This holiday selling season may have been a good one for retailers, but every silver lining has a cloud. In this case, one shadow will be cast by chargeback fraud, which can occur when shoppers make purchases with a credit card and then request chargebacks from the issuing bank instead of from the merchant.
“Merchants bleed (US)$227 for every dollar lost to e-commerce fraud,” said Robert Capps, authentication strategist at NuData Security, citing data from Kount, a fraud and risk management solutions provider.
Etailers are “more susceptible to chargebacks, as they deal in card-not-present transactions,” observed Monica Eaton-Cardone, COO of Chargebacks911.
“Deliberate chargeback fraud is predicated on the idea that the cardholder didn’t approve the transaction,” Eaton-Cardone told the E-Commerce Times. “The more distance between a cardholder and the merchant, the harder it is to verity the customer’s identity, and the greater the risk that the transaction will turn into a chargeback.”
Opening up to more remote channels “will make the need for chargeback mitigation greater than ever,” she said. Chargeback911 projects chargeback costs will total about $25 billion by 2020, and “many of those” will be fraudulent.
The Pain of Etailers
Online fraud has increased dramatically, going up 33 percent in 2016. The success of chip-enabled cards “has greatly reduced the volume of counterfeit card fraud,” NuData’s Capps told the E-Commerce Times, driving criminals online.
Generally, brick-and-mortar stores have “sub-1.0 percent” chargeback rates and retailers about 0.5 percent, noted Kevin Lee, trust and safety architect at Sift Science.
Digital goods sold online have the highest chargeback rates, “often above 1 percent,” he told the E-Commerce Times. That’s partly because online fraudsters can be anywhere and transact any time, and partly because the laws for online crimes are more difficult to enforce.
“Stealing a $4,000 TV from bestbuy.com has a much lower penalty than stealing $400 from a 7/11,” Lee pointed out.
However, there are actions etailers can take to mitigate the risk.
1. Beef Up Website Security
The merchant’s website “is primarily where the most fraud occurs in regard to the merchant’s responsibility,” Capps remarked.
“Direct Web access to the merchant site is probably the best attack point for a fraudster, since that merchant is alone and often doesn’t have the protection in place to stop abuse on their site,” Sift’s Lee said.
2. Use Tools to Verify Customers’ Identities
“You need to employ tools to verify customers’ identities — like address verification and CVV alongside fraud filters,” Chargebacks911’s Eaton-Cardone recommended.
Additional tools, like delivery confirmation, are valuable as evidence if a transaction evolves into a chargeback, she said.
Simility earlier this year introduced 3-D Secure, a protocol designed to be an additional security layer for online credit and debit card transactions. 3-D Secure uses advanced machine learning combined with rules to evaluate each transaction in real time across attributes including device fingerprinting, in-session behavioral analytics, proxy filtering and geolocation.NuData Security’s flagship product, NuDetect, helps companies identify users based on their natural behaviors online.
3. Turn to the Experts
SMB retailers “should implement third-party transaction risk systems to reduce exposure to fraudulent transactions,” Capps suggested.
They should look at solutions that shift the responsibility for verifying transactions back to the card issuer or a third party that will guarantee the transaction.
The cost of such services often is less than the cost of the fraud they could incur, Capps pointed out.
“The best approach to deal with chargebacks is to outsource them to a firm with the necessary expertise,” Eaton-Cardone said.
“If fraud prevention isn’t viewed as a core competitive advantage, partner with an external company like Sift Science that specializes in [combating] this type of abuse,” Lee said.
4. Change Your Approach to Suit the Times
Don’t rely on traditional approaches, Lee cautioned.
“The traditional way is to create rules on what types of transactions a merchant wants to accept or decline,” he said. Such rules might include requiring presentation of a driver’s license to verify identity, and declining transactions where billing and shipping addresses don’t match, for example.
These rules do curtail fraud, but also might turn away potential customers.
“Consumers tend to have even less patience in this on-demand, instant gratification economy,” Lee noted.
“The only sustainable way to keep fraud under control is a combination of several factors,” he said, including the following:
- Machine learning models that analyze user behavior in real time and can predict the probability of fraud;
- Manual review of cases that fall into grey areas, as “the human ability to understand context is invaluable and cannot be replaced,” according to Lee; and,
- Rules, because “some things just can’t be allowed to happen.”
5. Be Aware of Outside Events
The recent Equifax breach, which may have compromised the personal information of 143 million people, is going to make things more dangerous for retailers, Eaton-Cardone warned, as it may lead to an increase in chargeback fraud.
“Thanks to the EMV liability shift, the cost of the Equifax incident will overwhelmingly impact online retailers,” she said. “We just don’t now how much it will cost yet.”