23 December 2019
Fraud affects all businesses of all shapes and sizes. Often, fraudsters will target smaller businesses in the assumption that they may not be employing all the necessary payment security tools and systems. It's important to know what types of payment fraud are out there so you can protect your eCommerce business and customers.
Unfortunately, where's there's payments, there's fraud. As a small business, its important to know what types of fraud are out there and the steps you can take to protect your business - and your customers.
Online payment fraud is a real threat to Australian businesses of all sizes; it is any type of false or illegal transaction completed by a cybercriminal. Latest figures released by the Australian Payments Network, the payment industry self-regulatory body, shows the rate of online fraud increased in value by 2.4% in 2018 compared to the previous year. At $488 million, online fraud accounted for 84.9% of all card fraud in 2018.
Let's dive into the activities that drive payment fraud and the different ways you can start securing your business.
A QUICK OVERVIEW OF ONLINE PAYMENT FRAUD
It's important at this point to distinguish the difference between card-present and card-not-present transactions. Card-present makes general reference to payments during which the card is present, like instore. Card-not-present makes reference to transactions where the cardholder does not physically present their card for a merchant to take payment. Although this can also relate to MOTO (mail order and telephone order) payments, this is what is commonly associated with online payments.
There are a few reasons why online fraud in Australia (and globally) is growing:
- Face-to-face fraud prevention has got stronger, with chip technology leading the way, so fraudsters are moving online more and more
- There are now more large scale data breaches where fraudsters use the data they capture to perform more than transactions
- While the rate of online fraud presents multiple opportunities for cybercriminals because it is difficult for merchants to identify and verify who is making the purchase. Here are some very common types of online fraud:
Friendly fraud (also known as chargeback fraud)
Friendly fraud occurs when a customer files a chargeback instead of trying to first obtain a refund from the merchant. Authorised cardholders dispute legitimate charges to their credit cards, pushing the bank to force a refund under the pretence that the merchant made an error.
Of course, sometimes these claims are true. Well-intentioned consumers may accidentally commit friendly fraud because they don't understand the differences between a traditional return and bank-issued refund.
This is when an imposter obtains key details of personally identifiable information that uses them to make purchases online. Cybercriminals gain access to this valuable information by penetrating security systems like firewalls and anti-virus software.
Like the shape, triangulation involves three parties in a transaction: the customer, their card data and a fake online store. When the customer makes a purchase the fake merchant steals the card details.
This is one of the most difficult types of online fraud to detect as cybercriminals use real data to commit their crimes. It's different from friendly fraud where stolen or fake data is used. To commit clean fraud it takes real data to get around fraud tools and fraudsters who manage to do this have prior knowledge of the cardholder's spending and purchasing habits. Purchases look legitimate and are harder to spot.
4 PROVEN WAYS TO PREVENT ONLINE PAYMENT FRAUD
Protecting your business against fraud can seem like a daunting task but there are tools and systems you can put in place to help safeguard your operations.
1. Become PCI compliant
Payment Card Industry standards exist to protect the whole payments ecosystem. It defines how card data is stored, processed and transmitted. As a business, even if you accept just one payment, you have to be PCI compliant. PCI protects card data becoming compromised and minimises data breaches. Becoming PCI compliant can be a lengthy process for merchants, so it's helpful to leverage PCI services from a payment processor like Bambora, who are Level 1 PCI compliant - the very highest standard.
2. Use tokenisation
Tokenisation replace sensitive cardholder information with a string of of meaningless digits (a token). If the fraudster manages to get hold of your tokens, they can't do anything with them. Payment processors like Bambora offer tokenisation services to help merchants store and process customer card details in a secure environment. Payment tokens add an additional level of security to eCommerce operations and have many benefits that help fight payment fraud without compromising your checkout.
3. Use customer-focused payment fraud tools and checks
Merchants are encouraged to use as many tools and security systems as possible. Strong customer verification tools should be used for every transaction to help identify risk and authorise the cardholder.
- 3D Secure: started by Visa and now backed by both Mastercard and AMEX, 3D Secure adds an extra layer of security to taking card payments. It's an extra authentication step your customer goes through before making a purchase online, ensuring they are the cardholder. For your customers, 3D Secure provides peace of mind when it comes to shopping online. With the fraud prevention security in place.
- CVV Verification: card verification value is the three digit number on Visa, Mastercard and Discover branded credit and debit cards. Confirming this number with your customer adds an extra layer of security to your checkout.
- Velocity Checks: these monitor the number of times customer data occurs within a specified interval. This could be: IP address, email address, phone number and billing/shipping address.
When you partner with Bambora you receive industry leading fraud and security tools as standard.
4. Introduce biometric authentication
In the world of payment technology, biometric authentication relates to the parts of the body which can be used for identification - fingerprints, retinas, your voice and your face.
Biometrics are increasingly used for transaction authorisation, both instore and via remote channels. Deloitte found that Australians make an estimated 100 million imprints a day using smartphone fingerprint scanners. Many mobile wallets offer biometric support such as thumbprint or facial recognition, which improves both convenience and security. As online shopping booms, employing biometric authentication can help to reduce fraud.
PROTECT YOUR BUSINESS WITH BAMBORA
Every business operating in the payments industry has a duty to help protect businesses and consumers against fraud. Here at Bambora we take combating fraud very seriously. Reducing the space for online fraudsters to operate is our priority as we help Australian eCommerce grow.
If you're interested in hearing more about fraud prevention, fraud prevention services or looking for advice, please reach out to one of our friendly local team.
About the author
Victoria Galloway has been writing and producing in the payments and eCommerce space for a number of years, both in the UK and Australia.
How to Choose Your Checkout Integration
Ultimately, the checkout integration you choose will depend on the type of functionality you need. To help you get your business going seamlessly, we've outlined three popular integration methods along with their key benefits and things to consider.
10 Common Payment Questions, Answered!
We believe in keeping payments simple and are passionate about keeping our customers, partners and the wider payments community well-informed and equipped with the tools and information to make better business decisions. So, we've answered some of the most common questions we get asked - let us know if we've missed anything!