Did you know that eCommerce businesses worldwide lost $20 billion due to fraud in 2021? It's no secret that fraudsters are becoming more inventive with their schemes. At the same time, high volumes of fraud may result in both losses of revenue and reputation. Although, some verticals or regions may be more prone to fraudulent activity, no business is fully free from risk. Therefore, all merchants should have measures in place to safeguard their business against potential breaches.
In this article, we give you insight into the best practices for preventing fraud to help protect your business and customers and mitigate threats proactively.
Fraud prevention solutions
It's best to tackle fraud in its tracks and pre-emptively rather than after it happens. There are several tactics designed to detect and deter fraud, including the daily monitoring of traffic from certain territories and checking declined transactions. The most efficient way to minimise the risk of fraud is to work with a payment service provider that's equipped with a suite of fraud detecting tools. It makes sense that the company or financial institution that is processing your payments is also monitoring and actively working to identify fraudulent behaviour.
Watch our video and find out what you should ask your payment service provider about risk management to effectively prevent fraud.
Analyse fraud data to set better rules
Fraud rules are all about striking the right balance between reducing your chances of fraud and still having generous volumes of traffic coming through. It can be tempting to limit traffic for the sake of fraud prevention. However, by having a trusted payment partner onboard, you should be able to come to a viable agreement.
The rules you create for your risk engine should be specific to your industry and region. For example, a gambling operator should be aware that there will be a large number of mobile transactions or payments placed via digital wallets. Furthermore, your rules should derive from an in-depth analysis of existing fraud data, allowing you to map fraud patterns and work to prevent them.
When setting risk rules, it can be valuable to factor in geo-location and Address Verification Service, Internet Protocol (IP) address and whether 3D Secure 2 (or else, 3DS 2) was applied.
Apply geo-location and Address Verification Service
An Address Verification Service (otherwise referred to as AVS) is a widely used tool for card not present transactions. It's a method to verify the validity of a customer's payment details, and more specifically their billing address, at online checkout. As a result, merchants are better placed to detect illicit transactions. The AVS will send a request at the payment gateway asking for user verification from the records of their issuer.
If the billing information submitted by the cardholder partially matches or doesn't match it at all, the transaction should go through additional risk checks. Customers on the receiving end of the AVS decline might see a reserved and pending sum in their bank account. However, this will be cleared with their bank without being charged for any transactions that have been declined.
Leverage 3D Secure 2 (3DS 2)
For merchants with customers located in the EEA, 3D Secure 2 (3DS 2) — a security standard that meets PSD2's Strong Authentication (SCA) requirements for card transactions — is vital. Authenticating a customer's identity through 3DS 2 offers a layer of protection against fraudulent payments and, quite often, chargebacks. It also allows merchants to provide a frictionless checkout experience to their customers. Precisely, the protocol requires the user to input a combination of two of the following elements:
- Something they know – this factor may encompass PINs, passwords, personal information or a security question.
- Something they own – this may include a credit or debit card, a mobile or wearable device.
- Something they are – this can be proven by biometric data like facial recognition or a fingerprint.
Your payment service provider should work closely with you to define the transactions that should undergo 3DS2 authentication.
Applying device ID verification
In the era of online shopping, where the customer is not present during the transaction, it can be challenging to confirm whether they are who they claim to be. Therefore, it's crucial for certain verticals, such as gambling, to have tools that compare several factors and verify the identity of the cardholder, including the connections between anonymised personal information, devices and locations. Additionally, these tools will analyse whether the device being used has been compromised or previously associated with fraud.
Assigning a risk score to transactions
By assigning every transaction a risk score, which ranges from 1 being the lowest to 100 being the highest, merchants can make it harder for fraud to go unnoticed. Depending on the allocated score and the likelihood of fraudulent transactions, merchants can consult their payment partner to determine whether to accept, decline or review transactions. The process will be based on several risk factors and fraud patterns, such as:
- BIN Match – The billing address of the cardholder is expected to be in the same country as their card issuer.
- Geolocation detection – Fraudsters may use anonymous proxies to bypass geolocation filters, which might flag transactions as fraudulent.
- High-risk countries – Higher risk scores may be generated when the billing or IP address of the transaction is from geographies that are related to high rates of fraud.
Chargeback management
The possibility of chargebacks should be front of mind when you map out your fraud and risk management strategy. Specifically, there should be processes to prevent fraudulent chargebacks and an action plan to defend them. Your payment service provider should be able to support you with successfully improving your dispute rates. (You can find all you need to know about chargebacks here).
A useful tool for reducing chargebacks is Visa's Rapid Dispute Resolution (or Visa RDR for short) for card issuers, which is a product update of its original Chargeback Dispute Resolution. The service aims to minimise disputes by transforming the standard chargeback messages into RDR messages and removing them from the established dispute flow, which can support merchants with better managing and monitoring chargebacks (Read more about Visa RDR here).
Managing risk is a crucial process in mapping the risk level of new projects and/or everyday business operations. In the following section, we will unpack the concept of risk management and the benefits related to it.
Understanding payment risk management
In payments, risk is not only associated with fraud but can be connected with financial loss as a result of technical issues or human error. As a result, risk assessment becomes even more important, as it can reduce the potential of revenue loss from the areas mentioned above.
Risk management process
Creating a risk management flow is an efficient and consistent way of dealing with potential threats. The first step is to set rules that identify risk, then analyse the impact it could have on your business and develop an action plan to tackle it based on your findings.
You should work with your payment service provider to finetune your risk management process and be prepared for all fraud eventualities. An experienced Risk Analyst should be able to advise you on the best risk management practices that are applicable for your business. Such practices should act proactively to protect your account from financial exposures, providing velocity checks, transaction counts and amount thresholds.
Segmenting risk management processes into distinct categories, such as credit, transaction and payment flow can be instrumental in mapping risk on a granular level. This is because each one of these categories has its own specific processes and rules regarding risk management and compliance. Essentially, the segmentation of the risk management process avoids areas of your payments performance from being overlooked.
Benefits of risk management
The benefits of risk management are multiple. Not only will you be safeguarding your profit margins, but you will also gain a greater understanding of your business' strengths and weaknesses.
Risk analysis will help you identify any points of weakness that can be addressed before becoming a liability for your business. Furthermore, it enables a consistent and active response to risk to be implemented across the board, giving your business a clear action plan while eliminating grey areas. Risk management is of utmost importance for a business, as it cangive your customers’ peace of mind that their funds and financial data are being handled securely.
How emerchantpay can help
Without real-time monitoring that will assist your risk management, fraud can slip under the radar or transaction processing can be stalled. At emerchantpay, we constantly maximise the value of our data in order to prevent fraud and improve your payments’ performance. Thanks to our sophisticated fraud prevention tools, our merchants can be sure that their payments are processed with the highest level of security. Our historical transaction records of over ten years and expert insights have allowed us to build a rule-based risk engine that enhances the tracking of your incoming traffic and flags suspicious behaviour.
We are committed to safeguarding your business against fraud, so you can, in turn, optimise your payment flow and protect your customers.
If you’d like to hear more about how emerchantpay can protect your business against fraud, reach out to a member of the team today.