Last year’s holiday season was the first time that online sales surpassed $100 billion, with $108 billion reported by Adobe for November and December. As online shopping rises in popularity, the increased order volume is accompanied by increased ecommerce fraud risks.
The challenge is in preventing fraud efficiently while minimizing the loss of legitimate orders.
Ecommerce Fraud… What is It?
Online fraud is a serious problem that can spiral out of control. Most fraud occurs when a cybercriminal steals credit card numbers and other payment information to buy products.
In the 2016 holiday season, it was estimated that one out every 97 digital transactions was fraudulent. That amount increased by more than 30% during the first half of 2017.
While chip-enabled cards have reduced fraud at the point of sale, they do little for online purchases. Hackers collect identity and payment data from account profiles, to place online orders without a physical card present.
What Are Some Ecommerce Fraud Risks?
There are two general categories of fraud: true fraud and friendly fraud. True fraud is more commonly known as identity theft, and usually results in a disputed purchase, and lost merchandise followed by the issuance of a new card to the customer, a refund and a chargeback.
Friendly fraud is when there was no malicious intent involved, but the outcome for the merchant is the same. This occurs when family and friends make unknown purchases, or there are disputes over return policies. Friendly fraud can also happen when a customer doesn’t recognize your company name on their billing statement, so be sure that you’ve included current contact information.
Regardless of the intent, all fraud will impact your bottom line. Smart entrepreneurs understand the threat of ecommerce fraud risks, and actively mitigate potential issues without creating unnecessary friction.
What Are Some Good Strategies To Mitigate Fraud?
Good plans to mitigate ecommerce fraud risks will not necessarily cannibalize your sales. Rather, they may establish trust and increase conversion, as people know their personal information is secure. To maximize value with this strategy, include badges in the shopping cart that list the anti-fraud technology integrated into your website, and use clear language in your terms of service and return policy to reduce friendly fraud.
To prevent the theft of customer data, your website must be PCI Compliant, and failure to take these necessary steps may result in hefty fines. These steps are relatively simple today, provided that you’ve selected a quality payment gateway. PCI DSS 3.2.1 are the latest standards that all businesses that accept credit cards must follow. The PCI Security Standards Council, or PCI SSC defines twelve (12) general requirements for PCI compliance, enforced by credit card companies:
- Install and maintain a firewall
- Do not use default passwords
- Protect stored cardholder data
- Encrypt data transmission
- Maintain and update anti-virus and malware protection
- Create secure systems and applications
- Restrict access to cardholder data by business need to know
- Authenticate system access
- Restrict physical access to cardholder data
- Track and monitor network access
- Test security systems regularly
- Include information security in company policy
The greatest chargeback risk for ecommerce vendors is in managing Card-Not-Present (CNP) payments. Experts predict losses of up to $7.2 billion over the next two years.
To counter ecommerce fraud risks related to CNP. Start with Card Verification Value 2 Authentication (CVV2), where the customer inputs their card’s three-digit security code to confirm the presence of a physical card.
In addition, activate the Address Verification Service for purchases, to cross-reference billing address against card-issuer databases. You may then review flagged transactions and decide to decline, accept, or further authenticate them, as with phone verification.
Additionally, there are fraud prevention tools that can scan transaction histories to identify possible fraud. Using your own data, you can keep a record of customers who have disputed orders in the past. Rather than blocking these customers completely, you may choose to require signatures on all of their deliveries.
With the latest risk management methods in place, you’ll have a good end-to-end strategy that minimizes friction for the consumer. Tie in biometric authentication when it becomes mainstream for ecommerce websites, and you’ll further reduce friction while improving security.
Don’t Fear Fraud…Fight Back
Everyone in ecommerce knows risk is just a part of the internet selling game. However, you can minimize that risk, while also minimizing the time and resources required to resolve disputes with the right payment processing company in place.
Use these strategies to reduce ecommerce fraud risks, and you’ll no longer be the primary target for criminals looking for easy targets.