With the number of online payments surging, the fraudsters follow the trend and come up with dozens of schemes to fool payment services and marketplaces and steal customer money or get free products. Maxpay.com experts say that opening a high-risk merchant account is enough in most cases, but learning how to identify online payment fraud is necessary anyway. Their guide will help you close all the knowledge gaps.
Online Payment Fraud: How It Works
The most common way for fraudsters to trick your payment system is to purchase a database of stolen credit card details on the darknet and try to purchase goods on your website. Millions of credit card profiles leak online every year for various reasons, and purchasing them is the easiest way to attempt stealing the money of average cardholders by purchasing goods via card-non-present transactions on websites. Here are the main steps of the identity theft scheme:
- Outlaws purchase private credit card information on the darknet or elsewhere;
- They use the stolen identity to make purchases as if they were the real cardholders;
- If everything goes ok for fraudsters, the marketplace doesn’t notice suspicious activities and delivers the goods without questions;
- Soon the real cardholder notices suspicious transactions on the credit card statement and contacts the bank to request a chargeback. In most cases, chargebacks are approved and attacked marketplaces have to return the money and pay chargeback fees sacrificing their chargeback rates.
Fraudsters may also use the following “tools” to maximize their chances:
- Advanced privacy software – VPNs, virtual machines, browser ID blockers, and other privacy software are used for hiding the actual location.
- Location spoofing – this method allows fraudsters to make their devices send the needed location to match the credit card holder’s location.
- Real buyer behavior imitation – fraudsters learn from their mistakes and try to imitate real buyer behavior patterns to have more chances to win.
- Extra customer information – some fraudsters may purchase additional cardholder info to create more convincing accounts.
Another common case is friendly payment fraud. Crafty citizens may decide to purchase some valuable items and pay for them using their real cards. If a store doesn’t request buyers’ signatures for delivery confirmation, friendly fraudsters can easily claim that the goods haven’t been delivered and request chargebacks. If the bank sides with them, they receive the money back and don’t have to return the goods to the seller. Fortunately, this fraud type can be easily prevented by requesting a buyer’s signature on delivery.
Know The Red Flags
All fraudulent online transactions have one or several of the following signs. They may look normal to an untrained eye, so it’s important to learn them well.
- Shipping and billing addresses don’t match – fraudsters usually use addresses of freight forwarders and re-shippers to hide their trace and keep their real location secret.
- Shipping, billing, and IP addresses are located suspiciously far from each other – this sign of trace-hiding signalizes fraud in 95% of cases as average users rarely can do transactions in such unusual conditions.
- The billing address differs from the info provided by the card-issuing bank – this red flag is similar to the previous two.
- Several small purchases are made in short intervals with similar or even the same card numbers – fraudsters usually use multiple stolen credit card numbers to make purchase attempts, which sometimes results in suspiciously frequent transactions.
- Payment process circumvention attempts – fraudsters may try to bypass your payment system by sending credit card info by email rather than through the website form.
- Unusually many items in the order, too many units of the same item, or too many orders within a small timeframe – these fraudsters just hope you don’t have security at all.
- The buyer requests the fastest shipping option – this can be a sign of fraud only in combination with other signs.
- The order comes from another country where your goods are available too – buyers can make such orders by mistake, but a fraud attempt is more probable.
- The buyer tries to enter the wrong card expiration dates multiple times – sometimes fraudsters have credit cards without expiration dates and try to guess the right digits.
How to Verify an Online Transaction
If your only option is manual transaction verification, you can do it the following ways:
- Use Google Maps to verify shipping address – simply enter the suspicious shipping address to ensure that it’s not a parcel-forwarding service, UPS department, etc. It’s recommended to combine this method with others.
- Verify phone number and e-mail via Google Search – enter the suspicious customer’s phone number and/or e-mail in quotes. This may bring up fraud reports related to these credentials or exact people/organizations.
- Figure out and contact the card-issuing bank – enter the first 6 digits of the card number in Google to identify the card-issuing bank. Contact the organization and request card name and billing address verification. Every bank is required to answer in the affirmative or disprove the information.
- Search for an alternate cardholder’s phone number – use databases like 411.com to search for additional contact information if you find that the shipping address is suspicious. Call all the available numbers. Fraudsters usually provide disconnected numbers or real cardholders’ phone numbers. Both are high grounds for not accepting the payment.
- Reverse-search the buyer’s IP address – this will help you ensure that the buyer’s IP and shipping addresses are in the same state or city. If not, use other verification methods to ensure transaction eligibility.
Do It If You Detect Suspicious Payment Activity
In case you detect any kind of suspicious payment activity on your website or notice a completed unusual transaction, refuse to accept the payment or freeze shipment until you verify the buyer. All the suspicious payments that are not batched out should be voided in order to prevent fraudulent chargeback attempts.
Keep Your Ear to The Ground
Believe it or not, but the number and complexity of fraudulent schemes are growing exponentially. That’s why using protected merchant accounts and insuring your business against online fraud is necessary today. Besides, your staff must be knowledgeable about all or at least the most probable potential payment frauds that can occur on your platform and learn how to utilize security protocols to prevent them proactively.