fbpx

Scott Ackerman Consulting

Fractional CFO | Finance and Strategy

According to recent reporting by the Wall Street Journal, the dollar volume of attempted fraudulent transactions rose 35% in April from a year earlier.

Due to the coronavirus pandemic, fraud rates are surging since people are finding themselves in desperate financial situations. You can see which states are hardest hit in this report published by Expert Insurance Reviews. The report highlights the 11 states hardest hit by coronavirus fraud and breaks everything down by type of fraud. The worst-hit states are New York and Maryland. And the most common types of year-round fraud (not just due to coronavirus) are bank account fraud and credit card fraud.

What are some common types of credit card fraud?

The most common type of credit card fraud involves stolen or otherwise fraudulently obtained credit card information. Basically, it refers to a situation where someone other than the legitimate owner of the credit card is using the card. The fraudster is trying to receive the goods or services for free and not pay for them. Unfortunately, the target for the fraud is the company that accepted the credit card transaction.

Here’s how it works: when the credit card owner identifies the fraud or suspected fraud, they will contact the credit card company and request a chargeback, which means they are contesting the charges with their credit card company. When the chargeback occurs, the funds are immediately taken from the merchant who received the money. The merchant can contest the chargeback and if they have evidence to support their claim that the charge was legitimate, they may be able to recover the funds. Fortunately for the consumers, the credit card companies generally give them the benefit of the doubt and assume the charges are fraudulent unless proven otherwise. Unfortunately for the merchant, this means that the burden of proof is on them.

How does Friendly Fraud work?

There are other types of fraud, often call friendly fraud. They are called “friendly” fraud because they do not involve stolen or illegally obtained credit card information. The actual card owner is the one perpetrating the fraud. Some examples of friendly fraud are when the customer orders a product online for delivery, receives the product, and then claims they never received it. This is referred to as Item Not Received (INR) fraud. Another type of friendly fraud is when the customer purchases a product and then claims that they are unhappy with it in some way, received the wrong product, or received a damaged product. If fact, they are trying to get away with not paying for it.

It is important to note that not all chargeback claims are fraudulent. There are legitimate cases where shipments were never received or the wrong product was shipped. To complicate matters, there are cases of “porch theft” where the product was actually delivered, the delivery driver left the package on at the recipient’s address, and then someone else stole it. So even though the merchant is correct that the package was delivered as expected they may still lose the chargeback. For this reason, it is important for the merchant to have insurance to cover the shipment. This insurance can be purchased through the shipping carrier (UPS/FedEx/USPS), through a third party insurance company, or through a service that protects merchants from credit card fraud.

How can a Small e-Commerce Business Protect Itself from Credit Card Fraud?

As a first line of defense, e-commerce store owners should activate the basic fraud controls that are a part of the credit card processing service they use. Services like Paypal, Shopify Payments, and Braintree all offer controls to allow store owners to block orders that don’t have the correct address, zip code, and CVV security code. They can also set up controls that block sales originating from certain countries or are above a dollar amount threshold.

David Kovalevki, Founder at Waka Coffee sells instant coffee and tea on a Shopify webstore. He shares some useful tips for managing credit card fraud.

“We make sure to check Shopify’s fraud analysis before we ship any product from our store. If the analysis comes back as “medium” or “high” risk for a fraud we will put the order on hold. We will then email the customer to confirm the data in question and advise that we will have to cancel the order if no response is received within 4 days. If we don’t hear back within this timeframe, we will automatically cancel the order. Our intention is not only to protect ourselves, but also the people that their information might have been compromised. By immediately refunding these orders within 4 days we hope we can prevent a lot of problems.”

How to avoid credit card fraud in Shopify?

Shopify provides tools to merchants that allow them to identify potentially fraudulent orders. This service is available to all merchants processing payments through Shopify Payments. The service includes a number of indicators that include the basics covered above like address verification and CVV verification. It also includes some advanced indicators like past payment activity on the credit card, number of payment attempts, number of credit cards used on the transaction, and geolocation information (like the distance between the shipping and billing address).

The service also includes fraud recommendations. Orders are classified as low, medium, or high risk based on a machine learning algorithm developed by Shopify. Any order that is classified as medium or high risk is flagged on the Orders page for high risk of chargeback. Flagged orders should be reviewed by the merchant. They can also be processed automatically using rules that are set up in Shopify Flow, a Shopify automation tool.

What are some advanced credit card fraud tools?

If a merchant needs extra protection, there are additional services that can be purchased to supplement the basic services the credit card processors offer. Some services like Kount and Sift offer additional insights into the order to aid in evaluating orders and deciding which ones are good and which ones are fraud.

Store owners can set rules to approve, hold, or block orders by cart size, geography (there is a strong correlation between the distance between shipping address/billing address/device location and fraud), credit card type, VPN usage, mobile vs desktop, and even IP address type (for example, you can block transactions from prisons!). One callout–someone will have to be assigned to monitor the order flow on a continual basis and make approve/reject decisions in a timely manner or customers will experience delays.

Another good option is to go with a service like Signifyd that automatically scans all customers orders as they are placed and decides which ones are good and which are bad. Any orders that are approved are guaranteed not to be fraudulent.

Other services like Affirm, Afterpay, and Quadpay which offer different customer financing options also have built in fraud controls, including a guarantee that the order is good.

What else can merchants do to protect themselves?

The website Mesa has an informative article on some additional steps a merchant can take to protect itself from credit card fraud. These include clearly communicating order and product information with the customer and having a clear return policy. This will go a long way towards eliminating chargebacks due to miscommunications.


If You Need Help or Have Questions, Feel Free to Reach Out

Categories: ecommerce