opinion

How to Thwart Attacks, Fraud in Payment Processing

How to Thwart Attacks, Fraud in Payment Processing

If personal fitness was among your New Year’s resolutions, great! Fitness is essential for your overall health and well-being — and the same can be said about ensuring the “fitness” of your business. To keep your business fit in terms of its overall financial health and well-being, it’s critical to have an effective strategy in place for dealing with fraud.

While it is only February now, I can confirm what all the pundits, analysts, doomsayers and I were prophesying at the end of 2021 with regards to ecommerce fraud, as there is no question that there was a record amount of attempted and successful ecommerce fraud this past holiday season. You may have noticed that I included “attempted” fraud; that is because, as expected, merchants who have enrolled in protective services from payment processors were not as dramatically affected. As I mentioned during the billing panel at XBIZ 2022 in Los Angeles, our Order Insight and Rapid Dispute Resolution capabilities have proven invaluable in preventing fraudulent purchases and disputes.

Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or user account can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks.

Since the COVID pandemic took off in March 2020, card testing has increased in popularity amongst the steal-from-home fraudsters. Card testing is done by cybercriminals to test the validity of credit card information they obtain. While the purchase may not go through, your business is going to be charged a transaction fee, say $0.20 for example. While that may not make or break you, when you have a criminal deploying a bot on your payment page that can test thousands of card numbers in an hour, those $0.20 transaction fees can add up quickly.

The thing about card testing is that virtually every ecommerce merchant that accepts credit cards is a potential victim of card testing; that being said, it is one of the easiest and least expensive means of ecommerce fraud to combat. The act of adding CAPTCHA to your checkout page will significantly reduce card testing attempts as scripts and bots can have a problem getting around it. There is no need to make it a difficult CAPTCHA as you are only trying to thwart robots, not frustrate your buyers. Any decent shopping cart will provide a CAPTCHA option.

A few other free tools are likely already available to you through your gateway provider. Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or username can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks. For example, suppose you run a membership site and offer a seven-day trial that converts into a 30-day membership. In that case, there’s no reason a single user, or more importantly, a single IP address, would need to attempt multiple transactions, since they would gain access with a single transaction. Allowing for normal declines, you could even up that number to six attempts every 30 days and still spare yourself having to worry about card testing.

Since it is the beginning of the year, how about setting up a best practices schedule for your ecommerce security? For example, set up a regular schedule for changing passwords for your individual employees as well as your ecommerce gateway. If you check out the December 2021 issue of XBIZ World, I go into greater detail on methods of fighting ecommerce fraud.

To those of you that I got to see at the shows last month, it was good to reconnect. Whether you are an existing, new or potential client, I enjoyed the opportunity to have a drink, chat, get reacquainted and get up to speed with the latest developments in our businesses. I hope you find some value in my suggestions, and may 2022 be off to an excellent start for you.

Jonathan Corona has nearly two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.

Related:  

Copyright © 2023 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA: Sana Gaziani

Sana Gaziani has always been industrious. She worked in retail for over 20 years, first as a teenager selling chocolates door-to-door and then in multiple part-time jobs at grocery stores. She worked at cosmetics company Lush to put herself through college, where she studied to become a law clerk.

Women In Adult ·
opinion

Ensuring Subscription Billing Is a Win-Win for Businesses, Customers

Subscription billing is one of the fundamental cornerstones of our industry. Marketing practices and processing technologies have evolved, but the basic concept has remained unchanged.

Jonathan Corona ·
opinion

The Importance of a Modern Tech Stack

You’ve built your website or platform. It is a fantastic piece of software, it works — and even better, your customers love it. You’re done developing, so now you can fire all your developers and not renew your contractor agreements. Right?

Brad Mitchell ·
opinion

Unpacking Mastercard's Enhanced Communication Path

Sharing information is important between card associations and service providers like payment facilitators and independent payment operators. In those relationships, information typically flows from the card brands to the acquirers, and then to service providers.

Cathy Beardsley ·
trends

Piracy Battlefront: Content Protection Watchdogs on Evolving Threats, Solutions

Thanks to the creator economy, the rise of indie paysites and a cross-pollinating ecosystem of affiliates, studios and multibrand behemoths flooding the internet with billions of photos, videos and text messages, there has never been such a treasure trove of adult content online. But where there is treasure, there are pirates.

Alejandro Freixes ·
opinion

A Steady Pace & Realistic Goals Are Vital for Empire Building

I’ve seen countless websites and businesses fail to launch because the project exceeded the budget for development, and nothing was left for marketing or building a team. The dreaded cash crash.

Juicy Jay ·
opinion

Unveiling the Future With Mastercard's New AI Rules

As technology advances at an unprecedented pace, the role of artificial intelligence (AI) in driving innovation across industries has become crucial. The financial services sector, in particular, has recognized the potential of AI to improve efficiency, accuracy and customer experience.

Jonathan Corona ·
opinion

Eyes on the Site: Strategies for 24/7 Website Monitoring

Back in the 1990s, there were all sorts of companies that would scan your website and let you know if and when it ever went down. Ah, the memories. Site monitoring has since advanced far beyond those humble beginnings. Today, most websites are more complex, and checking whether one is online or not is not as simple as it used to be.

Brad Mitchell ·
opinion

Understanding Visa's New Pricing and High-Risk Tiers

In April, Visa announced that it was rebranding its Global Brand Protection Program as the Visa Integrity Risk Program (VIRP). The program is designed to strengthen the integrity and security of the Visa payment system.

Cathy Beardsley ·
profile

WIA Profile: Caroline Karolinko

When Caroline Karolinko joined Segpay in 2018, she did not know a lot about the adult industry. After graduating from the University of Florida with a master’s degree in speech-language pathology, she worked with autistic youth and others with behavioral disorders.

Women In Adult ·
Show More