We’re already one year into the nation’s bumpy transition from the stripe to the chip, and instead of declining, credit card fraud is expected to reach a record $4.5 billion in 2016. Customers using chip cards at brick-and-mortar stores with chip card readers can rest assured that their data is reasonably safe: MasterCard, for instance, estimates that fraud costs are down at these shops by 54%. But in comparison, online stores are now easier to hack, and they haven’t been as lucky. Online fraud attacks surged 137% last holiday season, and with ecommerce expected to reach 10% of retail sales this holiday, fraudsters will likely continue to follow the money.
Online transactions, like all “card-not-present” transactions, have always been more susceptible to fraud – people usually report a missing physical card within 24 hours, but it can take weeks or months for them to notice and report unauthorized charges on their credit card statements. It’s also more efficient to hack into an insecure system and steal millions of card numbers than to steal physical cards one-by-one, right? But as more merchants implement chip technology, thieves are rushing to use data stolen from non-chip accounts at non-chip retailers before it’s too late.
This is bad news for online retailers because credit industry standards specify you, the merchant, as the financially liable party in most credit card fraud cases. If you sell and ship an item to a fraudulent buyer and the real cardholder later seeks to reverse the charges, you are solely responsible for the merchandise, shipping costs, and chargebacks. The card issuer, payment processor, and the payment gateway are all not the responsible parties.
All credit card fraud can’t be prevented, but here are a few tips to minimize it this holiday season:
- Use the card issuer’s Address Verification System (AVS) to compare the billing address entered by the purchaser with the billing address on file with the credit card company, and ALWAYS check your AVS codes. AVS only verifies the numbers in the address – the street number and zip code – but it’s a good first line of defense.
- Verify the CVV at checkout – the 3-4 digit number on the back of the physical credit card is not embossed or included in the magnetic strip, so while it could potentially be scraped from another site, it can’t be scraped from the card. It’s not foolproof, but if you do find a mismatch, there’s a high probability of fraudulent activity.
- Geolocate the IP address where the order originated, and verify that it is at or close to the billing address. Billing address in Austin, IP address in L.A.? Nope. Billing and IP addresses in two different countries? Double nope.
- Use ShippingEasy rules to flag common fraud indicators: unusually high transaction values, international orders coming from high risk countries, and orders shipping to unverifiable addresses are all indicators of possible fraud.
- Offer alternate payment options like PayPal or Apple Wallet: mobile wallet services have added security features to protect consumers’ credit data, so data breaches and stolen credit card numbers are much less likely.
- If you can, delay shipping by 24-48 hours after purchase. While not all consumers will realize their cards have been stolen within this time frame, most thieves are in a hurry to receive their stolen goods, and the extra lag time will deter them.
What should you do if you discover or suspect a fraudulent transaction? Call the card issuer and have them make a courtesy call to the cardholder to confirm the order. If the card number is indeed stolen, this gives the cardholder/issuer an opportunity to freeze the card and file a police report. You can also report internet fraud to the FBI.
We hope these tips make it easier for you to spot suspicious activity this holiday season while you’re processing and shipping out your orders. Happy shipping!