Resource center
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Topic
Region
Perspectives

How to detect online transaction fraud and protect your business

This guide shows you how to recognize the signs of online payment fraud, with tips on preventing it.

Link to the author's page
Yarden Mayer
September 24, 2024
Link to the author's page
How to detect online transaction fraud and protect your business

Online transactions are convenient for customers – and, sometimes, for bad actors. Numerous studies find that the volume and sophistication of fraud have increased substantially in recent years.

If a fraudulent charge goes through, your business will usually bear the cost. Not only will you have to reimburse the cardholder, you'll also pay a chargeback fee to cover the cost of processing the payment complaint. In addition, you've lost the value of the item which you shipped to the fraudulent party (if you're selling physical goods).

Online transaction fraud resulted in revenue loss and customer attrition for 47% of US merchants. Worse than that, a majority (68%) saw damage to customer satisfaction. This means there are long-term consequences as well as immediate impacts.

As well as financial loss, the schemes may view your future payment requests as less trustworthy, which means your acceptance rates could suffer.

Free course for MRC members. Enroll in the Fraud Essentials course today. Sponsored by Checkout.com. Enroll now.

What is transaction fraud?

Using false information or other deceptive action to obtain goods, services, or funds via any kind of transaction. Examples include chargeback fraud, where a customer disputes a legitimate transaction with their bank to get a refund. A payment with stolen card details is another instance of transaction fraud.

Transaction fraud can occur more easily when shopping on websites or apps. The reason is, any online card payment is a card-not-present (CNP) transaction. This means it's harder to verify who is using the card details, because there is no opportunity to provide a signature or swipe the card using an in-person card reader.

Thankfully, at Checkout.com, we're experts in detecting and preventing fraudulent online transactions.

Tips for fraud detection in online transactions

The best loss prevention strategy for your online payments is verifying who the customer is, where they are, and whether or not they have the right to use the payment details submitted. While some of these security checks will require extra action from the user (such as verifying their payment details via their banking app or passcode), many of the techniques involve no interruption during checkout. Instead, they involve payment flow configurations which you can arrange directly with your payment services provider.

Read through this checklist to ensure you are doing all you can to identify and prevent fraudulent transaction attempts:

1. Perform velocity checks

Velocity refers to how often requests from a single payment card or customer are coming through. Automated scams can attempt to make purchases using the same stolen credit card numbers hundreds of times within seconds. Of course, no human could possibly do this. So velocity checks are a good way to flag suspicious behavior. 

Your PSP will be able to compare activity using the same payment card across their entire data ecosystem, and pick up on patterns that indicate fraudulent or benign behavior.

2. 3D Secure authentication

To check that your customer has the right to use the payment details in question, you can perform an extra security check using 3D Secure authentication. It's a security protocol managed by EMVCo (an organization made up of the main global card schemes) allowing a merchant to validate transaction data with the bank that issued the payment card.

These data are passed to the issuer to check against the account holder's records. The issuer then delivers a response back to indicate whether or not further challenge is required. A 3DS challenge requires a customer to provide at least two of the following authentication elements:

  • Something the consumer knows: eg. PIN, password, personal information or security question.
  • Something the consumer owns: eg. credit or debit card, mobile device, card reader or wearable device.
  • Something the consumer is: eg. Biometric data like a fingerprint, face scan or vocalization.

It's considered a reliable way of preventing fraudulent payment activity because it's less likely a criminal actor would have access to these data points. In Europe, it's mandatory for online payments from EEA-issued cards to implement the latest 3D Secure authentication protocol, known as 3DS2. As well as helping to prevent fraud, using 3DS gives you the best chance of mitigating a chargeback because it proves that the payment was authenticated.

3. Request CVV

Asking for the Card Verification Value (CVV) – the three numbers on the back of a plastic payment card – helps to validate that the customer hasn't found the payment details through criminal activity. If the CVV entered at the checkout doesn’t match the data held by the issuer, the transaction should be declined.

4. Compare user location and shipping destination

Legitimate transactions often have similar billing, shipping and IP address locations. Consider whether that customer is likely to request a delivery to the shipping address, given their usual activity and billing location. Transactions that have a great distance between their IP address and shipping (or billing) address may be flagged for further investigation or authentication.

Note that a fraudulent actor may attempt to fake their location using an IP proxy. However, proxy piercing software can unmask the user's true location.

Learn more: What is an IP fraud score?

5. Use an Address Verification Service

A fraudster may not know the real cardholder's billing address. For that reason, you can use an Address Verification Service (AVS) to validate the customer's address with the issuing bank.

At the point of purchase, the card user has to provide their billing address and postcode. If these don’t fully match (known as an AVS mismatch), you may decide not to accept the transaction.

6. Validate the email address

A customer's email address is often associated with their payment details in their bank's records. To help verify whether or not a transaction is legitimate, you can pass the customer's email address to your payment service provider along with the payment request. This can improve acceptance rates and help to flag suspicious transactions, thanks to cross-checks with the bank's email address on file for the account owner.

Furthermore, research has found 40% of merchants hide their customer's email account from third parties for the purposes of fraud prevention when making sales. You could consider doing so, to minimize the risk that your customer's personal data is used to help enable transaction fraud.

7. Pass on device data

You can pass on data (about the device your customer is using to submit the payment request to your PSP. Examples of such data include the operating system, device type, and IP address. These enable your PSP to perform extra security procedures, such as cross-checking the typical device data associated with those payment details.

8. Flag large transactions

Fraudsters with stolen cards will often try to pull off the largest transaction they can before the card gets blocked. So setting a limit that automatically flags transactions over a certain amount can help to stop fraudulent behavior. You can set this limit by analyzing your typical basket value based on your business's transaction history.

How Checkout.com can help with fraud detection

As fraudsters' methods evolve, so does the technology and intelligence needed to stop them. To identify threats before they become costs, businesses need a reliable solution such as Fraud Detection Pro from Checkout.com

You can configure Fraud Detection Pro to align with your risk strategy as it evolves. It runs on machine learning, with options for custom risk rules, and robust testing features to protect your transactions.

To find out more about how you can use data in fraud prevention to gain a competitive advantage, speak to our team.

Download PDF

7 ways to boost payments performance
Download guideDownload guide
Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button

Most recent articles

Five ways businesses can prepare payments for the peak season surge
Blog
Nov 20, 2024

Five ways businesses can prepare payments for the peak season surge

Read article
Payment fraud trends (and how to fight them)
Blog
Nov 18, 2024

Payment fraud trends (and how to fight them)

Read article
Interchange fees explained
Blog
Nov 14, 2024

Interchange fees explained

Read article
Future-proofing your career: Education in payments and fraud
Blog
Nov 13, 2024

Future-proofing your career: Education in payments and fraud

Read article
What is a PayFac & what are the benefits of becoming one?
Blog
Nov 7, 2024

What is a PayFac & what are the benefits of becoming one?

Read article
What is Visa Direct?
Blog
Nov 7, 2024

What is Visa Direct?

Read article
How to prevent buy now, pay later (BNPL) fraud
Blog
Nov 5, 2024

How to prevent buy now, pay later (BNPL) fraud

Read article
What is Octopus Wallet?
Blog
Nov 4, 2024

What is Octopus Wallet?

Read article
Do omnichannel payments thrill your customers? Or do you just need more simplicity?
Blog
Oct 24, 2024

Do omnichannel payments thrill your customers? Or do you just need more simplicity?

Read article
Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday
Blog
Oct 23, 2024

Ecommerce trends shaping peak season sales this Black Friday and Cyber Monday

Read article
Data privacy and identity verification in the US
Blog
Oct 23, 2024

Data privacy and identity verification in the US

Read article
What happens in 336 ms? The journey of a payment transaction
Blog
Oct 21, 2024

What happens in 336 ms? The journey of a payment transaction

Read article
Return to home
September 24, 2024 14:35
September 24, 2024 14:35