Security

Five tips for managing fraud in an online world

How small businesses can lean into fraud management as e-commerce spikes

May 19, 2020, 11:00 AM Eastern Time
working professional holding a tablet

The accelerated shift to digital commerce in recent months has brought along with it a dramatic spike in online fraud. In the first quarter, over a quarter of all transactions[1] around the globe were fraud attempts.                                                                                                                                           

Striking the right balance between accepting transactions – to grow your business and support your customers – and managing fraud risk is tricky. Small businesses worldwide now find themselves quickly having to adapt to support customers online – and a key part of the transformation is enabling the right ecommerce tools while maintaining a safe, secure experience. Savvy fraudsters are aware that some small businesses are inclined to relax fraud strategies as sales and fraud review teams may be under capacity. The weeks ahead will be critical as fraudsters attempt to exploit this window of opportunity, and small businesses should create a comprehensive fraud strategy now.

As you plan and execute your own strategies, below are a few tips on managing fraud:

  • Be Proactive About Dual Authentication: There has been a surge of multiple new accounts tied to the same underlying user profile opening at the same time. This creates an opportunity for origination fraud where an account looks legitimate after it remains dormant for some time. Once the account becomes legitimate in a merchant’s system, it then turns into the source of fraud. Ask customers to share a secondary email or mobile phone to help confirm account creation and purchases. In addition, consider reviewing the purchase history on the account.
  • Defend Against Card Testing: For fraudsters, card testing can be an effective method to verify stolen card credentials are valid – and small and medium businesses are often the target of card testing attacks. Sophisticated fraudsters now use computer-generated scripts to test thousands upon thousands of credentials at a time. Ensure your checkout and card addition pages (or any other pages where cards are validated) include technologies to detect and prevent automated scripts from submitting transactions. Some of these preventative technologies include firewalls for basic botnet detection and CAPTCHAs, a visual challenge designed to distinguish humans from automated scripts.
  • Monitor for Account Takeovers: Fraudsters will target card-on-file models and take over both newly created and dormant accounts on file to use for fraudulent orders. A few traits to look for include multiple recent shipping address changes or a rise in older, dormant accounts placing orders.
  • Check Shipping Details: Fraudsters have started to manipulate their shipping address on the checkout page or ship goods to unoccupied houses or new buildings allowing them to pick up packages that have been left outside. Be aware of details in the 2nd or 3rd lines of the shipping addresses that might be used to reroute packages, bypassing your risk strategies or velocity rules that only look at the first line of the address.
  • Enable Contactless Deliveries: Most delivery partners now support contactless deliveries to protect both their couriers and their customers, which can lead to ‘goods not received' disputes. If you deliver your own goods, take a photo for proof of delivery to help defend against goods not received claims.

Visa’s CyberSource and Authorize.Net solutions offer a number of tools to help small businesses pivot and thrive digitally during this time and beyond, recognizing the changing ways consumers are spending online. To help with the challenging task of digital transformation, Authorize.Net is waiving its gateway monthly fee for new merchants who sign up on the Authorize.Net website until August 1, 2020, which includes access to several digital payment and fraud tools.

CyberSource and Authorize.Net are hosting a video series “Fraud Trends under :10”helping payment protectors and fraud fixers get their fraud fix in under 10 minutes. Each week two episodes will debut on LinkedIn —starting Tuesday, May 19 at 10:00am PST with Episode 1 and Thursday, May 21 at 10:00am PST with Episode 2. Episodes 3 & 4 will air on Tuesday, May 26 and Thursday, May 28 at 10:00am PST.

It has never been more critical to make sure your business is operating safely and securely. For more information visit: https://www.authorize.net/.

[1] Arkose Labs Q2 2020 Fraud & Abuse Report

Cybersecurity

The Visa Blog Newsletter

Sign up for the latest news and views from Visa
Subscribe Now