Merchant Protection: Accepting Credit Cards Affected by Data Breaches
Credit card fraud is one of the leading causes of profit losses for merchants. Criminals gain access to credit card information and make unauthorized purchases. When the cardholder learns of these fraudulent transactions and files a chargeback, the merchant ultimately becomes the victim.
There are a number of things that have contributed to the increase in ecommerce credit card fraud. The surge of brick-and-mortar data breaches is often to blame.
Data Breaches by the Numbers
Many industry insiders have dubbed 2014 as the year of the data breach. This moniker is easily understood.
In 2014, the Identity Theft Resource Center reported a record-breaking high of 786 data breaches during the year, a 27.5% increase from 2013.
Some of the biggest names in retail were affected:
- Home Depot
- Neiman Marcus
Other businesses, organizations, and government agencies were hacked too:
- Restaurants like Dairy Queen, Jimmy John's, and P.F. Chang's China Bistro
- 11 casinos
- The state of New York
- Hotels like Hilton, Marriott, Westin, and Sheraton
- The United Parcel Service (UPS)
- Grocery stores like Albertson's and SuperValu
Unfortunately, 2015 is shaping up to be just as damaging. In the first six months alone, the Identity Theft Resource Center reports there have been 436 data breaches that have exposed more than 135 million records.
Online Merchants Ultimately Become the Victim
When data breaches make the headlines, the news reports often focus on the damage done to the consumers and the breached merchant.
For example, experts estimate the average security breach costs the merchant $200 per compromised cardholder. Since the average breach affects 28,000 cardholders, the merchant loses $5.6 million. Consumers exposed by a data breach lose, on average, 20 hours and $770.
But the true victims of data breaches are the innocent online merchants who process unauthorized transactions committed by those who originally stole the credit card information.
Unfortunately, many consumers don’t take the necessary fraud mitigation steps after a data breach. One survey of data breach victims reported 32% of victims ignored the data breach notification and did nothing after their sensitive information had been compromised. Only 28% of victims canceled the credit or debit card account affected by the breach.
Eva Velasquez, President and CEO of the Identity Theft Resource Center, identified one reason victims fail to prevent fraud after a data breach:
The ubiquitous nature of data breaches has left some consumers and businesses in a state of fatigue and denial about the serious nature of the issue.”
Because consumers fail to execute sufficient fraud mitigation strategies to protect themselves after a data breach, online merchants continue to suffer from unchecked credit card fraud.
Protection from Credit Card Fraud
While cardholders might be cavalier with fraud protection in the wake of a data breach, merchants are more cautious. One merchant interested in preventing unauthorized transactions posed this question:
Is it possible to find out if a credit card was previously compromised through a data breach but never canceled by the issuing bank?”
It would be ideal to research the validity of a credit card transaction before processing it, ensuring the cardholder has approved the purchase. That would help protect an innocent merchant from processing unauthorized transactions on cards that were compromised in a data breach.
Unfortunately, identifying potential credit card fraud isn’t so easy. It isn’t, in fact, possible to determine if a transaction is executed with a card compromised by a data breach or unequivocally state a purchase is safe to process.
Not only are banks incapable of disclosing information regarding cardholders’ accounts, cardholders might not even be aware of compromised data. Many data breaches go undetected for months or even years. It often takes even longer for the entity that was infiltrated to alert the victims.
So what’s a merchant to do? How can a merchant reduce the risk of fraud after a data breach? What fraud mitigation options are available?
In general, there are eight ways to keep credit card fraud to a minimum.
1. Use Address Verification Service
Address Verification Service is an automated fraud prevention system that aims to reduce the risk of unauthorized transactions. AVS compares the billing address listed during the checkout process to the address registered with the issuing bank (where monthly statements are sent).
An AVS mismatch could be a sign of potential fraud. The criminal might have limited access to the cardholder’s personal information and be unable to provide an exact match.
Related reading: What is AVS and How Will it Help Prevent Chargebacks?
2. Request Card Security Codes
Card security codes help authenticate a card-not-present transaction and ensure the actual cardholder is participating in the purchase.
Card security codes cannot be stored by a merchant, and therefore cannot be hacked by a criminal. If the valid card security code is used in the transaction, it is a strong indicator the shopper has the physical card in hand.
Related reading: The Role Card Security Codes Play in Preventing Chargebacks
3. Watch for Suspicious Activity
There are several warning signs of credit card fraud. Know the indicators of a potentially fraudulent transaction. Keep an eye out for suspicious activity.
Related reading: Best Indicators of Fraud for Card-Not-Present Transactions
4. Validate Orders
When transactions show potential credit card fraud red flags, try to validate the order with the cardholder.
The true cardholder will appreciate the extra measure of security and will be able to answer simple questions about the transaction.
If the transaction is credit card fraud, the criminal will likely use a fictitious phone number or email address. Or, the criminal might use his own contact information. The merchant should ask detailed questions about the transaction; the criminal might have been in such a hurry to process the transaction, he might not be able to provide sufficient details.
5. Use Fraud Filters
A fraud filter helps reduce the risk of profit loss by flagging transactions that are likely to result in chargebacks (those probably initiated by fraudsters). When a fraud filter dubs a transaction as “high risk,” the merchant has the option to terminate the transaction and avoid a potential unauthorized transaction.
Chargeback insurance, used in conjunction with fraud filters, can help the merchant recoup revenue in certain chargeback situations.
Related reading: What is Chargeback Insurance?
6. Request Chargeback Alerts
Rather than send a chargeback for each customer victimized by fraud, participating banks can issue an alert. Upon receiving the alert, the merchant has the opportunity to refund the customer rather than sustain a chargeback. Proper use of chargeback alerts means merchants shouldn’t receive chargebacks from bona fide fraud.
Chargebacks911 offers the broadest alert system on the market. If you’d like more information about preventing credit card fraud with chargeback alerts, let us know.
7. Use Visa Account Updater
Some cardholders do take the necessary steps to protect their sensitive information in the wake of a data breach. While this helps merchants avoid unauthorized transactions, it unfortunately increases the number of declined transactions for recurring payments due to outdated card information.
When cardholders try to prevent fraud after a data breach by canceling their accounts, they often forget to update recurring payment information with merchants.
Visa Account Updater was designed to reduce the number of declined transactions and the chargebacks associated with processing inaccurate information. Visa Account Updater acts as an information clearinghouse, providing an electronic exchange of current and accurate account information to merchants, acquirers and issuing banks.
8. Postpone Settlements
Merchants can only void a transaction before it is settled. After settlement, the transaction can only be refunded. Settled transactions are also susceptible to chargebacks.
By using an authorization hold, the merchant can temporarily freeze the cardholder’s funds or available credit, ensuring it is financially feasible to process the transaction at a later date. In the meantime, the cardholder has the opportunity to review the pending transaction.
By briefly postponing settlement, merchants can avoid processing unauthorized transactions against savvy cardholders who carefully monitor their accounts.
Related reading: Using Authorization Holds to Prevent Chargebacks
Doing the Best You Can with a Difficult Situation
Unfortunately, it isn’t possible to determine if a transaction is executed with a card compromised by a data breach. However, there are plenty of strategies a merchant can use to keep general credit card fraud in check.
Contact Chargebacks911 today. We’ll conduct a free, no obligation ROI analysis. We’ll show you how much more you could earn by effectively preventing credit card fraud.