Credit Card Fraud Detection Tips 2023
Table of Contents
- What Is Credit Card Fraud Detection?
- What’s the Difference Between Credit Card Fraud and Identity Theft?
- Essential Tools for E-commerce Fraud Detection
- How Do Fraud Detection Tools Work?
- What Else Can Merchants Do to Detect Fraud?
- What Triggers Credit Card Fraud Alerts?
- Can Card Networks Track Card Use?
- Can a Fraudster Use a Credit Card Just With a Number?
While the world of e-commerce has plenty to offer, one of the biggest disadvantages of doing business online is having to deal with credit card fraud. It's a drain on every merchant's revenue and trying to prevent it is a never-ending battle. Cardholders are generally well-insulated from the costs of fraud, especially in the US. All they have to do is tell their bank that a purchase wasn't authorized and—unless there's clear evidence that they're lying—the charge will be reversed at no cost to them. Unfortunately, the cost of credit card fraud has to go somewhere, and in most cases, it's the merchant that ends up paying for it.
In order to limit the amount of revenue they lose to fraud, it's important for all merchants to have effective fraud detection measures in place. This usually means employing a combination of different tools, from common checks on cardholder information to advanced risk scoring algorithms. Let's take a look at some of the best practices and tools for detecting credit card fraud online.
What Is Credit Card Fraud Detection?
Payment cards are easy to use because you only need to transmit a few simple numbers to the bank in order to identify your account and authorize the transaction. This simplicity makes them vulnerable as well. It’s very hard to practice rigorous data security on a few simple numbers that must be shared with the parties you’re transacting with.
In the card-present space, EMV chips have gone a long way towards reducing in-person fraud. These chips tokenize account numbers, making them less vulnerable to data theft, and cannot be counterfeited as easily as magnetic stripe cards.
In the card-not-present transaction environment of e-commerce, there is no technological solution equivalent to the EMV chip in terms of widespread use and effectiveness. There are some possible solutions on the horizon, most notably Click to Pay, but unlike EMV chips, these require action on the customer's part to sign up for the service. That means there's a significant barrier to adoption that can't be overcome by some equivalent of the EMV liability shift that ensured widespread acceptance of EMV chips.
For now, at least, merchants have no choice but to make use of a wide variety of tools, methods, and operational practices if they want to stay ahead of the fraudsters.
Credit card fraud costs the global economy more than $24 billion per year, and the numbers keep going up. Smaller merchants suffer the most from the impact of fraud, and that’s why it’s so important to have tools and practices in place to detect fraud in its early stages.
What’s the Difference Between Credit Card Fraud and Identity Theft?
Credit card fraud can originate from a wide range of scenarios, from a thief stealing a credit card from an unattended purse to sophisticated cyber-attacks that steal thousands of credit card numbers from merchant websites.
Identity theft, on the other hand, typically requires access to someone's detailed personal information. This is often obtained through phishing or via a personal relationship with the victim, but in some cases, malware and data breaches can also be used for identity theft.
A third type of fraud, account takeover, is when a fraudster gains access to an online account, such as at a bank or e-commerce store, that belongs to someone else. Account takeover often leads to credit card fraud, as the fraudster may be able to make purchases or steal payment credentials if the account owner had their credit card information stored there.
From a chargebacks perspective, it’s also important to note the specific case of “friendly fraud,” where a customer authorizes a purchase and then disputes the charge under false pretenses. Merchants should always fight friendly fraud chargebacks. With the right evidence, you can get them reversed.
Essential Tools for E-commerce Fraud Detection
Data security starts with your foundational hardware and software. Make sure that the platforms you use for processing payments and storing customer data are PCI-DSS compliant, which means they’re up to date with the latest industry-standard anti-fraud security measures.
The next step is to utilize some of the basic anti-fraud tools provided by your payment processor, like AVS and CVV verification. This requires purchasers to enter the correct billing address and CVV number associated with the payment card in order to complete a transaction. While some fraudsters will have access to this information, many won’t.
CVV information is prohibited from being stored by merchants, ensuring that fraudsters who hack into a database of customer information won't be able to easily bypass this simple fraud detection measure.
Unfortunately, phishing has become an increasingly popular way for fraudsters to steal credit card information, since a successful attempt will give them the complete payment credentials.
Beyond that, third-party anti-fraud tools like Bolt, Kount, and Sift can bolster your defenses by using artificial intelligence and machine learning to identify fraud. Merchants can also adopt solutions like 3-D Secure, which authenticates customers with their bank, in some cases adding an additional authentication step for them to complete.
How Do Fraud Detection Tools Work?
Risk scoring is one of the most common fraud detection methods offered by third-party tools. With rules-based risk scoring, the merchant sets up rules based on known indicators of fraudulent transactions, each of which assigns a positive or negative score to a transaction attempt. Based on the total score, the transaction can be accepted, rejected, or marked for manual review.
Other risk scoring tools use machine learning to analyze past transaction data and come up with a complex system of rules. The algorithm attempts to determine what rules will result in the greatest level of fraud detection with the fewest false positives, resulting in a more complicated and effective system than anything a human could come up with.
Velocity checking looks for multiple transactions with one or more pieces of shared information in a short period of time. While it's not uncommon for a customer to forget something and make a second order soon after the first, three or four orders in sequence will often be fraudulent.
What Else Can Merchants Do to Detect Fraud?
Once technological solutions have been set in place, merchants have only their knowledge, experience, and intuition to help them identify fraud — but these can be powerful resources.
It’s easier to spot the red flags of fraud when the fraudster has to deal with the merchant face-to-face, so once again brick-and-mortar merchants have the advantage here. However, as you get to know your customers and the flow of your business, you will spot indicators and patterns that signify fraud.
There may be certain products in your inventory, for example, that have a high resale value and are frequently purchased by fraudsters.
While some merchants may believe they have mastered the art of sniffing out fraud, it never hurts to supplement with some good data science. When you analyze your known true fraud transactions, the data will show you even more indicators and patterns, and may confirm—or dispel—some of your hunches. You can also use the results of your fraud data analysis to inform your fraud scoring thresholds.
True fraud chargebacks are the worst and most costly type. They can’t be fought, you’re out the money for both the transaction amount and the product you shipped, and it’s often difficult to point to any single vulnerability or operation error that led to it.
With the right tools, training, and experience, chances are better that you’ll be able to catch the subtle signs of fraudsters in the act and block them from doing business with you. It’s no easy task, but it’s one that every merchant has to take on if they want to protect their customers and revenue from bad actors.