By Sarah Zilenovski, ClearSale
The e-Commerce industry is battling a huge wave of card-not-present fraud, and small businesses are particularly at risk. In Q2 2016, more than 450 million botnet fraud attempts were made against e-Commerce merchants worldwide, seeking out vulnerable places to steal merchandise and validate stolen payment data. Because many small businesses have no fraud protection, professional fraudsters view them as easy targets. To survive, small e-Commerce business owners must know the scope of the problem, the risks, and the best ways to fight back.
How E-Commerce Fraud Got So Bad So Fast
There are several reasons e-Commerce fraud has exploded. First, the U.S.’ transition to chip-and-PIN cards at store checkout terminals made it harder for thieves to use fake cards in stores, so they’ve pivoted to new targets. Huge data breaches around the world have yielded more stolen card numbers than ever before. To work out the expiration dates and security code numbers for those stolen card numbers, criminals now use botnets to test many cards quickly in online stores with poor anti-fraud protection.
Advertisement
Meanwhile, more small businesses than ever are selling online, often with little to no knowledge of the fraud threats they face. A 2016 MasterCard survey found that 60% of U.S. small businesses don’t use any online fraud prevention tools at all. That makes small online shops ideal places for fraudsters to test their stolen info by attempting purchases, either by hand or using bots.
How Fraud Kills Small E-Commerce Businesses
Small businesses face disproportionately high risks when it comes to online fraud. Because small businesses have less revenue and cash reserves than major retailers, the effects of even a few successful frauds can be devastating.
E-Commerce businesses lose revenue on each fraudulent order, of course, and if they fulfill the order before the fraud is discovered, they lose the value of the goods shipped and the cost of shipping. The damage doesn’t stop there. “Friendly fraud” orders (in which customers lie about not receiving their purchase), and purchases made with stolen card data, often get charged back through the credit card companies, and the retailer pays a bank fee for each chargeback – up to $100 per transaction. Each chargeback factors into the retailer’s chargeback ratio, which measures chargebacks against total transactions. Merchant banks use the chargeback ratio to evaluate the shop’s risk level and set the shop’s transaction processing rates. The higher the ratio, the higher the risk and the costs. Meanwhile, if the shop earns a reputation as easy to defraud, more criminals and botnets will target it, pushing the chargeback ratio and losses higher.
If the chargeback ratio reaches a certain threshold, the retailer can lose its merchant account, sometimes with little notice. With the account closed, the business owner’s name is put on the MATCH list, the MasterCard Alert to Control High-Risk Merchants. For the next five years, the MATCH listing means that only high-risk specialty processors will handle their accounts — at correspondingly high rates. For some businesses, this cascade of fraud consequences can lead to a total shutdown.
Guard Your Business From Bots And Other Fraud
E-Commerce business owners must understand that fraud attempts are a virtual certainty. Fraudsters are methodical in their approach to acquiring, testing and using stolen or fraudulent account information, and they seek to exploit every possible weakness. That said, there are steps all online merchants can take to protect their businesses.
Watch for card testing. Set limits on the number of times a customer can attempt to enter correct payment information, especially card expiration date and CVV, to prevent guessing. This can thwart fraudsters and bots working through lists of stolen card numbers.
Prepare for spikes in fraud attempts during peak shopping seasons such as the winter holidays. Fraudsters count on merchants to be too busy to screen orders carefully at these times.
Keep detailed transaction records. Accurate records of online transactions can protect merchants against friendly fraud. Delivery tracking, customer signature, customer contact information and records of contacts with customer service about the order can provide evidence of product receipt.
Follow fraud news. The methods fraudsters use are always changing as criminals swap information online and try to stay a step ahead of fraud detection experts and law enforcement agencies.
Lastly, get help if you need it. Professional services can help small businesses mitigate their fraud risk by using tools such as information sharing among clients and partners, machine learning to spot trends quickly, and human intelligence to sort out fraud from valid orders.
Sarah Zilenovski serves as Marketing Manager at ClearSale, where she is part of the founding team of the ClearSale US branch. Follow on twitter @ClearSaleUS.