There is an unprecedented shift from in-person payment to the card not present payment processing ecosystem going on right now. The events of 2020 were impacting and far-reaching. When listing the various impacts, the health crisis is the catalyst which leads to many identified trends, challenges, changes, results and projections.
This is for many reasons ranging from the expansion of companies and the associated new delivery services, to health regulations and public safety concerns. Making the decision to fold card not present transactions into a business model can be an incredible undertaking just to get the processes right and the systems established to handle expansion to a national or global level.
In addition to fulfillment items, there are marketing adjustments, laws to be adhered to (when dealing with sensitive or regulated products such as consumables, tobacco and alcohol), and the introduction to the digital world of fraud.
Why is Card Not Present Payment Processing Fraud so Important?
Decades of data, collected from virtually all industries, compiled over countless transactions and the resulting chargebacks, shows that the vast majority of fraudsters employ methods that fall under the category of what is referred to as “Carding”, with a siginificant uptick in personal scams in 2020.
When tabulating these losses, it is important to understand that $1 reported in losses by consumers averages $3.13 in losses for merchants after considering variables like chargeback processing, representment processing, arbitration, loss of product and more that we will get into as we outline fraud prevention strategies and the variables that are considered when building them.
How to Think About Your Card Not Present Payment Processing Fraud Prevention Strategy
An effective fraud prevention strategy can vary greatly from one company to the next, as seen in the comparison between in-store retailers and e-commerce merchants. The transactions for in-store merchants use cash, cards (swiped at the POS) and sometimes checks.
The prevention strategy here relies heavily on two things; the cashier’s ability to identify counterfeit materials (Cash and Checks) and the company’s ability to leverage hardware and the associated systems. Things like chip verification, chexsystems, counterfeit detectors and more are used together and produce a palpable result.
E-commerce merchants rely on submitted information for their transactions. Identity information, payment information and shipping (or fulfillment) information. Information can be manipulated, stolen and manufactured. This lends to high vulnerability if proper verification systems are not put in place. Your fraud prevention strategy is what dictates the systems that you put in place.
There are countless systems in the world that approach e-commerce fraud prevention through various lenses. Verifying identity information is certainly relevant to stores issuing credit lines. Device fingerprinting services might be the most important for financial institutions. Transaction analysis by this company, chargeback representment processing by this company. Consortium merchant data over here, cyber analytics and dark web data aggregation over there.
By identifying the processes that your company has in place and keeping an open mind to the types of exploits that your company might encounter, you can begin to conceptualize the processes that need to be put in place in order to strike the balance between merchant security and customer satisfaction. If your company hasn’t taken proactive measures to define your unique fraud prevention strategy, we will go into a reliable 4-step process that you can employ today.
How to develop a Card Not Present Fraud Prevention Strategy
Whether your company is a small business, operating out of a garage or a corporate juggernaut, participating in millions of transactions, the process is the same; Identify, Monitor, Automate, Repeat.
Identify your “Transfers of Value”
Fraudsters are not limited to cash, checks, and cards. Your fraud prevention strategy shouldn’t be either. As I mentioned above, the move to e-commerce brings with it new processes. Whether it be marketing, sales, fulfillment, or others. Each new process relies on submitted information (and a bit of faith if your company doesn’t have a strategy in place for various verifications).
Transfers of value can be anything wherein the company engages with a consumer (or fraudster) and makes an exchange. Returns, lines of credit, insurance policies, dropshipping (from the perspective of a service provider), coupons, gift cards, etc. all are processes that are regularly abused by fraudsters.
A big part of moving to e-commerce is establishing systems to get the job done. By actively looking for the transfers of value that your company participates in, you can begin to conceptualize what a verification process can look like for each one of the systems in place.
Monitor your company’s transfers of value
You must monitor your company’s transfers of value, and its performance across the board, with regards to fraud losses. After completing the first stage of the strategy development process, you’ll quickly realize that the potential for fraud exists in many areas of your operations. In addition to the wildly-evident losses incurred by fraudsters attacking the front-facing checkout form, social engineering, counterfeit materials, account takeovers (ATOs) and more exist throughout the system and can be just as devastating if left unchecked.
By employing verification processes across the board, you can achieve two things:
1. You’ll begin to catch bad actors early on.
2. You’ll be able to identify trends employed against your company, which will provide you the data that you need to support decisions regarding the third step.
Automation of the Process
It’s important to automate the processes that you have employed, when logical. The number of fraud prevention service providers seems to be growing by the day. Each with a nuanced combination of data aggregation, analytics, reporting, risk assessment strategy, determination algorithms, scope, method, Artificial Intelligence / Machine Learning, etc.
All of the great minds working together to create countless solutions, geared towards helping merchants stirke the balance between merchant security and customer satisfaction.
Many merchants spend precious time and hard-earned money running through a list of providers, trying to find the one (or combination of services) that works best for their unique situation. By following this process, merchants can laser-focus their pursuits for service providers who automate the process that they need automated, based on the data they have been building.
Once your company has established an effective relationship with a valuable fraud prevention service provider, and made the necessary adjustments for your operations, it’s time to….
Repeat the process
Fraud prevention is not a project. Fraudsters are constanly refining their methods, looking for vulnerabilities, authoring new methods, and so on. As your company grows and develops, it will also begin to employ newer, faster, smarter, easier processes, each of which has it’s own vulnerabilities and related exploits (as seen through the eyes of a fraudster).
Only by keeping a close eye on the emerging trends and the data in your system can you stay ahead of the curve.
This article has been contributed by Alex Hall, a former fraudster who spent ten years successfully operating in the Las Vegas fraud scene. Today, he is the Principal at Dispute Defense Consulting, a Full-Spectrum Fraud Mitigation Consulting agency, with an aim to assist merchants to build a comprehensive defense against fraud throughout many aspects of their system.