Ecommerce/online payment fraud has risen in prevalence as internet shopping has grown – where fraudulent actors are no longer physically stealing cards, and they can more readily obtain stolen card information on the dark web to use these cards for purchases. Card Testing scams are also rising in frequency, where fraudsters test which cards are still active and allow for purchases. While those transactions are typically small and carry little individual risk, the fees and subsequent fallout can have a significant impact on a business.
For a Merchant, fraudulent transactions have little recourse in the event of chargeback if due diligence is not taken to validate a transaction before delivering goods or services. Common red flags include:
- Mismatched order data – the billing zip code, shipping zip code (or codes), and buyer location (IP Address) are inconsistent.
- Atypical order amount or frequency – many small businesses will jump at the chance to see their highest order ever or a sudden stream of orders in a short period, but if it is outside of typical customer behavior with no prior anticipation, this is a red flag.
- Multiple Declined Transactions – a fraudulent actor may be trying multiple stolen cards when attempting to complete a card, not present a purchase. One or two attempts are normal, but seeing four, five, six, or more failed attempts may signify something different. New foreign transactions – if a business suddenly sees transactions from foreign-issued cards or billing zip codes that are outside of their normal customer geographic region, this may be an indication of a fraudulent transaction.
- Suspicious cards – for card-present merchants, being presented with a non-EMV/Chip card is becoming increasingly rare. If an in-person transaction seems suspicious, ask for a form of verification from the purchaser (such as ID) to help validate ownership of the card.
Merchants can take several steps to further protect themselves from fraud and chargebacks, from individual business security to additional due diligence on transactions. While there is no one-size-fits-all approach for Merchants, there are many ways a Merchant can stay confident in the security and validity of transactions they process. These steps include:
- Have a clear refund/return policy and explicit terms of service: giving customers explicit direction and options will help prevent non-fraud-related disputes. Regular site and business audit: for businesses with online payment forms, ensuring the security of that form and their site is critical to discovering flaws before a criminal does. This includes making sure your plugins are up to date, your SSL certificate is current and working, scans for malware are being completed regularly, strong passwords are being used, and customer communication is encrypted.
- PCI Compliance: partners who install Tilled.js take advantage of our Level 1 PCI compliance. This extends to the sub-merchants to ensure that security compliance meets the PCI Council requirements.
- AVS and CVV Verification: for online transactions especially, ensuring an AVS and CVV match are critical before releasing any goods or services. A mismatch in this data may indicate that the customer does not have the card in their possession.
In the event of a cardholder dispute on a transaction, the way to win these chargebacks is through gathering and presentation of compelling evidence that the transaction was valid. This includes:
- Signed receipts or invoices for the purchase
- Shipping records and delivery confirmation
- IP Address Information and location data
- Documentation of any customer correspondence in regards to the transaction
- Records of card/identity verification methods used (i.e., AVS and CVV match results)
- Proof of usage (especially for online services)
- Terms and conditions agreed to at the time of purchase
While retail fraud has decreased in significance with the emergence of EMV Chip cards, ensuring EMV compliance and maintaining proper transaction records will aid in prevention and ability to win chargebacks. For Ecommerce and Card Not Present merchants, prevention is as much of a key to chargebacks as a response. In any case, crafting a rebuttal letter presenting compelling supporting evidence will give the best chance of winning chargebacks and recovering revenue.