While merchants themselves aren’t always the intended targets of merchant identity fraud, they’re always a victim, suffering from damaged reputation, revenue loss, excessive chargebacks, at-risk merchant accounts and more.
But if merchants understand the different forms merchant identity fraud can take and why they are vulnerable, they can take proactive steps to avoid becoming a victim of identity fraud schemes.
In merchant identity fraud’s most basic form, criminals create fraudulent merchant accounts after stealing an e-commerce business’s identification. The newly created “business” then posts charges to customers’ credit cards, collects the money and closes the accounts. The legitimate business is left to deal with unhappy customers and banks, chargebacks, TC40 claims, and fraud reports.
This type of fraud is more common than merchants might want to believe: In 2010, the Federal Trade Commission stopped a scheme in which fraudsters established more than 100 fraudulent merchant accounts and bilked more than $10 million in small amounts from a million credit and debit card holders.
But this isn’t the only way merchants can fall victim to identity theft. Here are three other identity theft schemes fraudsters may perpetrate against unsuspecting merchants.
Potential employees are expected to have to divulge a certain amount of personal data — like Social Security Numbers and dates of birth — when applying for a job, and today’s scammers are taking advantage. Cybercriminals create legitimate-looking business websites, often duplicating information from existing businesses and mimicking their URLs, and then offer fake job opportunities. Applicants responding to these nonexistent job postings unknowingly providing substantial amounts of personal information to fraudsters — who then use the data to open new credit card accounts and loans.
After stealing business EINs, fraudsters create fake W-2 forms and report fictitious income, then accomplices posing as employees file bogus tax returns and receive undeserved tax refunds.
Cybercriminals may also report fake tax withholding amounts. This means the taxes the employer paid for its legitimate employees won’t match what the IRS and state tax agencies have on file, thanks to the phony reporting. The result is an apparent tax deficiency for the defrauded business, leaving them owing significant back taxes while facing the daunting challenge of proving they’ve been the victims of fraud.
Some fraudsters impersonate businesses by creating legitimate-looking websites and sending out emails to customers that claim “security concerns” or “excessive logins” require the recipient to click a link and confirm personal and account information to avoid their account being shut down.
Cybercriminals send out thousands of these phishing emails at a time and create upward of 1.5 million new phishing sites monthly. The e-mails and sites look and sound legitimate, with the fraudster using graphics taken from the real merchant, incorporating highly technical elements, and using secure-looking (but fake) URLs that are almost identical to the company’s actual URLs. And these attacks work: They cost large companies $3.7 million yearly.
Merchant identity fraud is hard to prevent. Many merchants won’t discover their information has been compromised until months down the road, when chargebacks start hitting accounts and victims start asking about unfamiliar credit card charges.
To stay ahead of scammers, e-commerce merchants should follow these strategies:
Each time a customer makes a fraud claim on a card-not-present transaction, the card-issuing bank creates a TC40 claim for the transaction. But if they’re small-value transactions (less than $20, for example), many issuers absorb the expense themselves — until claim levels get too high. But because merchants can’t always access TC40 data, they may not know they’ve been hit with TC40 claims until it’s too late. By then, they’re facing fines from the credit card issuer, losing processing accounts altogether and experiencing an increased number of false declines.
Disgruntled customers often turn to online reviews to vent about their negative experiences with an e-commerce merchant. So if there’s an uptick in consumer complaints online — or even if customer service teams experience a rising number of phone calls and emails about fraudulent charges or phishing emails — online merchants should investigate what’s behind the problem.
Fraudsters are becoming increasingly sophisticated and better able to effectively impersonate and defraud legitimate merchants. That’s why e-commerce businesses should consider outsourcing their fraud protection solution to a provider that understands the latest fraud trends and that can manage sales peaks easily, take responsibility for fraud losses and protect against damaging chargebacks.
ClearSale’s advanced solution can help your business analyze the context of each of your transactions, identify the broader trends at play and quickly analyze thousands of unique data points — helping reduce the risk of you becoming a victim of merchant identity theft. Contact us today to learn more about how we can help you protect your revenue and reputation.