If personal fitness was among your New Year’s resolutions, great! Fitness is essential for your overall health and well-being — and the same can be said about ensuring the “fitness” of your business. To keep your business fit in terms of its overall financial health and well-being, it’s critical to have an effective strategy in place for dealing with fraud.
While it is only February now, I can confirm what all the pundits, analysts, doomsayers and I were prophesying at the end of 2021 with regards to ecommerce fraud, as there is no question that there was a record amount of attempted and successful ecommerce fraud this past holiday season. You may have noticed that I included “attempted” fraud; that is because, as expected, merchants who have enrolled in protective services from payment processors were not as dramatically affected. As I mentioned during the billing panel at XBIZ 2022 in Los Angeles, our Order Insight and Rapid Dispute Resolution capabilities have proven invaluable in preventing fraudulent purchases and disputes.
Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or user account can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks.
Since the COVID pandemic took off in March 2020, card testing has increased in popularity amongst the steal-from-home fraudsters. Card testing is done by cybercriminals to test the validity of credit card information they obtain. While the purchase may not go through, your business is going to be charged a transaction fee, say $0.20 for example. While that may not make or break you, when you have a criminal deploying a bot on your payment page that can test thousands of card numbers in an hour, those $0.20 transaction fees can add up quickly.
The thing about card testing is that virtually every ecommerce merchant that accepts credit cards is a potential victim of card testing; that being said, it is one of the easiest and least expensive means of ecommerce fraud to combat. The act of adding CAPTCHA to your checkout page will significantly reduce card testing attempts as scripts and bots can have a problem getting around it. There is no need to make it a difficult CAPTCHA as you are only trying to thwart robots, not frustrate your buyers. Any decent shopping cart will provide a CAPTCHA option.
A few other free tools are likely already available to you through your gateway provider. Velocity controls, which are tools designed to limit the number of times a specific card account number, email address, IP address or username can attempt a sale during a user-specified time frame, can be very useful in thwarting attacks. For example, suppose you run a membership site and offer a seven-day trial that converts into a 30-day membership. In that case, there’s no reason a single user, or more importantly, a single IP address, would need to attempt multiple transactions, since they would gain access with a single transaction. Allowing for normal declines, you could even up that number to six attempts every 30 days and still spare yourself having to worry about card testing.
Since it is the beginning of the year, how about setting up a best practices schedule for your ecommerce security? For example, set up a regular schedule for changing passwords for your individual employees as well as your ecommerce gateway. If you check out the December 2021 issue of XBIZ World, I go into greater detail on methods of fighting ecommerce fraud.
To those of you that I got to see at the shows last month, it was good to reconnect. Whether you are an existing, new or potential client, I enjoyed the opportunity to have a drink, chat, get reacquainted and get up to speed with the latest developments in our businesses. I hope you find some value in my suggestions, and may 2022 be off to an excellent start for you.
Jonathan Corona has nearly two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.