How Do We Protect Against Online Fraud?

Fraud losses cost the financial and retail industries over $250 billion annually, and cybercrimes are becoming increasingly sophisticated. Online merchants are generally at a higher risk than physical stores because digital platforms offer numerous opportunities for fraudsters to attack. As an online merchant, it is crucial to stay vigilant about fraud.

Typical Fraud Tactics

• Malware: Malware, which stands for malicious software, infiltrates and damages a computer without the user's awareness. Nowadays, most malware is designed for financial gain. It avoids detection while gathering and transmitting sensitive information like bank account details, passwords, and credit card numbers. To safeguard against malware, ensure your virus protection software is always up to date since vulnerabilities often exist in older or outdated versions. Also, don't store credit card information on your computer.

• Card Testing: This technique uses software to verify stolen credit card numbers on an e-commerce site automatically. When a business is targeted, its website is subjected to hundreds or even thousands of small transactions (e.g., $2.00) to test the validity of the card numbers. As a result, the organization incurs authorization fees until they detect the activity and shut down the site or until the thief completes the testing. To stop your site from being exploited for card testing, set the "Daily Velocity" filter in your payment gateway to cap the number of daily transactions.

• Phishing: Initially, phishing involves emails asking users to respond with confidential information to prove ownership of certain accounts. This evolved into SMSishing, where the request was sent via text message. Now, there’s whaling, targeting high-profile individuals on LinkedIn and Facebook with titles like vice president, CEO, CFO, etc. If you have a profile on social media platforms such as Facebook, LinkedIn, or YouTube, ensure your private information remains secure and be cautious of requests for sensitive details.

Combating Fraud

• Use AVS (Address Verification System): For eCommerce or keyed transactions, always employ AVS. This system checks the provided billing address against the one on record with the card-issuing bank and gives a match or mismatch response. Reject transactions that result in a mismatch. The default settings in NMI will handle this automatically. Accepting a transaction with an AVS mismatch will affect your rate.
  

• Use the CVV (Card Verification Code): Always require and verify the three-digit security code found on the back of Visa, Mastercard, Discover, and JCB cards or the four-digit code on the front of American Express cards. In cases where the CVV code doesn’t match the bank's records, reject the transaction. For those using Allied Payments Gateway, ensure this is set up on your account. Accepting transactions with a CVV mismatch won’t affect your rate, but it may weaken your position in chargeback disputes.
• Review your Daily Transactions: Vigilantly monitor for unauthorized refunds (possible employee fraud), duplicate transactions, and notably large orders from unfamiliar customers. Report any anomalies immediately to us by submitting a ticket.
• Set your Gateway’s Daily Velocity Filter: Limit the number of transaction attempts on your site to prevent fraudsters from testing credit cards. This will also minimize the authorization charges for these fraudulent transactions. The Allied Payments Gateway features iSpyFraud, making it easy to set these limits.

Common Fraud Schemes To Look Out For

• Urgent orders that require fast, expedited shipping
  
• The billing address and shipping address do not match
• The order is larger than normal orders
• International order/international shipping
• Unable to speak to the customer on the phone
• Several sales made in a short time period by the same customer/same address
• The sale does not feel right. Not a typical sale or terms.
• The customer does not seem to care about the pricing or shipping cost.