U.S. ecommerce sellers are facing above-average rates of card-not-present (CNP) fraud, and a recent U.S. Payments Forum white paper found that CNP fraud in the United States is rising by 16% per year. One reason for these high rates is that merchants aren't using all the fraud detection tools they have at their disposal to effectively -- and proactively -- fight fraud.
As CNP fraud increases, ecommerce and multichannel merchants must understand the array of fraud prevention tools available to them and how to use them to prevent chargebacks without sacrificing valid orders.
Many online sellers in the United States and elsewhere still rely on card verification values (CVVs) and internal "blacklists" as their primary forms of fraud protection.
While these simple security measures have their place in the fraud screening process, they’re just not enough on their own to protect merchants from determined and savvy fraudsters. To better prevent chargebacks, online retailers must understand what these tools can and can’t do and which tools should be part of a robust fraud protection program.
At first glance, requiring customers to provide their CVVs – the three- or four-digit code on the back of a physical credit card – seems effective for verifying that customers possess the card they’re using for the purchase. However, criminals have found a way around this requirement: stealing CVVs using web-based keyloggers that capture customers’ data as they make purchases with online sellers.
But that's not the only way fraudsters acquire the CVVs of stolen credit card numbers. They also use card testing -- a type of fraud in which thieves try different CVVs on small orders until they find a match – tripled in first-quarter 2017. Once fraudsters have identified the CVVs and confirmed the cards work, they move on to higher-value fraudulent purchases. And they do this all while appearing to be valid customers in possession of the physical credit card.
Another common fraud prevention technique merchants place their confidence in is Visa and MasterCard's Address Verification System (AVS). Ecommerce retailers hope this approach will screen out obvious fraud; unfortunately, experienced fraudsters know how to circumnavigate AVS requirements. Merchants who rely heavily on this filter might actually see an increase in false declines when a legitimate customer (like a college student or someone who’s recently changed addresses) inadvertently enters the wrong billing address for their card at checkout.
[Click here to continue reading.]