false positive” can be even more costly than fraud. When a legitimate order is inadvertently rejected, that customer isn’t going to be happy. She may have become a lifelong customer, but instead she’ll never return.
Complicating matters is that merchants want to make checkout as easy as possible. One of the leading causes of shopping cart abandonment is too much friction at checkout. Adding security measures helps reduce fraud, but it also introduces friction. Striking a balance that allows your business to earn more revenue and keep more of it is essential to success.
The right security partner
Many fraud solutions are available via existing relationships with vendors like your payment processor, shopping cart provider, or marketplace host. In some cases, fraud scoring may be purchased separately as a stand-alone, third-party service. Often seeking more robust and effective solutions means considering a different payment processor or eCommerce platform.
Worldpay offers comprehensive fraud solutions for a variety of business types and industries, including eCommerce operations of every size. Our experts will work with you to assemble the best balance of people, data and technologies to protect what you’ve worked so hard to earn.
©2019 Worldpay, LLC and/or its affiliates. All rights reserved. Worldpay, the logo and any associated brand names are trademarks or registered trademarks of Worldpay, LLC and/or its affiliates in the US, UK or other countries. All other trademarks are the property of their respective owners. Results may vary