Protection from Online Fraud

Posted in Customer Support, Industry News.

Image of the word "Danger"

Protection from Online Fraud

Protection from online fraud continues to be one of the most frequent requests from our merchants, especially those that are new to selling their goods and services from a website. We have written extensively on the subject and you can read more here, but as an introduction to ecommerce processing, here is a summary: Merchants that take card payments in a card-not-present environment are always liable for losses due to the lack of a signature or other proof that the actual cardholder is authorizing the sale. Some credit card holders know that this is the case and take advantage by ordering goods from websites and then initiating a chargeback with their card-issuing bank by claiming “non-receipt of shipment.” Merchants can protect themselves from this kind of fraud by requiring a signature from the shipping company, which can be sent to the merchant service provider to prove that the cardholder accepted the package. Of course, merchants that provide digital content will never win a chargeback, since there is no way to offer proof of purchase from the actual owner of a card.

One of the easiest ways to protect against online fraud is to require both the cardholder’s card verification code as well as the billing address to use in conjunction with Address Verification Service (AVS), which works by matching the address from the authorization with the address on file with the card-issuing bank. All payment gateways have flexibility in adjusting the AVS setting to filter out international sales or other card types that may be indicators of fraud.

As a final note, one of the most common schemes that we continue to see is when a fraudster runs multiple authorization requests (sometimes in the thousands) to determine whether their stolen credit card numbers are valid. In this case, the merchant is liable for the transaction fees from both the merchant service provider and the payment gateway, which could add up to thousands of dollars! The easiest way to protect from this kind of fraud is to set the “velocity” filter, which can reject multiple sales attempts or odd value transactions such as a penny, nickel, etc.