With the holiday season approaching in full swing, merchants of all sizes will see an influx of online shoppers. Many businesses see the largest sales volume over the holidays – in 2020, online shopping spiked by a record 40.8% during the holiday season – but this increase also attracts the attention of fraudsters.
Comparing the months of November and December to the rest of the year demonstrates an increase in fraudulent holiday e-commerce transactions.
- 54% from Nov. 26 to Nov. 30, 2020. 13.67% through December 4th, in 2020.
- 70% from Nov. 28 to Dec. 2, 2019. 9.80% all of 2019.
- 76% from Nov. 22 to Nov. 26, 2018. 11.12% of all of 2018.
“The holidays are always a ripe period for cybercriminals with increased online traffic occurring,” said Experian Vice President of Consumer Protection Michael Bruemmer. “But this year is even more attractive for hackers so consumers need to make sure they are following several good security practices to keep their information and financial accounts safe. Retailers should also be very vigilant so that shoppers have a positive customer experience.”
There are Several Types of Fraud
Having a robust cybersecurity strategy in place is paramount, but merchants must be extra cautious during the holiday season. There are several types of online holiday fraud that companies need to be aware of:
- Friendly fraud – Friendly fraud is anything but friendly. Friendly fraud has grown in recent years with the rise of Ecommerce. A customer makes a purchase online for a product or service with their credit card and then contacts their credit card issuer to dispute the charge. This type of credit card fraud is often referred to as friendly because the customer will make claims that seem believable and honest.
- Card testing – Card Testing is a technique where the fraudster is trying to determine if he can use stolen card information to make online purchases. Card Testing is also referred to as auth (authorization) testing and is a trial run for fraudsters for $1 or less, hoping that it goes through, or even if it doesn’t, it won’t raise any significant flags if it gets declined.
- Chargebacks – Chargebacks are a consumer protection tool that allows consumers to get their money back for fraudulent charges or purchases that don’t live up to standards by submitting a dispute with their card issuer. If you notice a transaction on your credit card account that doesn’t look familiar or run into issues with a recent order, you may want to (and should) dispute the transaction. Generally, you’ll have two options when disputing a transaction: refund or chargeback.
A refund comes directly from a merchant, while a chargeback comes from your card issuer.
While fraud can happen in numerous ways, merchants must take a proactive approach to combat fraud.
Strategies and Tools to Safeguard Your Checkout from Fraud This Holiday Season
- Take advantage of security tools like reCAPTCHA built into the payment experience. Simply put, CAPTCHAs enhance online payment security and prevent sites from being affected and attacked by hackers.
- Enable standard security elements like zip code validation, address verification, and CVV on the payment pages so that it will be difficult for fraudsters. No single factor can prevent card testing fraud. Hence, we recommend a multi-layered approach that can help merchants prevent credit card testing fraud attacks.
- Merchants can turn on IP blocking rules and velocity checks built in to define their own rules to prevent these attacks.
- Enroll in 3D Secure (3DS), a tool that adds a layer of security to prevent fraud in Ecommerce transactions with credit and debit cards. It sits on the merchant’s payment form and authenticates customers in real-time during card not present transactions. It can help you increase authorizations and shift chargeback liability to the card issuer, including for chargeback codes 10.4837 and 10.4863. But remember, while it is a very useful tool, it alone does not constitute a comprehensive fraud prevention strategy.
- We encourage our merchants to learn more about Bluefin’s fraud-scoring tool, where they can leverage state-of-the-art machine learning models and established rules to identify good customers, analyze patterns and data, and highlight risky transactions. Fraud prevention requires analyzing devices, associated identities transacting across digital channels, and monitoring transaction data. We recommend our merchants adopt a strategy that helps minimize risk and reduce losses caused by card-not-present fraud.
- Bluefin also has various internal monitoring mechanisms through our PayConex™ payment gateway that help detect critical vulnerability indicators like high traffic in a short amount of time with the same attributes, low transaction values, increase in failed authorizations, and specific decline codes.
- Finally, it’s imperative that merchants make Personally Identifiable Information (PII), Protected Health Information (PHI), and cardholder data worthless on the web. Take advantage of our ShieldConex™ data security platform, which utilizes both hardware-based encryption and vaultless tokenization to secure sensitive data entered online.
Beating the Holiday Rush
Regardless of what the holidays bring, Bluefin will be with you every step of the way – offering encryption, tokenization, fraud and authentication tools to keep your business safe and your customers coming back. To learn more, contact Bluefin today.