Table of Contents
Accepting card-not-present (CNP) transactions is the fastest and most convenient way for online marketplaces to receive payments from buyers. Unfortunately, CNP transactions hide various risks for businesses as fraudsters can use stolen card details combined with buyer identity imitation to make fraudulent purchases. Below are the best tips that will help your business identify and avoid such attempts.
Employ a Payment Gateway
Payment gateways with high-risk processing protocols offer automatic risk evaluation reports for all transactions attempted or made by users on your marketplace. Here are the risk grades that can be assigned to transactions and the recommended actions:
- No risk evaluation – transactions that don’t have any risk evaluation are considered qualifying as the algorithms didn’t associate them with any kinds of fraudulent activities. It’s important to understand that chargeback fraud may occur after an eligible payment is accepted. You won’t lose anything if you verify the cardholder information of new customers and request signature-on-delivery verification to prevent friendly chargeback fraud.
- Moderate risk grade – moderate risk grade indicates potential fraud and requires you to request cardholder’s information for identity verification. Make sure that the cardholder’s billing and shipping addresses are the same, and use the contact information to confirm the order. You have the right to contact both the cardholder and their bank. It’s recommended to issue a refund and recall delivery to avoid any chargeback disputes if you can’t verify the cardholder.
- High-risk grade – such transactions are usually followed by multiple fraud indicators, including a large number of similar goods in the order, unmatching addresses, wrong phone numbers, multiple card information entry attempts, etc. An immediate refund and shipping cancellation is recommended.
Remember that not all transactions marked as moderate and high-risk are actually fraudulent. That’s why identity verification is necessary. On the other hand, you can block high-risk transactions automatically to minimize chargeback.
Use Device Fingerprinting
Device Fingerprinting (DF) is an identity verification method that uses device information, such as OS and browser versions, cookies, configurations, IP addresses, device IDs, information from sensors (on smartphones), WiFi connection info, etc. All the information is used to match user IDs with unique device profiles. This may help detect and prevent transactions from stolen accounts and identify card testing fraud attempts. DF allows you to identify multiple transaction attempts from the same devices and block them to avoid disputes in the future.
Use Address Verification Service (AVS)
AVS is an automated transaction monitoring system that can instantly detect and report transactions that have suspicious billing address records. In most cases, an AVS is already integrated into your payment processing platform, but you need to adjust it for your particular needs.
Request CVVs For All Transactions
CVV or CSC is a 3-digit security code that you can find on the back of your credit card. Requesting this code for all transactions ensures that the customers actually have the credit cards in their hands. However, you must not store CVVs in any form as it’s illegal and can be used by fraudsters to steal the identities of your customers.
Conduct Regular Security Audits
Scanning your marketplace for breaches and potential fraud opportunities is the only way to figure out the weak spots before fraudsters do it. Make sure that:
- All the elements are up to date;
- The SSL certificate is valid;
- PCI-DSS-compliance is valid;
- Admin, CMS, FTP, and database passwords are different and strong;
- The website is scanned for malware;
- All the connections are encrypted.
On The Rise
The eCommerce market is still far from its peak development point, but it’s on the permanent rise. The booming growth of online purchases during the pandemic revealed the elevated need for security, so do your best to keep your online marketplace up to date. It’s the only way to protect your business and customers.