Fraud is constantly evolving. As the payments industry grows and changes, so do the tactics fraudsters use to steal money. Whether in person or online, merchants need to take a strong stance on fraud prevention. Ultimately, stopping fraud in its tracks not only helps the targeted business, it stops criminals from potentially browsing multiple businesses and individuals.
To learn more about fraud prevention in the payments industry and to provide training on fraud prevention, detection and investigation, PaymentsJournal spoke with Caroline Sawyervice president of risk management at Agile Financial Systems (AFS), and Don ApgarDirector of the Merchant Services Advisory Practice at Mercator Advisory Group.
Multi-layered fraud protection for all merchants
PaymentsLog Multi-layered fraud protection for all merchants
Fraud: the state of the union
Fraud is a global problem. Where once fraudsters might have needed to act locally, the digital reach of the Internet has exposed targets everywhere. “The perps happened mostly online,” Sawyer said, “so we constantly challenge ourselves to look for risk filters and rules to apply to all our merchant services processing to make sure we’re protecting our merchants.”
Whether fraudsters operate in person through card-present transactions or online through card-not-present (CNP) transactions, one of the fraudster’s first steps is to test the card. “Fraudsters don’t always know what kind of business they’ve infiltrated, so they test different CMC or SCI codes,” Sawyer explained. “They’re trying to test and get clearances to make sure the stolen cards they have are still valid.”
Before EMV chip cards became common, fraudsters made fake cards with stolen credentials and made a small initial purchase. “That’s how they would see if the card was good, but smart cards pretty much stopped that,” Apgar noted. “Now they have no choice but to use an e-commerce website to try and test the cards.”
As a result of huge Data shortcomings in these last years, there is an abundance of stolen credentials for sale on the dark web, and these credentials are often inexpensive to acquire. Once the criminals verify that the cards are active, they will accumulate huge amounts of credit on the card. Catching fraudsters in the testing phase is essential to prevent larger high volume frauds from occurring.
How traders can protect themselves
Fraud doesn’t seem to be slowing down anytime soon. “[Fraudsters] are constantly evolving and getting smarter,” Sawyer pointed out. “We have to do the same.” One of the strongest moves a trader can take is to engage with AFS, which enforces over 30 risk rules against all trader treatment and maintains thresholds that work transparently behind the scenes.
‘Traders get nervous when you conjure up,’Oh, I’m going to put a cap on how many trades you can make per day,” Sawyer clarified. “But that’s not what we’re doing…you’re always going to have fluctuation in valid merchant processing…so you’re building a bit of a cushion, so there’s a layer of protection or a safety net. ” SFA delve into analytical history of each account. This way, if a merchant regularly sees an average of 100 transactions per day at an average ticket price of $25, anything that significantly exceeds these thresholds will be flagged so AFS can step in to check for fraud.
Merchants without a card should also monitor their authorization data. Fraudsters will write codes or program bots to quickly make test purchases on their stolen credentials. “You’ll see clearances every few seconds, and it’s boom, boom, boom, boom — those aren’t valid sells,” Sawyer said. CNP merchants are much more susceptible to these types of fraud, but website controls can mitigate the damage. In addition to keeping tabs on high-speed purchases, CNP merchants should also:
Conversely, card-present merchants should ask their subcontractors to deactivate the Internet functionality of their payment terminals via the SSL socket layer. “If you’re a face-to-face business, you don’t need to have the internet open,” Sawyer advised. Obviously, online merchants depend on the Internet to function, but if it is an unnecessary connection, these connections will only serve as additional channels through which criminals can commit fraud. In addition to this, merchants who present a card should always swipe or use the chip card rather than capture transactions, which carries a much higher risk.
Balancing customer experience and strong warranties
When looking to implement fraud prevention tactics, one of the main concerns for merchants is that the extra layers of security will add friction to the checkout process. “It’s sort of the holy grail, especially in e-commerce, of trying to make the transaction as easy as possible for the consumer, minimize cart abandonment, and maximize conversion rates,” he said. explained Apgar. “Those goals are always at odds with fraud prevention…you always want those [solutions] run in the background and not be off-putting to the consumer.
AFS operates seamlessly, easily sliding between the customer and merchant ends of the transaction without affecting processing activity; data is erased after the cardholder sells, but before it is settled with the merchant. “The cardholder experience is very positive, and the merchant experience should be too,” Sawyer said. If merchants remain vigilant on their side, with AFS watching them behind the scenes, fraudsters will be dead in the water.
Finally, it should be noted that AFS is available 24/7 for traders to call with any questions or concerns. Having multi-layered fraud protection in place means that merchants keep tabs on several different key pieces of information – and AFS is there to help them at every crucial moment. “Within 30 seconds, customer service will usually answer the phone or contact us,” Sawyer concluded. “We are here for the win-win.”