Guest Author: Amy Monro
Amy Monro is the PR and Social Media Manager at Sage Pay.
Sage Pay is the UK’s most recommended payment gateway provider, helping over 45,000 customers process payments in the UK and Ireland.
The ongoing battle against fraud: How to protect your business
Big brands and those selling luxury goods might seem the most obvious targets for online fraud, but almost all Internet businesses are faced with a degree of risk that simple tools and processes can help to mitigate. Below we’ve put together a guide to the most popular fraud screening tools available to help you protect your business and clear up any confusion about what they are and how they work:
The address verification system (AVS) and the card security code (CV2) protocols were introduced by the banking industry to help combat growing issues around verifying the cardholder’s identity.
These tools check the address entered at the time of purchase, along with the CV2 code (the three digits on the back of the card) to verify that the cardholder has the card with them when they are authorising the transaction and that it is registered to their delivery address.
- These checks help to combat unauthorised card use due to cloning or theft. -These tools are checked in real time so you receive the results at the same time as the authorisation result.
- Most payment service providers enable these tools on your account for free and with some, for example Sage Pay, you can create rulebases to automatically accept or reject transactions based on the results so you don’t have to keep a manual check on them.
- AVS is a UK scheme only, which means that it’s currently not possible to check these results for overseas orders.
- Only the numerics of an address are checked. The non-numerical characters in the first line of an address are not verified which means that is possible to receive a false negative result if the shopper does not enter a house number but a house name.
- The protocol is unable to check either AVS or CV2 results on company cards
- The AVS checks are not separated out between address and postcode so if either part is not matched, the entire check will fail.
3D Secure is a fraud prevention initiative launched by Visa and MasterCard to provide a more secure method for authenticating that the shopper is the rightful cardholder at the time of the transaction. When submitting their card details, depending on the type of card they have entered, customers will be asked to enter their previously created 3D Secure password or have the option to create one if they haven’t already.
- 3D Secure can induce a liability shift of card fraud back to the card-issuing bank. In other words if you as the vendor process a transaction that has been fully validated by 3D Secure, it cannot be charged back to you if it is found to be fraudulent. This won’t happen in every case as that is at the discretion of your merchant bank.
- It is worth noting that the current system is perceived to be unfriendly to buyers, as it involves an extra step in the payment process, which can result in delays and increased dropout so the payment pages. This however, is just a matter of customer education and we advise companies selling products and services online to clearly signpost in the e-payment process what customers need to do and why.
- Not all cards are part of the scheme
Beyond the usual tools
Of course, it’s always a good idea to keep a manual eye on things as best you can and below we offer some basic tips on other things to look out for:
- Check the telephone number and delivery address against the billing address. Call the number to check that it’s genuine and for landline, check the area code matches.
- Always be wary of a low-cost transaction followed by several high-value ones. Fraudsters use this method with stolen cards to check there are funds available and whether the card has been blocked.
- Be cautious of ‘high-risk’ countries
- Check the email address to make sure it’s valid and be suspicious of free or anonymous email addresses
- If you’re still suspicious, consider sending goods by registered post to ensure you get a signature and avoid non-delivery claims.
There is, of course, no magic wand to eliminate fraud, so e-tailers need to be on their guard for the signs and the above tools used correctly should provide a good level of cover. It’s advisable to use all these tools in conjunction rather than be solely dependent upon any one and your payment service provider can help configure your settings to get optimum results and should be happy to discuss suspicious transactions with you.