These 7 eCommerce Fraud Prevention Best Practices are Crucial to Stop Attacks & Protect Your Revenue
Online fraud is more of a threat today than at any point in the history of eCommerce. Roughly one in ten transaction attempts submitted in the US in 2020 were fraudulent.
The heightened threat level means that fraud prevention costs are skyrocketing, too. According to the Merchant Risk Council, fraud management costs have increased five-fold since the beginning of the Covid-19 outbreak. Fraud prevention represented 2% of annual eCommerce revenue in 2019; by 2021, that figure had increased to 10%.
That trajectory is unsustainable. Something needs to be done — and done quickly — to bring those fraud management costs down.
The key to controlling fraud management costs is to examine what you’re already doing and optimize those practices. In this article, we’ll run down seven key eCommerce fraud prevention best practices and give you some insight on how to stop bad actors and protect your revenue while keeping costs under control.
Recommended reading
- Verified by Visa: How Much Protection Does It Really Offer?
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- Proxy Piercing: How Merchants Can Use it to Prevent Fraud
- The Top 10 Fraud Detection Tools You Need to Have in 2024
- Card Verification Values: What Are CVVs & How Do They Work?
#1 | Take Advantage of AI & Machine Learning
Machine learning (or “ML”) technology refers to the science of creating and applying an algorithmic process that is capable of learning from past data input to assist with making future decisions.
In a practical sense, that means AI technology looks at your past transaction data and identifies patterns among valid and invalid transactions. It can pick up on the signs and red flags that you should watch for. The technology can then screen purchases, analyzing each order based on whether it appears too risky according to those historical patterns.
With machine learning, your fraud detection actually improves over time. The more data fed into the system, the more detailed and accurate the decision-making process can be.
Machine learning is not a foolproof solution for fraud. The technology is reactive, meaning it can only identify patterns based on historical data, and may struggle when new variables are introduced. Also, ML is only as good as the input it has access to. Bad data impacts the algorithm’s results, so if you misidentify friendly fraud as genuine criminal fraud, for instance, that skews the decisioning matrix.
Regardless, deploying the technology allows for faster, more accurate real-time decisions, and the technology only improves over time. What’s not to love about that?
Learn more about machine learning#2 | Look for Multiple Shared Data Sources
Like we mentioned above, fraud decisioning can only be as accurate as the data you consider during the decision-making process.
Looking at your own past data is a great starting point. However, you want to pick up on new and developing threats before they become a problem. Your fraud decisioning is could also be skewed if you’re drawing only on your own data. You want the broadest body of information possible, which is why expanding to additional information sources is an eCommerce fraud prevention best practice.
Your individual data insights are limited. By working with a third-party solution provider that has access to an extensive body of data, though, you can learn from other merchants’ experiences. It’s easier to pick out anomalies when trends are viewed more broadly.
This can extend beyond basic transaction data, too. You can draw on shared data from a variety of different sources, including:
- Web proxies
- Firewalls
- Authentication technologies
- Processors and payments facilitators
- Billing systems
- Customer databases
- Business apps
Wait a second: wouldn’t shared data violate security protocols? The short answer is “no.” The data is not individuated, so no personal details of any individual get shared.
#3 | Authenticate Buyers Based on Risk
No two buyers are exactly the same. A regular customer, using a familiar payment method and shopping from a familiar region is obviously going to represent a lower inherent risk level than a new buyer located in a high-risk region. Subjecting both these buyers to the same level of scrutiny makes little sense. Instead, you can layer your risk indicators and authenticate customers according to the risk they represent.
Customer segmentation is already a familiar practice within marketing circles. It needs to be more of a fixture in risk management.
There’s a host of automated technologies aimed at validating buyers in real time. Some of the most effective here include:
Geolocation
Pinpoint a buyer’s location to a low- or high-risk region or country.
IP tracking
Verify that the customer’s physical location matches the information supplied during checkout.
Proxy Piercing
Ensure that a fraudster isn’t hiding behind a proxy to try and disguise their activity.
Device Fingerprinting
Pick out activity from known user’s devices.
That doesn’t mean you have to reject buyers because a transaction carries a little more risk. You can simply segment those purchases off and submit them for additional screening. This introduces a little more friction, but in most cases, you can validate most buyers that might otherwise be rejected due to a false positive.
#4 | Be PCI-Compliant
The Payment Card Industry Data Security Standard, or PCI-DSS, is an information security standard used by organizations that handle branded payment cards. PCI-DSS sets standards for how to securely store and transmit cardholder data to prevent loss or fraud.
These security protocols are complicated, but PCI compliance is an important baseline. The requirements protect your customers by ensuring that you take the necessary steps to protect consumer personal data. In turn, this insulates you against fraudulent purchases made using stolen data. It also protects your reputation, as a high-profile data breach could seriously affect trust in your brand.
The PCI compliance standards are divided into six basic control objectives:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
PCI compliance is also divided up into four separate levels, numbered Level 1 through Level 4. The compliance level required for your business depends on your card sales volume. Also, conducting regular self-audits to ensure ongoing compliance with the requirements for your designated classification level will be critical.
Learn more about PCI-DSS Compliance#5 | Train Staff Properly
Your staff have to perform a delicate balancing act. They must help customers with any problems they may encounter either before, during, or after a sale. At the same time, staff have to serve as your best line of defense against fraud.
Training staff to serve customers effective, while also watching for signs of fraud, is the key. Customer service best practices need to go hand-in-hand with eCommerce fraud prevention best practices. This is most critical when conducting manual reviews of transactions. They need to be able to exercise judgement and know when to accept a flagged order or reject it.
A few examples of red flags to watch for include:
- A repetitive order with a lot of duplicates of the same item in different colors or sizes.
- Multiple cards used for the same order, or multiple orders in quick succession on the same card.
- Trouble supplying personal information, like a matching billing and shipping address.
- Customers repeatedly request updates about the shipping process.
- Not asking questions that you’d expect of a concerned customer.
#6 | Keep Software Up to Date
Here’s a startling figure: 95% of websites are currently using an outdated software product. That means that 95% of websites are vulnerable to a fraud attack.
Running your site using outdated software can cause a number of problems. For instance, older fraud detection software may be unable to intercept new threats because it can’t pick up on the warning signs associated with new fraud tactics. In other cases, fraudsters may be able to find and exploit weaknesses in software to compromise your systems.
Many applications will update themselves automatically in the background. This is not always the case, though, so it’s important to regularly check for updates and make sure they’ve been installed.
You should also be careful to back up your data when it’s time for an upgrade. Discuss any potential system integration errors with vendors and be sure that you’re not leaving any openings for fraudsters to exploit. Quickly patch any vulnerabilities whenever they’re identified.
#7 | Conduct Regular Audits
So, you’re already compliant with industry rules, you’re checking for software updates regularly, and you’re using machine learning as part of a dynamic, multilayer fraud detection strategy. Now, you can simply kick back and focus your attention away from fraud detection… right?
Wrong. Abiding by eCommerce fraud prevention best practices is not something you can simply set and forget. You need to evolve alongside the market. That means constantly revising standards and conducting regular audits to guarantee that you’re firing on all cylinders.
These recurring audits should go beyond what seems immediately relevant to fraud detection. All internal operations should be examined regularly. Ask yourself:
- Are you staying up to date with tech changes?
- Are your employees abiding by your established protocols?
- Are all internal processes working at peak performance?
- What and where can I optimize operations?
At Chargebacks911®, we’ve identified more than one hundred potential chargeback triggers that could be tied to any every facet of your operations. Marketing, customer service, fulfillment, accounting… all are relevant from a risk management perspective. Even a seemingly-minor missteps and oversights could lead to substantial revenue loss further down the road.
Learn more about merchant errorsBest Practices. Best Results.
Why would you throw good money after bad? This is exactly what you’re doing if you deploy fraud detection tools without best practices in place. You’d be spending money on a solution, but without taking the time and exerting the effort to really deploy that solution.
Still unsure where to get started? Not to worry — the experts are here to help.
At Chargebacks911, we’ve built our business helping merchants in all product verticals streamline operations, optimize processes, and reduce risk. Plus, our services are backed by a 100% ROI guarantee.
Ready to unlock your business’s true potential? The key is just a click away.
FAQs
What are the best practices to prevent fraud?
Merchants should deploy a multilayer fraud detection strategy, backed by machine learning, which draws on a diverse range of data to inform decisioning. They should also ensure ongoing compliance, and that all staff are properly trained any know how to manage risk factors.
What are 4 key components of a fraud management strategy?
Fraud prevention is based on four key practices: fraud prevention, fraud detection, tracking incidents of fraud, and responding to fraud.
How can ecommerce fraud be prevented?
Merchants need to adopt a multilayer strategy. This means deploying dynamic fraud detection tools that complement and reinforce one another, ensuring that customer service is well executed, and that that they are tracking data effectively to identify trends over time.
What companies help prevent eCommerce fraud?
There are a number of eCommerce fraud prevention companies currently on the market. They offer a variety of services, from fraud scoring and filtering to mitigation and chargeback management. Check out our full article running down the top 10 fraud detection software companies.