Taking a business online opens up a new horizon of opportunity: Expanded customer reach, increased growth, and profit potential. But with the ecommerce world at your fingertips, you can also have a host of threats on your hands.
Cybercriminals, fraudsters, phishers, and scammers are among the most crafty of payment pests. And the digital world gives them many paths for devious invention. Stolen credit card information and stolen identities are used every day to make fraudulent online purchases.
Those “online purchases” are synonymous with card-not-present (CNP) purchases, which increases the difficulty of verifying legitimacy.
When this type of crime is successful, someone foots the bill. It’s usually the ecommerce merchant who absorbs the cost. Forewarned is forearmed, however, and being familiar with fraud tactics — and their prevention — will aid you in getting merchants up and running with secure ecommerce payments.
Common types of ecommerce fraud.
Stolen credit and debit cards.
The most common (and easy to perpetrate) kind of fraud is simple theft. A fraudster obtains stolen card information either by physically stealing a card, skimming the information from a POS reader, or purchasing the credentials from the dark web.
They then use the stolen information to make CNP purchases from ecommerce stores.
Card testing.
The first line of defense for stolen cards is to shut down or block them. Fraudsters will use card-testing to see if this has happened.
They may have information from one card or from hundreds or thousands of cards. They want to know if the payment data they have is valid as well as what the credit limits might be.
That’s where the “testing” comes in. With each set of card data, they’ll make several small purchases on ecommerce sites. If these “little” transactions get approved, they’ll make many more, larger purchases, harvesting as much as they can before a bank or cardholder catches on and shuts the card down.
Refund fraud.
In the event that a crook can’t get online goods delivered or can’t get a cash advance from a stolen credit card, they’ll try to get a refund. They’ll purposely overpay for an online purchase and then request a refund for the “mistaken” excess amount.
They may request that the money be sent as cash, check, or an alternative payment method, instead of as a card credit.
Chargeback fraud.
With this scam, the fraudster will make a purchase and then request a chargeback from the bank or card company, claiming, dishonestly, that the goods never arrived — or that they returned the goods to the merchant (even though they have not returned them). This kind of claim may even come from a legit cardholder, a tactic known as “friendly fraud.”
Whether a criminal or a dishonest cardholder, it is the merchant who will owe the chargeback amount to the card network or acquiring bank.
Account Takeover (ATO)
One of the great conveniences of ecommerce is allowing customers to store payment information in their account with the merchant, making for fast, easy repeat purchases. It also creates an opportunity to perpetrate fraud.
In an ATO scenario, a cybercriminal gets control of these accounts to make high-volume, high-priced purchases. They may gain access through hacking or phishing techniques.
They may also buy login credentials from the dark web and use a tactic known as credential stuffing, using bots to “stuff” stolen usernames and passwords until a correct combination gives them access.
Inovio can help you prevent and fight ecommerce fraud.
Experience with ecommerce is essential in not only providing a seamless, state-of-the-art customer experience but in guarding against the many types of digital fraud.
Inovio — a part of NAB Holdings — has over three decades of expertise with online payments. Their payment gateway is not only one of the most advanced in the industry, it’s one of the most secure. Inovio protects ecommerce transactions in a number of ways.
PCI compliance.
Inovio is a PCI DSS Level-1 compliant processor. This means they adhere to the strictest of Data Security Standards set by the major card brands and the Payment Card Industry Security Standards Council.
Having Inovio shoulder the weight of these standards means the merchants you work with have a reduced burden for PCI compliance — both timely and costly — which they need to operate an online business. Such a high level of PCI compliance provides a critical advantage in the event of a data breach.
Point-to-point encryption.
Inovio employs military-grade encryption, sophisticated and highly impenetrable to hacking. This means sensitive payment information has an extra layer of security as it passes between merchants and customers.
Tokenization.
Converting payment data into random characters is another way Inovio frustrates cybercrimes. Tokenized payment data is only decipherable to its owners — making it unusable for hackers.
This process reduces the complexity, time, and costs associated with protecting sensitive card information and customer data — because tokens take their place in the system and are only used once per transaction. For you and your merchants, the process is fast, simple, and safe.
Simplified fraud and chargeback mitigation.
Inovio helps prevent fraud before it occurs. Their real-time Risk Monitoring System analyzes customer, transaction, and affiliate data to identify suspicious activity.
It allows you to do things like limit the number of transactions coming from an IP source — which is highly effective at knee-capping activity like card testing.
There’s also powerful reporting tools, blacklist reference, and front-end security layers, all of which make Inovio’s solutions some of the most advanced risk mitigation technology available.
Time to take payments online? NAB is here to help.
If you work with merchants looking to expand into ecommerce, we have many tools to make the process seamless and simple — a natural extension of a merchant’s brand.
We have just as many solutions to make ecommerce safe and secure for everyone involved — like the Inovio safeguards we just discussed. Don’t let fraud stand in the way of growing your ecommerce portfolio. Go North and get online.
