Does your business have a fraud management program in place? The popularity of card payments and online shopping has made it easier for people to commit fraud—the action of deceiving others for unlawful gain. In e-commerce, fraudulent activity can have a negative effect on revenue if your company isn’t prepared.
According to the Association of Certified Fraud Examiners, around 42% of private companies and small businesses lose money to fraudulent activities, at an average of 5% of their annual revenues. Whether your business is large or small, it’s essential to learn about the sources of potential fraud and implement fraud management technologies that can prevent these transactions from going through without compromising the customer experience.
Understanding the Types of Fraud
There are several different types of fraudulent transactions of which business owners need to be aware to develop a fraud risk management strategy. Each business owner will need to decide the level of risk that they are willing to accept from external sources and work with their merchant services provider to prevent (and detect) fraudulent behavior while letting authentic payments through.
Payment fraud usually occurs when a customer’s card information is stolen and used to make unauthorised transactions. There are five primary kinds of payment fraud:
Identity theft happens when an individual steals someone else’s card, login details, bank and identity information and makes purchases as if they were that person. In Europe, around 1% of the population has experienced online identity theft and 3% has experienced credit card fraud. The theft of login details for unlawful gain is also known as account takeover fraud.
Friendly fraud describes the actions of genuine customers who deny they ever received the goods and initiate a chargeback. The benefit to the customer is that they use the goods without paying for them. The chargeback transaction, however, raises the brand’s chargeback percentage and causes a financial loss.
Family fraud occurs when a cardholder’s relative uses their card to make unauthorised transactions. This is sometimes caused by a simple lack of communication between family members about a transaction and at other times is an intentional act of vengeance when a relationship has broken down.
Clean fraud is the hardest to block because the purchases appear to be legitimate transactions. This kind of fraud occurs when individuals steal card details by intercepting messages between parties, convincing customers to make a purchase on a fake website or buying the details from a third party. This can also happen within a company if card details are accessible to employees.
This is a three-stage kind of fraud that hurts legitimate businesses and customers:
- The perpetrator creates a fake or imitation website.
- They entice customers to make purchases on the site (these purchases never arrive).
- They use the card information collected to make other unauthorised purchases.
With all of these common fraud attacks, the damage comes to businesses when the legitimate cardholders realise their details have been stolen and perform a chargeback through the issuing bank. The company not only has to cover the cost of the chargeback (while losing any products that were shipped), but they also lose:
- Time spent investigating the case
- Brand image and trust if their brand was impersonated
- Good standing with their acquiring bank if the number of chargebacks passes the maximum threshold
Fraud Management Essentials
Follow PCI Compliance Standards
Employee fraud is only possible if employees have access to customers’ credit card information. The best prevention method for this type of fraud is following payment card industry security standards, in particular requirements 7-9 about implementing strong access control measures:
- Restrict access to cardholder data
- Assign a unique ID to each person with access to your network or ecommerce platform
- Restrict physical access to cardholder data
If you use a third-party payment gateway, your provider will handle your customer’s card details for you so that they are never stored on your website or computer network. This reduces the risk of internal fraud.
Create Effective In-House Policies
If your employees do handle sensitive information, make it clear from the start that there are legal implications for compromising a customer’s data. It is also important to have a whistleblower policy that encourages staff members to report any breaches or suspect transactions.
Before onboarding new employees, particularly in senior management, conduct thorough criminal background checks and speak with their past employers.
Require Strong Customer Authentication
Several of the most common types of fraud—family fraud, account takeover, and even clean fraud—can be reduced by creating robust customer onboarding processes with multi-factor authentication. This could be address matching or a one-time code that’s sent to the customer’s mobile phone.
You can also ask to speak with the cardholder if the shipping and cardholder names don’t match to reduce the risk of fraud. Suspicious access requests and other suspicious behavior can be flagged and real-time alerts sent to your team.
Intercept Requests for Refunds
Chargebacks from friendly fraud are best prevented by stopping chargeback requests in their tracks before the financial institutions have completed the transaction—look for this feature in the services provided by your merchant account.
Legitimate chargebacks can be prevented or reduced by shipping every order carefully and making returns as easy as possible.
Rules-Based Technology and Machine Learning
Up until the past few years, fraud management tools were rule-based: Cybersecurity firms would provide recommended fraud rules based on analytics on user behaviour. The software would then be programmed to follow these rules and block any transactions that presented anomalies.
Today, machine learning is being used to produce more accurate anomaly detection mechanisms that don’t block authentic transactions. These fraud monitoring programs rely on advanced techniques and can be updated quickly and easily as fraud trends change.
The Takeaway on Fraud Management & Fraud Strategy
Fraud losses are inevitable, but you can keep them to a minimum. Preventing loss from fraud takes an integrated fraud management approach that is able to respond to wrongful requests without creating too many false positives.
While it’s an ongoing cost and process for merchants, effective fraud management is a necessity that no business can afford to be without.