With the rise of e-commerce and contactless services during the COVID-19 pandemic came an increase in fraud cases in the United States. Research estimates that payment card fraud in the U.S. reached about $11 billion in losses by the end of 2020, and credit card fraud is expected to increase even more over the next two to three years. Unfortunately, this is an issue that affects both businesses and consumers alike, from customers getting their account information stolen, to businesses dealing with fraudulent chargebacks.
In particular, chargeback fraud has been on the rise—however, businesses can adopt a number of methods to help prevent this. Whether that’s upgrading their payments technology or taking a few extra steps to ensure that card-not-present transactions are safe, here is what businesses can do to protect themselves and their customers from fraud.
When the coronavirus pandemic forced countries worldwide to go into lockdown, businesses had to pivot to online and contactless business models to stay afloat—which means they also had to shift to cashless payment methods. That shift has led to an increase in chargeback fraud, where merchants have to return the charge of an item or items to the consumer’s payment account, along with paying a fee to the bank.
There are three forms of chargeback fraud: card-not-present transactions, which is loosely defined as any transaction where the card is not tapped, swiped or inserted at a terminal; “friendly” fraud, where a consumer makes a purchase but later disputes the charge; and account takeover, where cybercriminals steal or hack consumers’ stored payment information.
Card-not-present transactions most commonly involve phone orders, recurring payments or subscriptions, and invoices paid online. Unlike with online transactions, where customers are required to input their card information, as well as the CVV code, expiration date and billing address as verification, some businesses don’t have the right security measures in place to handle card-not-present transactions, says Dustin Sullivan, vice president and national merchant sales manager at East West Bank.
“There's a lot of information that's collected [online],” Sullivan says. “Whereas, think about the old school pizza joint: When you're giving them the card number over the phone, they're just standing on their terminal punching it in.” That has led to an increase in consumers disputing the charges afterwards, with the businesses being unable to prove those claims were false.
Instead of just collecting a customer’s credit card number, Sullivan recommends that businesses gather as much information as possible to protect themselves from any potential or future fraud.
One of the most basic steps any business can adopt to prevent fraudulent chargebacks is to utilize address verification services (AVS), states Sullivan. AVS is a common tool used by businesses during card-not-present transactions and works by verifying that the billing address input by the customer is the same as the one associated with the card.
Businesses should also use other fraud detection methods, such as requiring payment card CVV codes and card expiration dates. Just those few extra steps can really help a business in the long-run, believes Sullivan.
“When [business owners] go back to their current [merchant services] provider and say, ‘well, the customer is saying it's fraud but we have this receipt saying that they signed for it,’ the provider is like, ‘well, did you collect this information on the transaction?’” Sullivan uses as an example. “The business owner is saying no we didn't, we didn't know you're supposed to—and so they're losing these disputes, because they don't have all of the information.”
Merchant services systems can be a great tool for detecting and preventing fraud, adds Sullivan. Certain systems can provide mandatory verification prompts for transactions that are deemed out of the norm. For example, “if they have a swiping contactless terminal and they're doing a card-not-present transaction, then it's going to ask for other layers of information to verify the validity of the transaction,” he explains.
It’s important to note that the liability for fraud is also “more transferred” if businesses adopt fraud detection methods and update their merchant services systems, adds Sullivan.
“Basically, how the burden of proof is slated, right out of the gate it is against the merchant,” he says. “If the merchant has done due diligence and has all of the proper information, that burden of proof shifts to the consumer.”
For instances of fraud where your customers’ sensitive information is compromised, adopting mobile payments and smart terminals can add an extra layer of protection.
Contactless payments, and particularly mobile payments, are more secure than using a credit card because all the information that is passed between the card and the point-of-sale terminal is encrypted and tokenized, says Sullivan. That means that the merchant never sees the customer’s credit card information, which not only reduces the risk of card skimming but also helps keep them PCI (Payment Card Industry) compliant.
“Take advantage of the software that is going to store the card information as a token and not the card information in total,” Sullivan advises. “They're not keeping cardholder data, which can put them in a really risky situation to be keeping information that needs to be so secure, like a credit card transaction. That way they will have risk-free transactions that will still go through with ease.”