Building an online business from the ground up and seeing it grow is one of the most satisfying aspects of being an entrepreneur. As sales start pouring in, your business becomes a golden target for online fraudsters. They will either be attempting to run fraudulent transactions on your website using stolen credit card information or attempt to find credit card credentials through repetitive card testing. These fraudulent transactions can have a large impact on your business, since this can result in penalties, chargebacks and stolen goods. Thankfully there are effective measures that can be put in place to lower the impacts of online fraud.
One of the most common forms of online fraud consists of credit card testing. Fraudsters will try multiple different combinations of credit card numbers, expiry dates and three digits. They will often run the credit cards on small transactions in order to avoid the credit card owner from noticing the transaction. In the eventual case that the fraudsters find a valid credit card, they will then use the credit card to purchase goods from another vendor. The best ways to avoid credit card testing is to set up a higher minimum transaction amount. Any transaction under the minimum transaction amount, won’t be sent to the gateway and will immediately decline. The best way to know what the minimum transaction amount you should set would be by adding the lowest value item in your cart and checking out. The checkout amount for that lowest value item should be the minimum transaction amount. Any transaction lower than that would necessarily be a fraudulent transaction being used for credit card testing purposes. In some occasions, adding a CAPTCHA at checkout could also be a deterrent to stop credit card testing.
Payment gateways are implementing stronger measures against merchants that are not taking proactive measures to prevent and halt credit card testing. Being proactive will keep your account in good standing and avoid any form of penalties that card brands and payment gateways can impose.
Another preventive measure that can be used to deter credit card testing would be to limit the amount of transactions would be to block IP addresses of users that are experiencing excessive number of declines. This would create an extra layer of security and added roadblocks for credit card testers.
It is extremely important to take measures to avoid fraudulent transactions. Whenever a purchase is done with stolen credit card information, it is highly likely that the actual card owner will initiate a chargeback. A chargeback would result in the funds being withdrawn from your payment deposit and returned to the credit card holder regardless of whether or not the order was fulfilled. In order to avoid chargebacks, there are certain solutions that shift the liability to the banks than you the merchant. 3DS 2.0 analyzes transactions and looks for suspicious behaviours. In the eventual case that there’s a high risk transaction, the banks will send over a challenge to the user at checkout. The challenge would consist of prompting the user with a code sent by either SMS or e-mail that is affiliated to the credit card that is used. The bank takes responsibility if the transaction results in a chargeback related to credit card fraud.
Another solution that merchants are using more and more is Kount. Kount is a service that analyzes transactions based on multiple data sets such as IP address, contact information, device fingerprint among others. Based on the data affiliated to the transaction, Kount will generate a risk score for the transaction. You can then decide whether to accept or decline a transaction based on the score issued by Kount.
To conclude, in order to build a secure environment for yourself and your merchants it is important to implement multiple security measures in order to prevent and deter fraudulent transactions. It is also necessary to do proper risk assessments and implement protocols that will shift away liability from fraudulent transactions. Anti-fraud services are often complimentary meaning that they behave as extra layers of security.
