December 14, 2016
Once again the holiday season is drawing close and consumers are gearing up to spend big. Similarly, online criminals love the holidays just as much as any of us. With the increase in online transactions, they can more easily hide their fraudulent activities. In fact, online retailers are spending more than seven percent of their total annual revenue combatting fraud. The silver lining for online retailers is that holiday spend in 2016 is predicted to be at an all-time high – taking a 10% chunk of the total holiday season sales, with the total online sales to reach $94.71 billion.
The rise in the use of chip-and-PIN card technology has made it much harder for credit card fraud to take place in brick-and-mortar stores. The fraudsters, pesky thieves that they are, have moved on to digital payments. As a result, card not present fraud has jumped 25 per cent this year and projections are for an increase of 80 per cent on top of that by 2020. What can online retailers do to protect themselves?
Let’s examine a few solutions to tackle financial fraud for large online retailers.
Instead of keeping valuable credit card data intact, convert the data to a format that is useless outside of a specific transaction and retailer. The process of tokenization allows retailers to offload securing the card information to a service provider and they can process the transaction using the token. If they are later hacked, the hackers won’t gain access to any useful or sensitive data.
The beauty of this technique is that it is PCI (Payment Card Industry) compliant and works with existing POS systems; replacing the actual 16-digit credit card number with a 16-digit token (where only the last 4 numbers are accurate) allows processing as usual, driving down compliance costs and strengthening fraud protection.
When it comes to dealing with fraud, online retailers are in a tough spot as they are liable for fraud charges if they’ve unwittingly enabled fraudsters to money launder or commit fraud on their site. ID verification is crucial in establishing a strong layer of protection for merchants in preventing potential losses such as uncollected payments and chargeback fees for fraudulent payments.
A technique to decrease digital payment fraud is to verify the PII (Personally Identifiable Information) of the buyer. For example, a retailer can check the full name, address, and date of birth against records from credit bureaus, government, utility files, telecommunications and other reliable data sources. By checking against the records, a positive ID verification can keep legitimate customers happy, while shutting out fraudsters.
Before shipping a high-value item to customers, e-commerce sites and online retailers should consider a bank-grade tool that verifies identities and addresses. This will offer customers a better shopping experience because delivery is completed quickly and businesses can avoid the unexpected return of a package due to an incorrect address. Incorrect addresses entered at the shipping stage can result in misdirected packages that increase consumer frustration and added costs for online retailers.
Traditional fraud prevention methods can sometimes be too aggressive and result in legitimate customers having their purchases declined. When this happens, the incident is called a false positive. When too many false positives occur, customers may switch to another payment option or abandon their cart altogether out of frustration.
For further protection, analyzing additional data points from independent sources makes it even harder for a fraudster to fake a match. With a modern ID verification service, the process takes one to three seconds and the verification rule set is under total control of the fraud and risk analyst at the e-commerce site or online retailer.
For major retailers, end-to-end encryption is an option. As PCI standards do not allow the storing of credit card information after a transaction, converting that data via algorithm protects the data while still allowing authorized use. It’s expensive though, so not practical for small and mid-size companies.
Not all transactions, or the associated risk, are the same. Merchants can tune their e-commerce platforms to adjust for differences in customers, regions, industries and specific purchases. By assessing the likelihood of fraud, merchants can create different rule sets, workflows and procedures to smooth low-risk transactions and more carefully analyze high-risk ones.
The first step to creating a successful risk engine is by accurately onboarding new clients. Preventing fraudsters from entering the system in the first place nips a whole series of bad transactions in the bud.
While introducing a risk engine is a complex undertaking, online merchants can start reducing payments fraud by implementing an ID verification system that will identify and fix high-risk individuals to keep online shopping safe this holiday season.