GUEST-POST-RAINWATER-TTWEB-featured

Guest Post: e-Commerce Fraud: Protecting Your Merchants and Your Portfolio


By Benjamin Rainwater, Vice President, Credit & Risk, F1 Payments

During the past few years, consumers have been shopping online more and more frequently. But with COVID-19 arriving on the scene, pandemic-fueled e-commerce shopping has accelerated into a fever pitch.

This data illustrates just how much e-commerce has grown in such a short timespan:

  • The U.S. Census Bureau reports that U.S. retail e-commerce reached $211.5 billion in the second quarter this year, up 31.8 percent from first quarter and 44.5 percent year-over-year
  • The Census Bureau identifies that e-commerce accounted for 16.1 percent of total retail sales in the second quarter this year, up from 11.8 percent in the first quarter
  • TechCrunch, citing data from IBM’s August 2020 U.S. Retail Index, reports that the pandemic has fast-tracked the shift away from physical stores to digital shopping by roughly five years

While e-commerce is booming, so is fraud related to online purchasing. So, what can you do to help protect the merchants in your portfolio? Let’s talk about some ways to address account takeover and friendly fraud, as well as implement additional fraud controls and more.

Account Takeover Fraud
Account takeover fraud is a form of identity theft. Fraudsters gain access to personally identifiable information (PII) and bank account or payment card information that does not belong to them through phishing, malware or data breach. They subsequently use that information to make unauthorized purchases.

Here are three ways to help your merchants combat account takeover fraud:

  1. Recommend they implement two-factor authentication (2FA) to not only verify customers are who they say they are before online purchase transactions take place, but to protect their entire payments infrastructure from chaos created by hackers at the gateway, CRM system, URL host and more
  2. Instruct them to monitor transactions processed through your gateway to identify anything odd, suspicious or highly unlikely, such as price points that don’t match what you sell, small dollar authorizations (especially those less than a dollar), and multiple charges to the same card number in a row or over a given short time period and suspend order fulfilment and shipment until resolved
  3. Remind them to complete their Payment Card Industry Data Security Standard (PCI DSS) attestation of compliance questionnaire annually, and to immediately remedy areas of non-compliance to make online transaction processing more secure while protecting their businesses against data breaches that lead to identity theft

Friendly Fraud
Friendly fraud occurs when customers purchase goods and services and then disputes the charges with their credit card issuer making claims that could be true, but in fact are not. Here are some examples of friendly fraud by customers:

  • They don’t remember making a purchase and feel their credit card number was stolen and used by someone else
  • They say the purchase wasn’t delivered
  • The say merchandise received doesn’t match the description online and they don’t want it
  • They say they canceled their order, but it was still delivered to them anyway
  • They say returned the merchandise, but a refund was never processed

When disputes like these result in chargebacks, which are reversals of credit card payments directly from card issuing banks, your merchants are out both the merchandise and services delivered plus the revenues associated. Adding insult to injury, merchants are additionally subject to chargeback fees and overhead from responding to retrieval requests. Plus, there is the dreaded chargeback-to-transaction rate rule from the card brands which typically specifies that if one percent of monthly volume results in chargebacks, merchants are subject to escalating fines that can run into the tens of thousands of dollars.

Needless to say, friendly customer fraud can be just as painful for your merchants or more than fraudster-originated account takeover fraud.

Here are six approaches to help your merchants address friendly fraud to reduce chargebacks:

  1. Counsel them to use 3-D Secure (3DS) version 2.0 or greater as an additional layer of security to reduce online fraud during purchasing by requiring cardholders to enter passwords to authenticate themselves
  2. Recommend they enhance customer experience by offering self-service refund requests online, adding an online chat customer service option, and addressing staffing and process bottlenecks to reduce call center hold times
  3. Suggest they improve customer communications about order and delivery status, especially if there are any delays due to order backlogs, out of stock situations or inclement weather.
  4. Advise them to use a shipping service with tracking numbers so that your customer service representatives can readily look up delivery information to address inquiries about packages not received
  5. Refer them to a chargeback management service that provides both preventative chargeback services and representment support to fight disputes
  6. Remind them to implement account updater capabilities, automated failed payment emails and compliant rebilling with explicit consent for subscription and recurring billing programs

 Additional Fraud Controls
Data is paramount in enabling your merchants to better identify and prevent fraudulent activity. Recommend they continuously monitor and analyze data during checkout, and after authorization before order fulfilment and shipping, to spot anomalies and irregularities that may be fraud. These are three controls they should put into place among many options:

  1. Purchases made with Foreign Cards – Credit cards issued to consumers outside the United States and Canada are at higher risk of fraud
  2. Orders Using a Single Shipping Address or Zip Code or Non-Existent Address – Fraudsters use stolen or fake shipping addresses and sometimes don’t even need or want the product or service purchased
  3. Orders Place Outside of Normal Business Hours – A sudden spike of orders at three o’clock in the morning when normal peak ordering takes place between 8 a.m. to 5 p.m. probably is an indication of fraud

Just like COVID-19, e-commerce fraud isn’t going away anytime soon and will constantly evolve, mutate and change. This underscores the need for vigilance today and over the long-haul. Using these tips to help your merchants bolster their fraud defenses not only protects their businesses, but your portfolio as well, and positions you and your business as trusted advisors building merchant loyalty and retention.

Benjamin Rainwater is vice president of credit and risk for F1 Payments in Austin, Texas. He helped eBay move from PayPal to Adyen payment processing with eBay assuming and managing all risk and was instrumental in helping Paysafe effectively balance merchant portfolio risk to maximize total processing volume, resulting in several million dollars of additional revenue.

Categories
OPINIONS

WEEKLY NEWSLETTER

Check out ETA’s weekly recap on innovations and policies shaping payments. Written by industry experts, get insights on payments like nowhere else. View weekly newsletter archives here.

Tags

Back to Top