Globally, fraud costs companies 3.6% of their revenue – so for every $50 sale you make, almost $2 of it gets lost to fraud. Worse still, total fraud losses are projected to reach $362 billion between 2023 and 2028 – and, with fraudsters getting smarter and finding ever-evolving ways to cheat the system, an effective fraud prevention strategy is a must.
To help your online business detect payment fraud, we’ve curated and collected the top 10 most vital fraud rules for 2023.
From knowing your client and educating your users to investing in velocity checks and machine learning, these strategies will help you identify and put a stop to fraud – and, with Checkout.com’s help, prevent its damaging impact on your business, reputation, and revenue.
Why is fraud detection important?
Fraud detection is important because it sends the message that you value not only your customers’ business, but their safety. And because without it, your business can fall prey to fraudulent payments – and these cost you money.
Let’s say, for example, that a fraudster makes a high-value purchase from your website. Despite some obvious red flags and inconsistencies (perhaps the Kansas billing address on the card was at odds with the Bangkok delivery address specified), you don’t have fraud detection set up – so you let the transaction through.
You ship the goods, before the real cardholder, checking their statement, discovers their details have been stolen. They raise a dispute through their bank, which results in a chargeback.
Here, you have two options – fight the chargeback, which takes time, money, and effort – or accept it. Should you accept it, you’ll not only have to refund the customer and pay a chargeback fee, but you’ll lose out on the goods you delivered. If this becomes a recurring theme, you may also lose your payment service processor, and face harsh penalties and fines going forward – not to mention the reputational damage that occurs should you become known as a high-risk merchant.
Fortunately, this damage is all preventable with a proper fraud detection system. So which fraud rules can help you navigate this world of myriad changing – yet avoidable – threats?
Learn more: How to avoid vendor fraud
10 fraud rules you should know
We’ve distilled our online payment fraud detection expertise to come up with the top 10 fraud rules your business needs to know about in 2023 – read on for the full list.
1. Staying on top of the latest fraud trends
To equip your business with the right fraud detection tools, you’ll first need to arm it with the right knowledge – and that means staying on top of the latest fraud trends.
Some of these include synthetic identity fraud – where fraudsters steal some aspects of an individual’s identity (such as their SSN) and combine it with other fabricated elements – and Buy now, pay later (BPNL) fraud. Social engineering, in which a fraudster uses deceptive or manipulative techniques to trick a cardholder into giving up their details, is also on the rise.
Keeping pace with the fraudsters helps you understand how they work – and how to stop them. So explore our guide to the different types of payment fraud to get started.
2. Identifying your company’s fraud risk
It isn’t only the fraudsters you need to understand – but your own company’s risk profile, too.
To get started, collect as much data as possible about your transactions. Look at the ratio of successful to unsuccessful, at how many ended up in chargebacks, and at which ones were cases of known (or at least suspected) fraud.
Next, quantify these risks: estimating the likelihood and impact of each type of payment fraud on your business. This will help you understand which types of fraud you, as a merchant, are most at risk of – and inform a tailored fraud detection strategy to tackle it head on.
3. Knowing your client
One of the first barriers to fraud your business can put up? Knowing who you’re selling to.
This means taking comprehensive steps, called KYC (Know Your Customer) checks, to verify the identity of your customers. Whenever an individual applies for financial products and services, signs a document with your business, or (in the case of a new employee) completes a hiring process, you need to ensure their details all add up.
To do this, you can harness biometric identity verification techniques (such as Checkout.com’s Identity Verification solution) which use fingerprint and facial recognition to match the customer against their documents: running liveness checks and mitigating against deep fakes.
4. Educating your users
Fraud prevention is a collective effort. Which means it not only requires your business, its stakeholders, and your payment service provider to be on board – but your customers, too.
So empower your customer base with fraud prevention knowledge and best practices. Provide clear information through your online channels – this could be a dedicated section on your website, a blog, an in-depth FAQ page, or via emails or social media – about what payment fraud looks like in principle and in practice.
Through this, you can train your audience to spot phishing and social engineering scams, and learn more about how identity theft happens. You can teach your customers to secure their accounts with your business through two-factor authentication (2FA), to recognize a secure website, and to know where to go if they think they have been scammed.
By educating your customers, you’ll be safeguarding them – and, by proxy, your own business – from fraud. You’ll also be setting your business up as an expert, and demonstrating that you care about your customers’ safety online – enhancing their trust in your brand in the process.
5. Collecting as much payment data as possible
To understand fraud, you need to get to grips with the trends and patterns it presents. Which, in turn, requires collecting as much cold, hard transaction data as possible. This includes:
- The transaction amount, currency, and timestamp
- Your customer’s IP address, and their billing and shipping information
- The customer’s card number, expiry date, CVV, and billing ZIP code
- The customer’s device data (browser type, screen resolution, and operating system)
- The customer’s geolocation data (the physical location they’re purchasing from)
- The customer’s previous transaction history and frequency
- The customer’s session duration (how long they spend making the purchase)
- The date the account was created, and the fluctuations in account activity
A recently created account with a high transaction volume? A suspiciously short session duration? An IP address from a country half a world away from the card’s billing information?
These all raise red flags – so it’s vital to collect and constantly analyze all the payment data you can. Better still, this information can be used to feed AI-driven machine learning models to automate and refine your fraud detection approach at scale. (More on machine learning below!)
6. Doing velocity checks
When fraudsters obtain stolen credit card information (usually off the Dark Web), they need to check whether it’s valid before they can start using it to make large-scale purchases. So, they engage in card testing fraud: making small transactions with different cards until they get a hit.
Velocity checks help prevent this kind of fraud. As the name – velocity – suggests, these checks monitor the rate at which someone is attempting to make multiple purchases from your site.
Three or four failed transactions over the course of a month generally won’t raise any red flags. Eight of nine transactions in five minutes, however, will – and it’s these kinds of patterns velocity checks are there to pick up. Velocity checks can also detect how many payments, within a specific time period, are coming from the same IP address – which helps if a fraudster is testing cards from multiple accounts.
7. Investing in IT security and employee training
Effective fraud prevention starts with your team – and your technology.
So, just as it’s important to educate your customers around fraud, you need to train your employees to identify and understand it, too. This includes teaching your employees to:
- Manage their passwords and login securely
- Handle data properly to prevent breaches
- Spot phishing and social engineering schemes
- Report suspicious activities immediately
By making this training ongoing, you can ensure you’re equipping your staff with the skills they need to keep up with the latest fraud trends as they emerge.
As for your IT security, ensure your business’s internal systems are protected by multi-factor authentication (MFA), and that your website’s firewalls and intrusion detection systems are firing on all cylinders. In payment security terms, the best way to safeguard sensitive cardholder data is to team up with a reputable payment service provider – like Checkout.com – who’ll use encryption and tokenization to protect your payments.
8. Being aware of new compliance requirements
As a merchant, it’s your responsibility to stay abreast of compliance requirements.
For example, all businesses that accept cards must comply with the Payment Card Industry Data Security Standards (PCI DSS). PCI is an industry mandate in place to safeguard cardholder information – and all companies that don’t comply face significant penalties.
PCI remains the most comprehensive regulatory framework that merchants accepting card payments need to know about – but it isn’t standing still. In March 2022, version 4.0 of the PCI DSS arrived, superseding the previous version 3.2.1.
The 18-month transitional period to adjust to PCI DSS 4.0 ends in September 2023 – so it’s something your business needs to be aware of. Fortunately, working with a reputable payment service provider makes handling your PCI compliance duties much easier.
Checkout.com is PCI DSS Level 1 compliant (the highest possible), and – alongside our partners – the team here can assist your business with its PCI responsibilities.
9. Utilizing machine learning
Machine learning is a subset of artificial intelligence (AI). It involves feeding sets of data into statistical and algorithmical models that enable computers to learn from big data – and make future decisions and predictions based off it.
In a fraud context, machine learning trawls through your historical transaction data. It learns about the patterns and trends of both legitimate and illegitimate purchases to be able to make informed decisions – and flag fraud to a high degree of accuracy.
To read more, head to our breakdown of machine learning in fraud detection, or explore our comprehensive guide to fraud analytics.
10. Using good fraud detection software
Last – but certainly not least – is the importance of using the right fraud detection software.
Particularly when paired with the analytical capabilities of the best payment service providers, fraud detection software acts as a comprehensive safeguard against bad actors.
To use a medieval analogy, applying the fraud rules we’ve listed here is like building a moat around the castle around your business. It’s important – but not completely thorough. What fraud detection software does is fill that moat with crocodiles – then build a thick stone wall between it and the hordes of marauding fraudsters beyond.
Read on to find out how Checkout.com’s fraud detection software stands tall to defend your business.
Learn more: A guide to fraud monitoring
How Checkout.com can help you fight fraud
When you accept payments with Checkout.com, you can do so across borders, in over 150 currencies, and in a variety of local and alternative payments. You’ll also be gaining access to one of the most advanced fraud detection solutions on the market.
Checkout.com’s Fraud Detection Pro provides an all-inclusive approach to fraud prevention: allowing your business to establish fraud rules, run AVS (Address Verification Service) discrepancy assessments, and harness data to develop risk-driven strategies.
With Fraud Detection Pro, you’ll benefit from many of the fraud rules we explained above: including machine learning and velocity checks. As for the latest fraud trends, we analyze transaction data across the entire Checkout.com to help your business stay ahead of them.
What’s more, Checkout.com’s fraud detection solution can flex to meet your precise payment needs, and grow in step with your business and revenue. You can use the preset configurations of our Fraud Detection solution to go live fast, or dive deeper with Fraud Detection Pro to benefit from a fully customized setup.
Interested in learning more? Get in touch with our team today to learn more about Fraud Detection Pro, and start tailoring it to your business’s payment security needs.