Online fraud is the curse of any ecommerce operation and it seems the scammers will try anything to rip you off, from supplying someone else’s credit card details to claiming refunds on allegedly incomplete deliveries
It’s easy to prevent online fraud. Just don’t ship any orders. This somewhat silly statement perfectly illustrates the problem.
The challenge is not simply to reject suspicious orders, it’s to find the right line between online fraud prevention and losing good business.
Online fraud does not affect all ecommerce websites. The incidence varies greatly between different categories.
With known-buyer fraud, the buyer tells lies about the product they received in order to get free goods by demanding a full or partial refund. With straight fraud, you are dealing with an unknown person who is using stolen card details.
The big change in the past few years has been that banks have started to take online fraud seriously. There are now a range of services such as address verification service (AVS), CV2 (the code on the back of the card) and 3D Secure (also known as Verified by Visa and MasterCard SecureCode).
Banks have also introduced the payment card industry data security standard (PCI DSS) which tries to make it more difficult for scammers to acquire big treasure troves of card details.
Alongside this we have seen the rise of anti-fraud services like DataCash, which checks more than a billion online payments a year and claims to prevent £1m of attempted fraud a day.
The approach adopted by a merchant really needs to combine the technical weapons in the armoury with some sensible internal policies.
With a policy-based approach, you should be defining what to do when suspected online fraud is flagged by technical indicators or orders over a certain value.
Contacting the buyer by phone or email can be very effective, as can asking for details of 'the order'. If the fraudster has placed several orders, they won’t recall a particular one very easily — and they don’t want to talk to the merchant anyway.
A second line of defence can be adopted if you are is still uncertain whether an order is genuine. Simply ask for payment by an alternative means, such as cheque or even a different card, which would need to have the same billing address.
In order to implement these checks, you need a payment service provider that supports them. So make sure that your payment provider supports 3D Secure, AVS, CV2, preferably one of the independent fraud checking services and of course is PCI DSS compliant.
When you have these services up and running, mention them on your website as they boost trust and may discourage online fraudsters from chancing their luck.
It’s a fact that you can gain a competitive advantage by controlling online fraud. When we are all struggling to increase sales by small margins, getting the fraud percentage down while rejecting few good orders can provide a small but genuine edge.