In 2023 Card Schemes Visa/MasterCard have lowered maximum Fraud thresholds to below 0.3%, making it essential for any eCommerce merchant to implement anti-fraud measures. Combatting the ever-growing numbers of card and data breaches around the globe should be a top priority for every business accepting online (card not present) payments.
For example, in certain cases fraudsters holding stolen card data may complete purchases on your website. As an unsuspecting merchant, you may deliver the product before the fraudsters open a dispute and request a reimbursement (chargeback). You may be left without the product and without payment. In addition, the payments provider or acquiring bank will learn about the fraud and may terminate your merchant account on account of your breaching specific chargeback thresholds. You'll be put on a blacklist, meaning no chance for applying for a new merchant facility with other banks.
Losses in the Billions
In Europe, losses due to fraud reached approximately 1.5 billion EUR in year 2021. In 2020, France, Poland and Germany experienced €6M, €5M, and €3M fraud loss increases respectively, yet in 2021 France held a flat trend but Poland and Germany saw increases for a second consecutive year, with €0.5M and €2.4M fraud loss increases, respectively. The Netherlands experienced the highest losses in terms of relative value, coming in with a loss increase of over €8M.
European Fraud Map (fico.com)
Card Fraud in the UK (2017 FFA UK)
Everyone is familiar with a 3-digit code printed on the back of the card. It was one of the first security measures introduced with rise of fraud in online payments. Payment Card Industry (PCI) compliance standards do not allow merchants to store CVV codes, therefore in the event of online card data being stolen these codes will not be obtained by the fraudsters.
The process involves a redirect to cardholder's issuing bank website (or mobile app, SMS, etc..) during the checkout process, where cardholder needs to authorize the transaction. 3D Secure 2.0 was introduced to raise security and at the same time improve shopper's experience and avoid redirects in some cases.
Although seemingly obvious, the required entry of a card’s expiry date is still an important tool to verify the card. Typically, the card issuers set an expiry date of up to 3 years.
Only supported within UK, Address Verification Service is used to verify the address and postcode, as entered by the shopper, with the proof of address that card issuer has (the address to which card statements are sent).