How Better Credit Card Fraud Detection Protects Everyone
Card fraud doesn’t just cost businesses money. It also damages retailers' relationships with customers and, in some cases, disrupts customers’ lives. And fraud is on the rise, especially against online sellers. That's because the conveniences of the digital age have also created new ways for criminals to steal card data – by tricking consumers into sharing account information, by abusing online checkout tools, and by hacking retailer data or buying stolen card numbers. To thwart fraudsters, everyone has a role to play, from individual consumers to businesses of all sizes.
How consumers can protect their data
More than 15 million Americans fell victim to card and identity fraud in 2016, according to Javelin Research. That's a 16 percent increase over 2015, and the numbers are expected to keep climbing. Modern fraud goes beyond thieves using stolen credit card numbers to make online purchases for resale, although that's an increasingly common crime.
Fraudsters also use bots to “test” stolen card numbers to match them with card security codes and billing zip codes, and they use password-cracking tools to break into and take over consumer's accounts at online retailers. Thieves sometimes resort to old-school tactics like stealing mail to get consumer data, too. Once fraudsters have a consumer's card data, name, and address, they can use that identity to create entirely new accounts and rack up charges that the victim may not learn about until days, weeks, or even months later. Even if it turns out to be the merchants' responsibility if purchases were made with your stolen credit card and identity, sorting the mess out takes time and energy.
To protect yourself, add a few modern safety measures to the traditional safeguards of regularly checking your account statements and credit reports for suspicious activity.
Use strong, unique passwords for all your accounts. The most convenient way to do this is to use a password generation and storage service like LastPass. Using the same password for multiple accounts and using weak passwords puts you at risk for password cracking and account takeovers. Protect your most important accounts with two-factor authentication if it's an option.
Be careful about social networking. Share your personal data only with people you know and trust. Thieves can and do collect information on social media users' hometowns, children's and pets' names, and hobbies to guess passwords and security questions for account takeover.
Go paperless or get a post office box. This prevents thieves from swiping bills, card statements, and other personal data from your mailbox.
Use caution when sharing payment information. Always look for the security icon in the web address of merchants you shop with so your data is protected. Download shopping apps directly from the retailers' websites, the App Store, or the Google Play Store. Never follow email links that ask for your password or account information. Likewise, don't give your card number to a stranger who calls you. Reputable merchants who call to verify an online purchase will have other ways to confirm your identity.
Don't avoid the Internet. Ironically, the Javelin study found that consumers who stay offline for fear of fraud suffered the highest losses of any group in the survey and took an average of 40 days to realize they'd been scammed. Use digital tools to keep tabs your card activity, bank balances, and logins.
How businesses can guard against fraud and data theft
E-commerce and omnichannel retailers of all sizes can get hit by fraud in two main ways: transaction fraud and theft of customer data.
Protecting your internal data thoroughly is a job for a skilled IT security professional, team, or service, but you can start by making sure your business doesn't store customer payment data. Your employees and vendors should only have access to as much customer data as they need and only for as long as they need it. And your business operating system and application software should always be up to date to prevent break-ins through known security gaps.
Reliable credit card fraud detection is paramount because card not present (CNP) fraud rose 40 percent in the US in 2016. In addition to purchases made with stolen cards and falsely charged-back purchases, small merchants are often hit with card-testing fraud if their checkout process lets thieves try over and over to get card verification values and billing zip codes right. To prevent testing, limit the number of tries a customer can make to enter payment data.
Account takeover and false account creation present other risks. Among other safeguards, your fraud prevention system should flag customer behavior that's suddenly radically different from the past. Screen and carefully monitor new accounts, too, especially if the first purchase meets certain fraud-risk criteria such as a high dollar value, coveted brand name, and express shipping.
Because CNP fraud is increasing, constantly evolving, and often automated by criminal botnets, merchants of all sizes may find that the most time-efficient and cost-effective solution is to outsource fraud protection. A good service will screen transactions using digital and human intelligence, contact customers directly if there are questions about a transaction, and protect the merchant against the cost of charged-back transactions. This set of services protects the merchant from fraud and their customers from account takeover losses, while also making sure that legitimate customers can make the purchases they want – which is the ultimate goal of digital commerce.
About the Author
Rafael Lourenco is the VP of US Operations at ClearSale, a Card-Not-Present fraud prevention operation that protects e-commerce merchants against chargebacks. The company’s flagship product, Total Guaranteed Protection, is an end-to-end outsourced fraud detection solution for online retailers. Follow on twitter at @ClearSaleUS or visit http://clear.sale/
Edited by Alicia Young