Last modified: 4. March 2019
“It was a dark and stormy night. While the wind was raging outside the ancient walls of Wolf Manor, inside its owner was raising a glass of blood-red wine in a silent toast to himself. It had been a successful year for Nathaniel Wolf: his lunar calendar software had become the country’s most successful software product, so his company was well set for the next business year. He had another sip of the wine, before he opened his laptop to go through the latest sales reports. But what was that? Nathaniel’s bushy eyebrows raised. There it was, the one word he dreaded more than the silverware cutlery his neighbor had gifted him last Christmas. Unmissable in capital letters, he read the word in the first line…and in the second one…and in the third: ‘CHARGEBACK!’ Nathaniel felt his blood boil with a rage he hadn’t experienced before.
Through the raging wind outside the ancient walls of Wolf manor one could hear the shattering of glass, followed by furious, inhuman howls…”
In the spirit of Halloween, we want to address a topic in ecommerce that has caused many an online merchant to quake in their boots: fraud. Fraud is the term we use to describe a process in which people try to either get your product/service or your money from you by using a variety of dishonest tricks. Like vampires these vandals are out for blood–or in this case—your hard-earned money. Don’t stop reading if the post becomes too scary; if you brave it to the end you will unlock the key to preventing fraud.
Beware of Identity Theft
The most common fraud attempts against online vendors fall under the category of “identity theft”, meaning the person who places an order uses a credit card that doesn’t belong to them, or isn’t who they are pretending to be. They may have stolen or found the physical card, or got their hands on the electronic card data via other means. So when they buy something from you, and the legitimate owner of the credit card discovers that there has been a fraudulent transaction, they usually inform their card provider and the money is charged back to the card owner. Then you lose the revenue that you had already booked for the transaction, making it a loss for you.
Scary enough, right? But like the “Saw” series, this story gets worse as we proceed. Losing money on an order is bad enough, but the effects of fraud can be even more serious, because they entail costs invisible at first glance. According to LexisNexis’ annual fraud study, the cost of fraud for online merchants is $2.47 for every dollar lost to fraudulent transactions. So if you suffer a $100 chargeback, on average it will cost you $247.
This extra cost is due to chargeback penalty fees your payment provider charges you, plus you might fall into a less advantageous transaction fee tier. Then you’ll need to factor in the extra work it takes for your customer support and finance teams to handle the incident and clean your customer database of “zombies”: the living dead data of fictional and fraudulent orders and accounts. And don’t forget the lost cost and upsell opportunities for a customer that turned out to be fictional.
If you are the merchant, you’ll quickly realize that payment providers you are working with have a maximum threshold of chargebacks they allow. In the worst-case scenario, they’ll shut you down faster than you can say “Boo!”, and you end up with a web store that cannot process credit card orders. Horrifying!
Now that we have established the gravity of the topic, let’s have a look at a few fraud categories before we come to the promised happy ending. In ecommerce we mostly talk about four categories of fraud:
- Fraud resellers. This is a category of identity theft where fraudsters use stolen or otherwise acquired credit cards to buy your product and resell it elsewhere–for example, on eBay. There is a whole industry around credit card data, and fraudsters can buy whole batches of card numbers to use for their dark business.
- Card-testers. You will find yourself attracting this type of fraud if you offer products or services at a very low price, such as $4.99 per month. Fraudsters will try to initiate transactions for those products in order to validate that the card data they have is actually working. In this case you are not being targeted for your own products, but by people who are looking to place small-value transactions with cards they acquired illegally, with the ultimate purpose of using these cards elsewhere for high-value fraud.
- Affiliate fraud. This is a specialized type of crime. In this case, the affiliate signs up and behaves like a normal affiliate, until they receive the commission. Then, all of a sudden, you see chargebacks coming in and piling up.
- Friendly fraud. Technically, these customers aren’t fraudsters, since they are not issuing chargebacks for their financial gain. But since they do affect your chargeback rate and rating with your payment processor, we’ll handle them with this topic, too. These are customers who looked through their credit card statement and found a charge they didn’t recognize.
The Happily Ever After
Being subject to fraud is a bit like battling a zombie apocalypse: no matter how many fraud attempts you can avert, you can be certain that more and more will come at you. But there are a couple of defense layers that have proven effective against fraud. Stakes and silver bullets, so to speak:
- Defending against fraud resellers: The key here is to make reselling illegitimate licenses impossible or as unattractive as possible. Create your products in a way that allows you to deactivate licenses/services once an order is found to be fraudulent. If you can “switch off” any license at any time, your product is not very attractive for this type of fraudster.
- Defending against card testers: These fraudsters rarely use a manual approach, but scripts or botnets to do the job for them. This means well-defined velocity rules on a fraud management solution can filter out a lot of them.
- Defending against fraud affiliates: Make sure you use affiliate networks that don’t pay out the affiliate commission too fast. If the fraudsters have no chance to make a speedy getaway with your money, you are not an attractive target for them.
- Defending against friendly fraud: When a bank informs you of a customer alarmed by an unknown charge on their card statement, one of the simplest and most straightforward things to do is to get in touch with the customer. You may also be entitled to dispute the chargeback, meaning you can provide information to the bank that shows the legitimacy of the charge and the corresponding order.
There’s a saying in the ecommerce industry that the only way to avoid payments fraud is to stop selling. Neither you nor I would want that, of course, but there is some truth behind that saying: the tighter you weave your spider web of defense, the more legitimate orders will be rejected by your system. The term “false positives” refers to those customers who have tried to place a legitimate order with their own credit card, but some detail triggered the fraud prevention systems, and the order was rejected. Configuring fraud prevention systems and training a fraud team to a point where you reach the ultimate balance between rejecting bad orders and allowing good ones does require time and money, and is one of the most complex back end systems you need to manage. However, it is essential for a successful online store.
Like the partner that offers the tools to survive in so many horror movies, MyCommerce acts as the Merchant of Record and assumes the fraud risk for you. We also happen to have the most advanced fraud prevention system – our very own Transaction Defender – and the most experienced fraud teams in the industry. Our technology and expertise provide all the fraud defense mechanisms I mentioned above, and more. We stay on top of fraud trends and do everything we can to provide you with a solution that gives you peace of mind. Reading a Halloween horror story that features a MyCommerce client usually sounds far less scary:
“It was a dark and stormy night. While the wind was raging outside the ancient walls of Wolf Manor, inside its owner was fast asleep in his canopy bed, an empty glass on the bedside table. Nathaniel Wolf felt safe, for he knew his online business was protected by MyCommerce.”