As EMV chip cards become the norm in retail settings throughout the US and Europe, credit card fraud is increasingly shifting to target online businesses. According to a Federal Reserve Payments Study, there were 31.1 million fraudulent transactions totaling $6.1 billion in value in 2012, and today’s figures are estimated to be significantly higher.
Understanding how your online travel company can detect fraudulent online charges and establish steps to deter them could save your business significant time and money. Here are 5 easy ways to mitigate payment fraud at your eCommerce travel business:
Flag IP and Issuer Geo-Mismatches
Most large-scale credit card fraud operations are perpetrated from second and third world countries against U.S. and European merchants. One simple way to eliminate much of this specific type of fraud is to flag or block all purchases in which the purchaser’s computer IP or their credit card issuer indicates that they are located in a high-fraud country.
You can accomplish this by simply using a payment gateway level fraud filter, and enabling this setting. If you have a large number of legitimate global sales, you can simply flag these transactions for manual review as opposed to blocking them entirely. By contrast, if your clientele are almost exclusively from the first world, then simply blocking these transactions entirely and asking the customer to call your offices directly to complete the transaction or complete them exclusively in person is likely a better course of action.
Require the card’s security code
Have you ever wondered why you are often asked for the 3 digit code on the back of your credit card when making a purchase over the phone with large retailers? The answer is that the merchant is attempting to minimize fraud by checking for a CVV match (https://en.wikipedia.org/wiki/Card_security_code).
Many fraudsters that purchase stolen credit cards on the black market do not obtain the CVV information along with the card, so by only processing transactions with a CVV match, you can largely eliminate an entire category of credit card processing fraud.
Enabling this protection is relatively simple. Make sure that your payment gateway has a fraud filter and make sure that CVV matches are required in that filter to complete a transaction.
Offer Detailed Terms of Service & Refund Policies
The largest category of credit card fraud is not perpetrated by hackers who have stolen customers credit card data, but surprisingly, by average customers. Customers who want to get out of paying for your company’s services either because they are dissatisfied, or simply want to get something for free, are committing a form of payment fraud known as ‘friendly fraud’ when they circumvent the terms of service or refund policies and instead file for a chargeback.
Customers initiate friendly fraud chargebacks either because they are unaware of the company’s refund policy, or because they are intentionally attempting to circumvent it. In either case, your travel business is significantly benefitted by having a detailed terms of service and refund policy prominently displayed on every order page. That way not only is a customer more informed, but should a customer file a chargeback against your company, you are in a much better position to refute that chargeback and win the dispute because the customer cannot claim, as many do, that they were uninformed of the refund policy and terms of service at the time of purchase.
Require an AVS Match
If you’ve filled up your car with gas recently, you were probably prompted to type in your zip code at the pump after swiping your credit card. The reason, is to provide an AVS match for the gas station. The Address Verification System (AVS) (https://en.wikipedia.org/wiki/Address_Verification_System) is a security setting that you can enable on your payment gateway which requires that the customer enter their address information along with their credit card, and it confirms that the address information matches the address on file before the transaction is successful.
The downside to AVS matches, are that many customers commit typos or put in an alternative address such as their work address instead of their listed billing address when entering their address. Thus, a strictly enabled AVS match can often lead to a large number of legitimate customers having their payments declined.
As a middle ground, your travel company can require merely a zip code match. This is far less prone to typos and mistakes, and still serves the essential function of requiring the cardholder to provide information that is not listed on the actual credit card in order to help prove their identity.
Flag Suspicious Transactions and Refine Filters Over Time
If your travel business’ average order is $500, and you just sold $20,000 worth of services to a single customer, that either means that you just had a great day at the office, or that you were the victim of fraud. Suspicious transactions can take many forms, but consider creating flags on your payment gateway that trigger a manual review of particularly large transactions, multiple transactions by the same cardholder in a short period of time, transactions where the shipping zip code and billing zip code do not match, etc. Most of these transactions are likely to be legitimate purchases. But by flagging them and manually reviewing them during the period between authorization and capture you can identify the fraudulent ones. And by charting your findings over time, you can refine your fraud filter rules to more accurately identify the credit card fraudsters that attack your particular online travel business.
eCommerce travel businesses often operate on relatively tight margins with fairly large average ticket sizes. As a consequence, being victimized by even small scale payments fraud can be particularly devastating for travel companies.
And given that online credit card transactions are estimated to be three times more likely to be fraudulent than a retail transaction, according to the 2013 Federal Reserve Payments Study, it’s critically important that travel businessess that accept online payments take the simple steps to mitigate credit card fraud that are available to them.
About the Author
Brad Martin is the editor for Soar Payments, a high risk merchant services provider that specializes in providing merchant accounts for travel businesses (https://www.soarpay.com/travel-merchant-account/). You can learn more about Soar Payments along with reading their latest blog articles via Twitter (https://twitter.com/soarpay)