A growing problem
As e-commerce continues to grow, criminals are increasingly targeting online retailers with fraudulent purchases. In addition to financial losses from chargebacks, the damage to online retailers also includes loss of consumer trust and negative impact on their brand.
Credit card fraud has risen significantly in recent years and now costs consumers and businesses hundreds of millions of dollars annually. Of the 3.2 million cases of fraud reported in 2019, identity theft was the most common, accounting for more than 20 percent, according to the US Federal Trade Commission.
Credit card fraud is the most common type of identity theft. It accounts for more than 271,000 reports from consumers whose information was stolen to gain access to an existing account—or open a new one. These fraudulent activities resulted in more than USD135 million in losses.
The high costs of credit card fraud
While credit card fraud is an increasing problem for consumers and card companies, it also negatively impacts retailers by leading to:
- Chargeback fees.
- Reputation damage and loss of consumer trust.
- Potential merchant account termination because of high chargeback rates.
Each dollar of fraud committed now costs the average retailer USD3.36, up from USD3.13 in 2019. While credit card fraud is on the rise for all retailers, the largest number of attacks are happening to medium and large organizations which have seen a nearly 50 percent increase since 2019.
Chargeback fees, a large portion of which are driven by “friendly” and “card not present” fraud, now cost between USD15 and USD100 per instance. These chargebacks cost online retailers USD40 billion per year, according to Chargebacks911.
Five kinds of credit card fraud being used to target online retailers
Regardless how criminals obtain account information, all credit card fraud ultimately impacts online retailers because that’s typically where purchases are made. The most common types of credit card fraud include:
Application fraud: This common method occurs when a criminal gains access to someone’s personal information and then opens a new credit card account in their name.
Card not present (CNP) fraud: This is especially concerning for online retailers. It happens when a criminal obtains an account number, expiration date, and verification code and then uses them to make fraudulent orders, usually over a website or via phone. This information is typically obtained via the dark web or by gaining physical access to a card.
Assumed identity fraud: This occurs when a fraudster uses a temporary address and false information to obtain a new credit card and then makes purchases with it before the card company, or consumer victim, catches on. While banks typically have systems in place to keep this from happening, some scams still fall through the cracks.
Account takeover (ATO) fraud: The most common type of credit card fraud. ATO attacks occur when a criminal gains access to and then takes over a consumer’s account. From there, the criminal impersonates the victim, changes the mailing address, and asks for a replacement card.
Friendly fraud: A growing problem for online retailers, this happens when a consumer purchases goods or services and then asks for a refund from the credit card company—typically while claiming they never made the order or received the item.
Why online retailers are vulnerable to credit card fraud
E-commerce grew more than 44 percent between Q2 2019 and Q2 2020, according to the US Census Bureau. Thanks to this rapid growth in e-commerce and CNP transactions, online retailers are increasingly vulnerable to credit card fraud.
While the adoption of smart cards has strengthened security for physical, in-store transactions, criminals are now targeting online retailers more often because they allow for CNP transactions.
Fraudulent CNP transactions can be difficult to detect in an online environment. Criminals can make purchases so quickly that most consumers won’t notice their account has been breached until they’ve incurred unauthorized charges on a fraudulent purchase.
In many cases, criminals will test card information on multiple retail sites, determine why it was declined, and then use process of elimination to track down any additional information they may need. They can also use virtual private networks (VPNs) to hide their location.
Online retailers are also vulnerable to friendly fraud. That’s because card networks like Mastercard and Visa have “zero-liability policies,” so consumers usually don’t have to pay when they’re victimized. As a result, criminals (or unscrupulous consumers) can make a purchase then dispute the charges, claiming they never received the item or didn’t place the order.
Credit card purchase protection
Savvy online retailers can reduce theft by implementing robust credit card purchase protection. Here are a few suggested strategies:
- If you’re still using an outdated legacy system, upgrade to POS and CRM systems to help reduce risks by closing security vulnerabilities.
- Ensure you’re in compliance with the Payment Card Industry Data Security Standard (PCI DSS). It lists several guidelines, including changing default passwords on all equipment, encrypting cardholder data, and establishing an active firewall between the internet and systems that store data. PCI DSS also calls for limiting physical access to credit card information and creating unique IDs for users who handle credit card data.
- Institute Card Verification Value (CVV), which checks the three- or four-digit security code printed on cards to ensure users are legitimate. Payment processing systems can automatically verify these numbers and confirm or reject the validity of a user.
- Adopt tools that watch for red flags like: different billing and delivery addresses, multiple orders to one person via different cards, multiple bulk orders paid using the same card, or a sudden increase in order volume.
- Consider other fraud protection platforms, like Address Verification Services (AVS), which confirm a cardholder’s billing address with the card issuer.
Invest in credit card fraud detection technology
Prevent and deter theft before it occurs by adopting a fraud prevention strategy that proactively monitors transaction activity in real time. Investing in credit card fraud management technology helps your online retail business mitigate risk, reduce the cost of fraud, and protect your brand’s reputation.
According to Experian’s 2020 Global Identity and Fraud Report, nearly 90 percent of customers say their perception of a business improves when the company makes investments to improve the customer experience—which includes security.
Several new technologies can help online retailers identify their vulnerabilities and mitigate the risks of credit card fraud. Many now use secured data storage and data encryption to ensure the information they gather is secure. Also, data enrichment tools can aggregate data points to monitor for suspicious transactions.