Retailers are predicted to lose a staggering US$130 billion to fraud over the next five years1. With fraudsters becoming ever more sophisticated, businesses face the real risk of financial and reputational losses.
How could fraud impact your business?
Newly formed, growing or smaller businesses may not have established proper fraud prevention mechanisms, and these vulnerabilities may be exploited by opportunist and money-hungry criminals.
With so many different methods of attack, how are fraudsters threatening businesses today?
- Stolen-card fraud: This occurs when stolen cards are used to make multiple fraudulent purchases. Sometimes the credit card declines or the fraudster may ask for the transaction to be made over multiple cards.
- Wire fraud: This occurs when a customer overpays for a large order and requests that the merchant wires the overpayment amount to them or someone else. However, the sale does not go through and the merchant loses money.
- Force-auth fraud: In this case, a customer requests that the merchant force an authorization of their card when it's declined by using a fake authorization code. This results in a chargeback for which the merchant is liable.
- Gift-card fraud: Gift cards are an easy target for fraud, such as when a customer returns stolen goods in exchange for a gift card.
- Chargeback fraud: This occurs when a customer disputes a legitimate charge, resulting in a chargeback for the business. For example, a customer purchases an item, receives it and then claims they either did not order it or it was never received.
- Cyberattacks: This is when criminals use computers and the internet to commit fraud. This can include anything from hacking into company systems to steal data or money, phishing scams and malware attacks.
- Phishing: This involves fraudulent emails purporting to be from a trusted source to trick the recipient into sharing sensitive information or clicking on a malicious link.
- Online-skimming fraud: Hackers exploit unpatched weaknesses in the point-of-sale system, use malware to steal the data and then sell the data for fraudulent purposes.
- Billing fraud: This is when a company is billed for goods or services that it never received. This can happen when a dishonest supplier creates fake invoices or when an employee creates false invoices and submits them for payment.
Spotting the fraud red flags
While the prospect of fraud may seem unnerving for any business owner, staff can be on the lookout for signs that may indicate something suspicious is occurring, which can help protect your business.
When taking cardholder-not-present (CNP) transactions, take extra precautions:
- These transactions, by nature, are considered high risk because you have no opportunity to physically check the card or meet the cardholder.
- If you take orders and process payments over the phone, follow the mail order/telephone order (MOTO) process. There are extra security steps in place for this type of transaction to help protect you, including address verification (AVS) and card verification (CVC) checks.
- Consider taking a small deposit over the phone and request the remainder of the balance to be paid in person via chip and PIN.
- If you are taking payments online, be sure to monitor your accounts and transactions for red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers. Where possible, try and avoid shipping goods to non-physical addresses such as P.O. boxes or virtual offices.
- For online transactions, you may also wish to set limits on the number of purchases or total value that you'll accept from one account in a single day.
- If you don't already have 3D Secure processing implemented, you may wish to consider this two-step authentication option.
- If you have any doubts, request further information or supporting documentation from cardholders to verify their identification, including driving licenses or passports.
Be wary of unusual orders, returns and delivery requests such as:
- Sudden large orders, particularly from new or unknown customers.
- Multiple orders of the same item or multiple orders to the same address with different cards.
- Contact details provided by your customer aren't contactable – this can indicate an order was placed with fake details.
- Use of temporary communication methods.
- Shipping addresses and billing addresses that differ; when possible, ship goods exclusively to billing addresses, which you've verified.
- Requests to change the delivery address after the payment has been made.
- Not being able to present a receipt or customer ID when trying to return goods.
Be cautious of unusual payment activity such as:
- Several repeated, declined transactions – most people own no more than two or three cards at any given time, so multiple card attempts may suggest suspicious activity.
- Failed payment verification checks.
- An increase in chargebacks.
- Buyer's billing postcode and card's postcode not matching.
- Pressure to wire transfer money.
- Requests to split large orders into multiple payments.
Take steps to defend your business
Effectively preventing fraud starts with establishing best practices and implementing strong security measures.
Here are a few important steps to get started:
Stay up to date with current scams and fraud tactics
With fraudsters taking their scams to new levels, keeping up to date on the current fraud landscapes and evolving tricks of today can go a long way in preventing your business from becoming a victim. Have strong internal controls in place to flag any suspicious behaviors and keep an eye on potentially fraudulent activity.
Train your employees and renew fraud policies regularly
Regularly train staff to ensure they understand how to process transactions correctly according to the payment methods you offer and educate them to lookout for possible scams. Have strong internal controls to keep an eye on potentially fraudulent activity and make sure there are processes in place for employees to report anything they deem suspicious.
Use robust fraud prevention toolsMake use of fraud tools available to help protect your business with a layered approach to security. Tools are available for both our US and UK customers, from making sure PCI DSS commitments are met to helping check your systems for vulnerabilities and protect them from malware such as ransomware, spyware and trojans.
While there isn't a sure-fire way to protect your business from all scams, understanding the types of fraud your business could be facing, spotting the signs and having effective tools in place is crucial. These precautionary measures can significantly reduce the risk of your business being targeted by scams and fraudsters, and you'll be better prepared to deal with any incidents if they do occur.
1Juniper Research, 2019 (as quoted in fraudsight-protect-datasheet)