Consumers spent $517.36 billion online with U.S. merchants in 2018, up 15% from $449.88 billion spent the year prior, according to a new Internet Retailer analysis of industry data and historical U.S. Commerce Department figures. Unfortunately, as growth in online payments continues to climb so do instances of credit card fraud. In fact, Aite Group estimates that card-not-present (physical card not present during a transaction) fraud is expected to increase to $7.2 billion by 2020.
Governments have started taking online payment fraud seriously in an attempt to protect consumers and hold companies more accountable. Companies must make sure their online stores are compliant with regulations like the E.U.’s General Data Protection Privacy Regulation and PSD2/SCA to make sure they’re securely handling credit card information.
Accepting fraudulent payments can have real consequences for digital businesses. Not only does it impact your reputation, but your company can also be held financially responsible for the fraudulent transactions, be forced to pay hefty fines, and lose your merchant status too. In order to protect your business, your company must take proactive steps to minimize credit card fraud on your site.
Not sure where to start? Here are some best practices for curbing credit card fraud and protecting cardholder data on your site.
What is credit card fraud?
Credit card fraud happens when a customer’s card is lost or stolen or when the payment card information is used to make an unauthorized transaction.
Two common types of credit card fraud:
1. Account Takeover
Most online stores provide users with the option to create a personal account that logs their purchase history and stores their financial data so customers can easily checkout online without having to enter their payment information every time. Cybercriminals often hijack these accounts and use them to make unauthorized purchases.
2. Identity Theft
Fraudsters are always looking for ways to steal usernames, passwords, credit card numbers, and other personal information. This often occurs when companies fail to properly secure the payment information they collect from their customers.
How credit card fraud impacts digital businesses.
In addition to the regular fees required to process debit and credit card payments online, here’s how accepting fraudulent transactions can negatively impact your business.
1. Resource Loss
Allocating in-house resources to verify each suspicious order is a very time intensive process for any company. Members of your team need to contact the customer to make sure they actually authorized the software purchase on their account. This is valuable time that could be allocated to building great software or other key areas of your business.
2. Loss of Merchant Account
Banks often gauge a merchant’s risk and reliability on the number of chargebacks they receive. Receiving multiple chargebacks on a regular basis can cause banks to refuse to do business with your company. Losing your merchant account will make it harder to sell your software and digital products online.
3. Chargeback Fees
Credit card chargebacks represent a real financial threat to digital businesses. Every time a chargeback is issued, a nonrefundable chargeback fee is processed to pay for the administrative costs associated with the chargeback process. If your site naturally has high chargeback rates, you are unintentionally hurting your own revenue potential by paying these additional fees.
How to protect your digital business against payment card fraud.
Unfortunately, there’s no silver bullet for preventing credit card fraud. However, there are some industry best practices your company can follow to curb payment card fraud and protect the personal information you handle on your site.
1. Comply with security standards (PCI Compliance).
The Payment Card Industry Security Standards Council (PCI SSC), a consortium of the leading payment brands like Visa, American Express, and MasterCard have banded together to outline a set of mandatory security standards to comply with (PCI compliance). PCI standards effectively outline how sensitive customer data and payment information should be handled online to reduce the likelihood of identity theft and payment card fraud.
2. Watch out for suspicious email accounts.
Look for email addresses that have a string of extremely random characters and numbers strung together. An address like firstname.lastname@example.org might raise some internal red flags.
3. Make sure IP address align with shipping/billing address.
Check if the IP address matches the billing address and/or the shipping address. Ruling out gift purchases, the risk of a fraudulent transaction is higher if these don’t align.
4. Require CVV at checkout.
Credit Code Verification Value (CVV) is the three or four-digit security code printed on credit cards. Since CVV information is considered sensitive authentication data, it can not be stored after authentication according to PCI standards. Requiring this CVV helps ensure that your customer has the physical credit card at the time they are making the purchase.
5. Partner with a full-service ecommerce partner
FastSpring’s full-service ecommerce platform automatically aggregates all order data and provides anti-fraud analysis in real time. Since FastSpring’s platform is fully PCI compliant, all your customer’s transactions occur on secure servers that don’t store sensitive payment information. This helps to shield your company from serious liability issues in the event of a malicious attack or data breach.
As we’ve learned, accepting fraudulent transactions can be damaging to your company’s reputation and revenue potential. While it is true that instances of credit card fraud will grow as more customers look to complete their purchases online, your business should not be discouraged and should instead focus on ways to proactively secure your site.