Cyber Monday is upon us, and while it's expected to break records as scores of shoppers flock to the Internet for gifting needs, the onslaught might have another, more insidious consequence.
Fraudsters are expected to be on the prowl big time too. And they’ve been given some new motivation as chip cards, also known as EMV cards (short for Europay, Mastercard, and Visa), start their phase in, following an October deadline.
Chip cards are meant to secure point of sale transactions against fraudsters, as the encryption technology embedded within the cards is meant to better authenticate users than an unencrypted magnetic stripe. However, this new technology doesn't help online merchants. Indeed, it actually might hurt them.
As credit card crime becomes more difficult in the bricks and mortar world, payment experts expect a pretty significant fraud shift to e-commerce. This is based on the experiences of other countries when they switched over to EMV. In the UK, which began implementing EMV in 2006, fraud decreased at the register by nearly 50 percent following the rollout, but it shot up about 64 percent at online stores and with telephone sales, called “card not present” transactions, according to financial industry research company Aite Group.
For its part, Aite expects card not present fraud to double in the U.S. to $6.4 billion by 2018, from its current rate of $3.1 billion.
“The biggest thing for merchants is that they have to balance the customer experience with fraud,” says Julie Conroy, research director at Aite. In other words, you want to protect yourself, but not to such an extreme degree that consumers find your website experience unpleasant, and they ultimately abandon you before completing a sale.
Fortunately there’s plenty you can do with a soft touch. Here are five things you can implement right now, in advance of the holiday shopping hoards.
1. Require a CVV code.
That’s the three or four digit number, either on the front or back of a physical credit card, which most large retailers require for online sales, but which some small online retailers overlook. Here’s why it’s important to ask for it: Most fraudsters steal credit card numbers from databases, and that means they lack the CVV code on the physical card. Asking for a CVV won’t necessarily prevent fraud, but it could act as an extra assurance that your customers are who they say they are. If your website checkout doesn’t have the additional window asking for a CVV at checkout, talk to your payment processor about how to switch it on. In many cases, it’s a simple process of reconfiguring your settings.
2. Analyze behavior and devices.
Payment providers and bank credit card issuers have back end security software that can detect risky IP addresses. They also offer device fingerprinting that matches users to their electronic items, as well as perform behavioral analytics tests, which verify typical consumer behavior and buying patterns. Says Conroy, those services are likely to cost you a bit, and can add up to 0.5 percent to 1.5 percent to each transaction. But that may be worth it to make sure you don’t have to eat the cost of fraud. Some vendors to consider are Forter, Trustev, and Trustvesta.
There’s also something called 3D Secure, a standard in use by Mastercard, Visa and American Express. It’s an extra level of security that sets up an automated dialogue between credit card issuers and merchants, to scrutinize transactions. Merchants who use it benefit because it guarantees fraud liability shifts to the issuer, says Conroy. But you’ll need to work with a 3D secure vendor to update your website to enable it.
3. Require address verification.
This service matches customers’ addresses with the cards they use for transactions, and will flag transactions with discrepancies, says Brian Riley, principal executive advisor and an expert on emerging payment technology at CEB TowerGroup. Many online payment processing services will provide this option, which can cost up to 10 cents per transaction, and will bundle it into your total monthly fees.
4. Keep your eyes open.
While you can probably expect online sales to go up during the holidays, if they go up by too much, the sudden spike may indicate that something is amiss. And for many small merchants, you don’t need any special software to spot these trends, Riley says, adding: "The human eye can capture things like repetitive transactions.” Regardless, you should regularly review your transaction file each day to make sure that you don’t have too many repeat transactions from the same credit card number or IP address.
5. Secure your network.
Consider using a separate, dedicated PC for your online banking, as doing so can avoid introducing viruses that can capture IDs and passwords for your bank accounts. That, obviously, would be a dream for hackers. Make sure your business network has a firewall, and that you run the most up-to-date antivirus software on your computers, which can block hackers from finding an open door into your network and stealing your customers' payment information.