Credit card fraud occurs when a customer’s card is lost or stolen, or their information is used to make illicit transactions.
The good news: According to VISA, Chip-based credit card readers have led to a 70 percent drop in counterfeit fraud in the United States alone.
The bad news: Credit card fraud is going where the action is – online payments.
Card-not-present fraud (CNP) is now the most common type of fraud. As the name suggests, it happens when the cardholder’s information is stolen and used illegally without the physical presence of the card. This type of fraud usually happens online and it’s increasingly common.
Of the 179 million records stolen in U.S. data breaches last year, nearly 20 percent revealed payment card information. Batches of stolen credit card details can be sold on the dark web. In one UK example, these details were being sold for as little as £1 per card. Recent research suggests that it’s possible to purchase someone’s entire personal identity for just £744.30.Phishing
Phishing is a cybercrime where scammers use malware, or computer viruses, to grab bank account and credit card details. It's one of the oldest types of cyber attacks, dating back to the 1990s, and it's still widespread and dangerous.
In a famous 2016 phishing attack, hackers managed to get Hillary Clinton campaign chair John Podesta to offer up his gmail password. Phishing emails appear to come from a trusted source, such as a bank. They ask for personal information such as credit card, password or account number or link to to a website that requests your personal information.Fraudulent websites
There are a few simple ways to spot a fraudulent website. A fake website probably won’t contain a company’s full contact details, including their postal address.
A fraudulent company most likely won’t have much of an online presence, including company reviews and testimonials. The URL of the website should map to the company name. For example, Amazon should map to www.amazon.com, not www.amazin.com.
Finally, the website itself may be full of typos and grammatical errors.Honeypot
A less obvious fraud is a free unsecured Wi-Fi hotspot.
In the “Honeypot” scam, once a user is connected to the wi-fi hotspot, the hacker can access their personal information, and control the camera and microphone on the device. Scammers hope that people will connect and reveal their credit card details by making an online payment.Vacation
Even on vacation, people should be wary of credit card fraud. A phone call purporting to be the hotel front desk asking for your credit card information could be a fraud.Pre-populated details
Recent research suggests that pre-populated debit or credit card details, which many use to make online shopping easier, could be a worrying trend. One study found that a third of respondents save their card details using ‘auto-fill’ technology, though more than half (56%) are concerned about just how secure this is.
Online merchants face a tricky balancing act. On the one hand, they need to minimize fraud in online payments. But rejecting every single order that looks suspect will anger legitimate shoppers and hurt sales.
The average online store declined 2.6% of all incoming orders due to fear of fraud, according to a Merchant Risk Council’s 2017 Global Fraud Survey. For a $25 million business, this means rejecting orders worth more than $600,000 annually.
In any online credit card payments fraud, a merchant can lose in four ways:
1.Loss of any merchandise the fraudster ordered.
2. A refund to the person whose payment information was stolen.
3. Liability for associated credit-card chargeback fees.
4. Increased card fees for a perceived high-risk merchant account.
With all these penalties, it’s vital for an online merchant to practice fraud prevention.
1.An Address Verification Service (AVS) compares the billing address and zip code from a transaction with the details on file at the issuing bank. A merchant can chose to reject orders or flag it for a manual fraud check.
2. Verify any order manually if it has incomplete or inaccurate information. An order without a name, billing address and phone number is suspicious.
3. Call or email the customer on suspicious or large value orders to verify the order. If you order looks really suspect, ask for a scanned copy of their ID and card.
4. Use a fraud protection service such as MaxMind, Telesign or VariLogiX FraudCall to screen orders automatically.
5. Watch for suspicious or “throw away” email accounts. For example, firstname.lastname@example.org is at a free email provider and not a typical legitimate email address.
6. Watch out for patterns consistently used on fraudulent orders. Sometimes a group repeatedly submits fraudulent orders. If you can identify the theme, it makes them easier to spot.
7. Collect as much information as possible from the customer during checkout. This can include Facebook/Google account verification, phone number, credit card CVV number, etc. To avoid losing your legitimate customers, only focus on suspicious buyers.
8. If customers are shopping through your mobile app, collect biometric data such as a fingerprint or selfie picture when the user sets up an account.
9. Keep a close eye on high risk categories. Fraudsters have a much higher preference for certain products, such as high priced items that have high resale values or gifts (i.e. shipped to a different address).
10. Look out for new clever online payments fraud schemes. You may recall when fraudsters bought an iPhone, replaced it with clay in its original packaging, returned it for a refund, then flooded the seller with bad reviews. Fraudsters are constantly discovering new ways to defraud companies so it’s important to keep up to date.
11. Ship your orders with tracking numbers and require signature. Not only will it reduce claims but you’ll have the customer’s signature as a backup.