Security

EXPERT ADVICE

Fortifying Your E-Tail Operation Against ‘Friendly Fraud’

Fraud prevention, in its many layers and forms, is one of the most important services that can be provided to e-merchants. With each passing year, fraudsters become more experienced and new forms of fraud are developed.

What is different in recent years is that we have been dealing with an economic recession. As a result, there has been an increase in the amount of “friendly fraud,” with people making online purchases legitimately and then making chargebacks when they realize they don’t have the money to pay.

“Chargeback” is one of the words online merchants despise the most, as it means not only the loss of their product or service, but also the risk of heavy fines, account closures, and even blacklisting.

As banks may be less strict with chargeback initiation throughout this challenging economic period, this fraud has been a big challenge for merchants in 2009, and will continue throughout 2010.

One Step Ahead

For many online merchants, there has also recently been a decrease in the amount of volume and an increase in the amount of fraud, which means chargeback ratios will rise drastically and will therefore have a greater risk of being closed by the bank. With fraudsters, it is a cause- and-effect relationship: First, they develop the fraud method. Then fraud-prevention tools follow — the fraudsters are always one step ahead of everyone else.

They have also infiltrated the affiliate world. Some affiliates are concerned only with their commissions, so they often don’t care to differentiate between fraud and solid sales. Affiliate fraud has merchants drowning in chargebacks and paying commission to someone who has not brought business.

Also, fraudsters can register as affiliates and send 100 percent fraud to merchants. Since affiliates can design their own nicknames, fraudsters can come back again and again with different names.

Fraud prevention differs from fraud detection, as recognizing fraud is not enough — it needs to be stopped. The merchant’s payment provider should investigate all efforts to “fight back” the charged amount from the acquiring bank. Once the fraud has been detected, proper features can be implemented by the payment provider to prevent future fraudulent activity.

Managing Risk

Using a sophisticated IPSP (Internet payment service provider) that offers fraud-protection features specific to each industry in which an e-merchant works will definitely help reduce the amount of fraud. A few examples of such features are rule engines and behavioral purchasing patterns — that is, knowing how to identify fraud patterns.

Also, tracking the patterns of customers on the Web site and knowing how to track suspicious or irregular end-users who may be fraudsters in disguise will help a merchant get the best fraud protection.

Every service provider provides risk support, but the best ones offer a combination of a sophisticated system and support team. A common approach of fraud protection in any online industry is to block all suspicious transactions through an automated system.

Instead, a risk support team should always communicate with the merchant online about a particular suspicious transaction. That way, the decision to approve or block a suspicious transaction is made by both parties working together in an educated manner.

Maximum fraud prevention means having to be equipped with the detection and screening tools to ensure maximum protection with minimum rejection rate. A trained risk manager with a wide array of experience should also be dedicated to your account, as professional human judgment should always be intertwined with even the most superior technological system.

The combination of the two ensures that all transactions that will lead to profit are approved and those that will lead to fraud, loss, and fines should be recognized and declined.

The old and outdated “scrubbing” system does not work — too many potential valid sales are lost and approval ratios suffer. Only the combination of superior technology and the proficient risk team can bring the kind of success that ensures maximum conversion rates with minimal fraud.

PCI Protection

As technology advances, so does the level of sophistication of online fraudsters. As such, the rules and regulations of the credit card companies must become stricter in order to protect e-merchants and their clients from fraud, theft, and hacking. Therefore, all online merchants should be compliant with the Payment Card Industry Data Security Standards (PCI DSS).

PCI security standards are operational requirements set by the Payment Card Industry Security Standards Council in order to protect card holder data. The standards govern all merchants and organizations that store, process or transmit this data.

Any company that wants to have the most secure card storage should be PCI-certified. If one does not want to be PCI certified, however, then it is possible to utilize a payment provider’s credit card storage. This protects merchants by storing the database of customer card information with the PCI-certified processor, which has ultimate security and no risk of hackers aiming to use and abuse personal data. This not only relieves the merchant of the burden of storing classified information but also protects its core business.


Samuel Kaufman is the head of risk management for SafeCharge.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels