Avoid Decking the Halls with Fraudulent Purchases

Online fraud prevention: for merchants, proactivity is the key

Officially ‘tis the season for a surge in online sales. Unfortunately, it’s also the season for an increase in online fraud.  

Main Content

Avoid “Decking the Halls” With Fraudulent Purchases

Dec 11, 2017

Avoid Decking the Halls with Fraudulent Purchases

Online fraud prevention: for merchants, proactivity is the key

Officially ‘tis the season for a surge in online sales. Unfortunately, it’s also the season for an increase in online fraud. With more and more consumers doing their holiday shopping online, the criminal element has followed, with an eye towards defrauding online merchants and consumers alike. The good news is that fraudsters typically start with the so-called low-hanging fruit, and by educating yourself—and taking proactive steps to protect your business—you can minimize the risk of becoming a victim.

Online card-not-present fraud is on the rise

The first thing to recognize is that online fraud has been on the rise for the past three years. As you may know, the move from magnetic stripe readers to EMV® smart chip authentication at the point-of-sale has resulted in a steady decline in card-present (CP) fraud since late 2015. (If your business has a point-of-sale component and you’re not yet EMV ready, here’s how to become EMV-compliant before the end of the year.)

At the same time, card-not-present (CNP) fraud has more than doubled in the past three years. In fact, a 2017 report by the U.S. Payments Forum predicts that EMV implementation will result in an increase of CNP fraud from $3.1 billion in 2015 to $6.4 billion in 2018, a statistic that is particularly relevant in the U.S., since 77 percent of its merchants are online, the highest percentage in the world.

Protecting your e-commerce business from online fraud

There are simple steps you can take to protect yourself from fraudulent or unauthorized CNP transactions, which can lead to:

  • Chargebacks by card issuers
  • Reverse charges or issuing credits to defrauded customers
  • Revenue loss from a damaged reputation and eroded customer confidence

Two starting points are highlighted on TSYS’ protection from credit card fraud page. For one, you’ll want to take advantage of a service called AVS, which stands for Address Verification Service, which helps you verify the identity of the customer by comparing the billing address they provide with the address on file with the credit card issuer. If the address and ZIP code do not match, it’s prudent to contact the card holder before shipping any merchandise.

Another basic fraud protection tool is the Card Verification Code, which is a 3- or 4-digit number found on the back of Mastercard®, Visa® and Discover® credit cards and the front of American Express® cards. Unless the customer has the card in their possession, it’s unlikely that they will be able to provide the CVC, which is also referred to as CVV, CVC2 or similar.

PCI Compliance and secure tokenization

Meanwhile, there are other steps that you can—and should—take to protect yourself from online fraud. At the top of the list is adherence to the Payment Card Industry Data Security Standards (PCI DSS), which are designed to prevent sensitive consumer data from being compromised. TSYS states in its Guide to PCI Compliance, “businesses and merchants are required to process, store and transmit payment cardholder data in compliance with these requirements so that it is kept private and secure.” 

TSYS can help you maintain PCI Compliance for electronic transactions and also offers PCI- compliant secure tokenization, generating secure tokens for each customer and customer account, which you can submit whenever a transaction occurs.

Best practices for e-commerce security

Finally, it’s also vital to familiarize yourself with—and adhere to—best practices for e-commerce security. Following is a list of some easy-to-implement best practices. (A more complete list can be found in our Guide to E-Commerce Fraud Prevention.)

  • Require strong passwords (with a minimum number of characters that include symbols and numbers).
  • Set up system alerts for suspicious activity (such as multiple transactions coming from the same IP address and orders where the recipient’s name is different than the cardholder’s name).
  • Provide security training to employees. For example, employees need to be aware that they should never send sensitive data via email, text or a web site’s chat function.
  • Monitor your website using real-time analytics tools and set up phone alerts that alert you to suspicious and potentially malicious activity.
  • Perform regular PCI compliance scans.
  • Consider a Distributed Denial of Service (DDoS) protection service.
  • Consider data breach protection. TSYS offers a program that is specifically designed to help merchants meet the expenses resulting from a suspected or actual breach of payment card data.
  • Trust your instincts. If an order seems questionable—or seems too good to be true—call or email the customer to verify key data before shipping the merchandise.

Learn more about our credit card processing solutions

If you have any questions, don’t hesitate to call us at 1.800.654.9256 or contact us online. We also encourage you to learn more about our online payment processing solutions, as well as our mobile credit card processing solutions.

EMV is a registered trademark or trademark of EMVCo LLC in the United States and other countries.

Contact Us
About Our
Merchant Services

Get your Free Quote, Now!

After you have submitted your information, a TSYS representative will contact you.

All fields are required to submit form. Your information is private and secure. We do not accept adult businesses

Customer Support Form