How to prevent fraud in your webshop
How can I protect myself against fraud?
There is no easy way to prevent fraud. It is up to the owner of the webshop to prevent it. But how can this be done?
Your payment flow needs to be secured in all stages. Most important is the payment page itself. Being secure means having an SSL certificate issued in your name and implemented on your webpage. This will help giving that extra layer needed to prevent hacking, and it also brings peace of mind to the cardholder.
Use velocity checks to analyse your transactional behaviour. If you see an unusually big flow of transactions coming through it might indicate a fraud attack with stolen cards. Velocity checks are used to analyse your transactions. Some velocity checks are related to comparing the data provided by the cardholder with social networks or perhaps posing some limits on transactions per card. It is always a good idea to check where the majority of the transactions are normally coming from and if you see a transaction from a high-risk country, you can decide to block the order until further manual review. When you need to manually review an order, you can contact the cardholder by email or phone asking them to verify the data or check if it was a mistake having the billing address differing from the shipping address. Small things can help you achieve greater results and will only be considered as a secure service by the customer.
Check for unusual declines. There might be instances where a card has been used multiple times and all have been declined. However, the card may be used at a later stage and authorised/approved. Such indications help you to identify a fraud attack. It is, therefore, a good idea to analyse the declined transactions you are seeing on your webshop.
Implementation of 3-D Secure. 3-D Secure, also called Mastercard SecureCode or VbV (Verified by Visa) is the most effective way to prevent fraud. Having a 2-factor authentication performed on each transaction keeps fraudsters at bay. With 2-factor authentication, the webshop is not held liable for the fraud when a chargeback occurs.
Analyse the SAFE and TC40 data provided to you on a daily basis. The data helps you analyse or identify an unusual pattern with cards or BINS. It also helps you remain compliant with the compliance programs of both Mastercard and Visa.
Listen to your acquirer. Experience is the best practice and advice. If an acquirer reaches out to you about fraud, it is meant in order to help you.
Fraud and chargeback received
As previously mentioned, there is no way to avoid fraud completely. The best you can do is try to prevent it. A good checklist for all webshops are:
Are you using CVC/CVV and AVS?
Is 3DS switched on?
Are you analysing the data received from SAFE and TC40?
The more security and authentications your webshop has, the more you can prevent fraud. Unfortunately, although you might have checked all boxes, fraud can still occur. Using 3DS or VbV helps you reduce fraud by over 90%.
In the event that you still get a fraudulent transaction even though the transaction was made in a secure environment (3DS or VbV), you no longer have the liability for the transaction. The issuer becomes liable for the transaction in cases like this.
Small yet effective management of your webshop is what you need to help mitigate fraud and losses in the long run.