Five Types of Fraud Cutting into a Merchant’s Bottom Line

For every $100 in turnover that merchants face, 5.65 cents (0.05%) is attributed to card fraud. While this may not sound like a huge percentage, this added up to over $16 billion lost in 2014—and the percentage is rising. The percentage of money lost to fraud has been on the rise for the past four years, outpacing growth of card volume and hitting the highest point since 1993, a year in which 6.1 cents were lost for every $100.

Whether B2B or B2C, fraud and theft is omnipresent. But the first step in overcoming the challenge is to know the risks that persist from outsiders as well as those that come from the inside.

A recent article from Information Age took a deeper look at the types of fraud that exist, and we will introduce you to opportunities to prevent each type.

Identity Theft

One of the most common types of fraud that hits merchants is identity theft, noted by 71% of merchants as one of the most common forms of fraud. In identity theft, criminals simply take over an existing identity by targeting personal information, such as names, addresses, and email addresses, as well as credit card or account information.

To accomplish the hijacking of information, criminals utilize many methods:

• Phishing: involves using fraudulent websites, emails or text messages to access personal data.
• Spear Phishing: A highly targeted form of phishing using a familiar account to send a phishing message. For instance, the attacker will assume the email of a coworker or boss to send a message similar to that of the phishing message, but include more targeted information.
• Pharming: A cyber-attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
• Man in the Middle Attacks: Man in the middle attacks occur when the attacker inserts him or herself between two communicating parties while the two parties believe they are communicating with each other.

These attacks, all technological in every sense, are a concern. However, traditional methods including credit card copying and interception are a concern for retailers and purchasers.

Identify and Prevent Losses from Identity Theft

Identity theft can result in chargebacks for the business, meaning the businesses are victims of identity theft as well. Merchants can take the following steps to prevent losses from identity theft chargebacks:

• Consult fraud filters. Automated systems screen each transaction as it is processed. Transactions that indicate a probability of fraud are flagged for further investigation. Merchants then have the option of canceling the transaction or proceeding with the charge despite the risk.
• Utilize chargeback alert systems. Businesses can benefit from networks of banks that alert merchants of incidents of criminal fraud. When a consumer reports fraudulent activity, the bank will notify the merchant, allowing for the opportunity to refund the transaction. This eliminates the fees and negative ramifications that would typically be imposed with a chargeback.
• Check fraud indicators. Warning signs such as larger than normal orders, multiple orders of the same product, rush/overnight shipping, international shipping, and inconsistencies need to be noted and watched by merchants. Additionally, watch for multiple transactions on the same card, multiple cards for the same address, and multiple cards from the same IP address.

Friendly Fraud (Chargeback Fraud)

Another problem is that of chargeback fraud. In this, a purchaser will complete a purchase using his or her credit/debit card. It becomes fraud when the customer calls the bank or issuer, claiming that credit card or personal information was stolen. The bank cancels the payment to the merchant, and the merchant is now out a payment, a chargeback fee, and the product/service performed.

According to Chargebacks911, the most common methods of chargeback fraud:

• Saying the merchandise wasn’t delivered when it was.
• Claiming the merchandise was defective upon its arrival when it was actually fine.
• Disparaging the quality of the products or services.
• Stating the transaction wasn’t authorized when it was.

Particularly prevalent in payments for services (learn how VCNs prevent Chargeback fraud for travel agents and OTAs here), friendly fraud also presents danger for product-based businesses in the form of re-shipping.

Re-shipping occurs when criminals who use stolen payment data to pay for their purchases but don’t want to have them sent to their home addresses. Instead, they use middlemen, whose details are used to make the purchases and who then forward the goods.

Fighting Friendly Fraud

Chargebacks911 recommends the following:

• Don’t ship to a freight company
• In the case of suspicion, search the customer online
• Watch for address variations

For more, head to the Chargebacks911 blog.

‘Clean’ Fraud

Clean fraud is fraud that looks like a routine transaction—correct account information, matching IP location, even a positive order history from the customer. But then that ‘legitimate’ customer turns out to be nothing besides a fraudster.

Criminals study both the consumer and merchant before making the purchase, using botnets to ‘trick’ detection platforms into accepting a charge. The basic principle of clean fraud is that a stolen credit card is used to make a purchase, but the transaction is then manipulated in such a way that fraud detection functions are circumvented.

Overcoming Clean Fraud

A CyberSource report, “Online Fraud Management Benchmarks,” recommended a layered detection and management strategy: Cornering, dimensionality, and specificity.

• Ask for Reliable Information: The first step is to require shoppers to surrender a key piece of information using hard rules such as disabling shipping redirect and requiring the shipping address to be deliverable.
• Adding Dimensions of Data: With the reliable information provided, the next step is to add other related data on the order, building rules based on these dimensions in combination. An example of this would be to create rules with shipping address + velocity intervals AND shipping address + account number(s).
• Building a Safety Net: In the absence of reliable or available data, use ‘generic’ information to create a safety net and assess risk based on the level of information you have. For instance, if shipping address information is not available, create rules around risk levels associated with the zip code or country of the shipping address.

While these will not completely eradicate the threat of clean fraud, they are steps in the right direction to minimizing it.

Affiliate Fraud

According to Avangate, Affiliate fraud is any type of illegal activity designed with the intention of cheating merchants, other affiliates or buyers. The merchants are at a loss by fraud affiliates that mislead them into paying commissions that they shouldn’t be paying.

There are two variations of affiliate fraud, both of which have the same aim: to glean more money from an affiliate program by manipulating traffic or signup statistics.

This can be done either using a fully automated process or by getting real people to log into merchants’ sites using fake accounts. This type of fraud is payment-method-neutral, but extremely widely distributed—affecting everyone in the process.

• Affiliates lose commissions to black hat affiliates.
• Buyers are affected by spam and misleading information.
• Affiliate networks lose merchants who lost trust in affiliate programs.
• Merchants lose customers, as the merchants left the affiliate program.

Overcoming Affiliate Fraud

Avangate recommends the following screening techniques to prevent affiliate fraud:

• See if the affiliate has an active Web site
• Determine whether or not the site’s content relates to what you’re selling
• Ensure the affiliate’s site is optimized accordingly for the above mentioned content
• Keep in regular contact with the affiliate.

Triangulation Fraud

Triangulation fraud is carried out in three steps—hence the name triangulation.

• Step One (Fake Storefront): The fraudster opens a fake online storefront, which offers high-demand goods at extremely low prices. In most cases, additional bait is added, like the information that the goods will only be shipped immediately if the goods are paid for using a credit card. The falsified shop collects address and credit card data – this is its only purpose.
• Step Two (Using Credit Card Data for Item): The second corner of the fraud triangle involves using other stolen credit card data and the name collected to order goods at a real store and ship them to the original customer.
• Step Three (Using the Credit Card for Other Purchases): The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.

Trimming Triangulation Fraud

As this is harder to detect for merchants, this is much more complicated to overcome. CyberSource recommends the following to overcome triangulation:

• User Behavior: Watch for one user making multiple purchases with multiple shipping locations or purchasing the same or similar items multiple times.
• User Activity: Look at the age of the customer account, comparing the number of purchases to the age of the customer account. Also, watch for ignored promotions.
• Session Profile: Watch the length of the buying process.

Conclusion: Using Data to Your Advantage

Using effective analytics, planning, and data to your advantage is a useful strategy not only for preventing payments fraud, but also as part of your entire payments strategy. Learn more about the advantages of big data in your payments strategy in “Unlock a Treasure Trove of Insights in Your AP Data,” and see more using the resources below:

• Biometrics in Healthcare, Finance, and Payments
• Payments Professionals’ Digital Priorities in 2016
• Contextual Ecommerce
• Building an Online Storefront for the Flex Shopper

Follow @WEXIncNews on Twitter for all the latest payments news.