3 Strategies to Outsmart Frausters

Last week I shared some tips on spotting card testing cases.  This week, I am sharing some basic strategies to combat this type of fraud.

Card testing is often more an annoyance than a headache as quick eyeballing can easily spot these fraudulent attempt (see sample fraud order from the last post). 
However, switching from an automated or semi-automated order processing system to one heavily reliant on manual review, (not to mention additional administration of canceling orders, factoring out these orders for sales statics and analysis) can escalate this minor annoyance to a major pain.  

Here are 3 strategies we've seen that hopefully can help you tackle this problem and minimize administrative issues.

1. IP Black List 

The easiest solution would be to block the recurring IP addresses where the card testing orders are coming from. However, this can be a tedious cat and mouse game since the fraudsters will just switch IPs.

You can also try blocking a range of IPs or IPs from specific high risk countries. There are free services you can use to obtain the range. Certain platforms also have features that allow you to customize the IP block list. For example, Yahoo Stores can the "IP Blocking" feature.

At this point, if you are lucky,the fraudsters will probably cease attack and go somewhere else. They might become sophisticated and use proxies or other methods to bypass your IP country block, but this road block will deter many unsophisticated fraudsters.

2. Automate Cancellation

Another strategy is to let the orders come in, automatically flag them for cancellation, and then cancel them. This way, the fraudster’s strategy won’t likely to change and then they become very predictable and thus more manageable. This strategy is sometimes preferred over #1 because it's like fighting in stealth mode! You can use this strategy to collect data to potentially flag future orders that might come in with similar credentials like email or phone number but this time with a normal looking order information. Any data you can get to build your own "fraud cases" would be extremely helpful.

3. Minimize Manual Review  

Some merchants have dealt with this nuisance the old fashion way- by throwing more hands at looking at orders. Some merchants spent up to 1/4 of their time reviewing orders! Although not as cost effective, manual review, at the end of the day, is still a must. 

The goal to setting up any effective and successful manual review protocol should be:
to minimize the number of orders to be reviewed as well as minimize the time spent on reviewing each order. This means implementing a filtering system to first weed out transactions that are obviously fake/fraudulent/bad, and then using the right tools to aid and expedite your review. For example, you can implement both #1 and #2 to automatically filter out fraudulent orders right away to reduce the number of total orders in the queue. You can then layout a systematic process to check for remaining factors.

5 Signs Your Store Is Suffering from Card Testing Fraud

In the last few months, we have seen a noticeable increase in unsophisticated form of credit card testing, especially with our Yahoo Store merchants. “Card testing" happens when fraudsters use online stores as testing grounds for the credit card information they have.  Usually, they don’t care about the actual goods or services being purchased during the transaction.  Their only goal is to “test” the cards to make sure they have not been blocked/canceled and the credit limits have not been reached.

For example, we came across different variations of the following:

Name:   weratawreta fsgsdfg
Address:  dfgsdfgs
              Miami, FL 33166
Email:   dfdsfsdf@yahoo.com

Name:      rtretertr trtrtrt
Address:  456 4ffdefs
               544
               los angeles, ca 90021
Email:    hgfdfgff@gmail.com

These two cases are SO obviously fraudulent because of the gibberish information they contain, they are easy to spot. However, sometimes card testing can be a little more sophisticated and not so out rightly fake.  Here are 5 other things that should help you determine whether you are under a card testing attack! 

What Are Chargebacks Part 1 of 3

Chargeback 101

In this entry, we will be giving a general overview of what chargebacks are and the implications for merchants that receive chargebacks.

A chargeback occurs when a credit cardholder contacts his issuing bank to dispute a transaction or initiates a refund for a purchase made on his/her credit card. Chargebacks happen for a variety of reasons, part of which can be explained from the chargeback reason codes given to merchants but they are not always accurate. In general, chargebacks usually arise from the customers' dissatisfactions with the purchase (e.g. product not as advertised), buyers' remorse, and fraud. Chargebacks can often be classified into two larger categories: friendly fraud and true stolen card fraud, which we will cover in more detail in Part II and Part III of this series.

Why are chargebacks such a problem? 

When merchants get a chargeback, they lose the following:

1) Revenue from the product or service sold
2) Value of the product/services sold (unless they can get customer to return the product)
3) Processing fees from the purchase

In addition, there is usually a chargeback fee, ranging from $15-30, levied per chargeback by the merchant's processor. Since chargebacks can happen up to six months after the original transaction took place (some issuers allow even longer time frames), this can present an cash flow issue since merchants may have already spent the earned revenue, for example, to buy more inventory. There are associated  costs involved as well such as administrative and customer service related costs in dealing with the chargebacks

What happens if a merchant has too many chargebacks? 

Aside from the financial losses due to fraud, chargebacks can actually do even greater damage to an online business. The card associations will levy fines against the merchant's acquirer, which in turn will pass on the fines onto the merchant for excessive chargebacks. What is considered excessive? The threshold is actually quite low. Merchants who have more than 1% of their total volume of transactions or 1% of the total revenue result in chargebacks are at risk. If uncontrolled, on top of the fines, merchant acquirers often will start keeping portions of the merchants' funds on reserve. This can cause serious cash flow problems. If merchants cannot cure the chargeback problem, there is a possibility that the merchants will have their merchant accounts terminated and/o lose the ability to accept credit cards online. Getting another merchant account after such a termination can be difficult. 

What can merchants do to protect themselves? 

Sounds serious? Well, it is. Chargebacks are an annoyance that all merchants will deal with at some point with various degrees of severity. Luckily, managing, reducing, and keeping your chargebacks under the 1% threshold is not that difficult with the right processes and tools. In the next two parts of this series, we will examine how to identify and how to reduce chargebacks related to friendly fraud and true stolen card fraud.

5 Fraud Prevention Tips for the Holiday Season

The holiday season is well underway. Better late than never, just wanted to remind everyone of the simple things that can be done that can go a long way. None of these require any new tools except a little of common sense.

Here are some tips that are quick and easy to adopt to help you deal with holiday fraud headaches.

1. Address matching: although this might be hard during the holiday season, especially when lots of grandmas are shipping to little Johnnys everywhere, this still can be used as the basic filtering criteria to automatically flag transaction for manual review.
2. Watch out for overnight shipping: it is perfectly understandable to pay extra overnight or express shipping when it's 2 days before Christmas.  However, if a customer is paying a lot extra when there is plenty of time to spare, then that raises a red flag.
3. Provide GREAT customer service: a lot of times chargebacks can be avoided if customers can easily return or exchange an item.  So make a point to make it easy for customers to reach you and reverse the charges through YOU and not their bank.  This means having lenient policies, providing clear instructions that encourage customers to contact you, sending confirmation emails after order and processing requests promptly, etc.
4. Collect signature or delivery confirmation: whenever possible and definitely when it involves a high price ticket item.
5. Automate basic screening: (see #1) so that you have time to do manual review of orders that require more attention.

Hope these tips put you in a holiday fraud fighting mood!!

Subuno Blog On Credit Card Fraud Prevention

Today, as part of our mission to educate our customers and other SMB merchants on the issues relating to card-not-present credit card fraud and how to deal with them, we are launching this blog. This is where we hope to carry on informal conversations and share tips and lessons with the community. In addition, we will explore different tools and solutions that merchants can use to fight fraud that we have integrated as well as solutions not currently integrated.

If you have any questions or would like us to cover certain topics, feel free to let us know at blog@subuno.com.