If you run a small online business, you may assume e-commerce fraud only happens to big, high-profile online retailers.
Unfortunately, that's not always the case.
Professional fraudsters, assisted by computer botnets, target businesses of all sizes for card-not-present fraud. CNP fraud costs businesses $1.92 billion each year, but that number is rising fast. By 2018, CNP fraud losses are projected to reach $6 billion. Small businesses are especially at risk because they often don't have the resources to build in-house fraud prevention teams or the surplus cash to recover from fraud attacks.
Here's what you need to know to protect your business.
Why Criminals Target Small Merchants for Fraud
Criminals target small businesses for fraud and theft because it's usually easy. Some business owners don't realize e-commerce fraud is a pervasive problem. Others assume it only happens to major retailers. Even when a small business has some fraud protection, it's usually not as robust or comprehensive as the multi-layered systems large retailers use.
There are three common ways fraudsters hit small businesses:
1. Card testing
When a fraudster gets a list of stolen card numbers, it may not come with the billing zip codes and 3-digit Card Verification Values that most checkout platforms require. To figure out these pieces of information, fraudsters test different zip codes and CVVs on poorly protected merchant sites. If there are no limits on the number of times a shopper can enter different values for the zip code and CVV when placing an order, the fraudster (or a bot set up by the fraudster) can keep trying different numbers until a transaction goes through.
Reselling stolen merchandise is the ultimate goal of most fraudsters. Once they match a stolen card number with the right CVV and zip code, they buy as much merchandise as they can and get it delivered as quickly as possible. (Fraudsters love rush shipping because it often gets their stolen purchases in their hands before the merchant or card company discovers the fraud.)
3. Sharing information
After fraudsters discover your shop is an easy target, they may share your information with other thieves. That can lead to a spike in fraudulent orders that seriously damages your business.
How CNP Fraud Hurts Online Businesses
There are at least four ways e-commerce fraud can undo the work you've put into your business.
Chargebacks happen when customers call their card company to dispute a purchase on their account. This process is meant to protect consumers from unscrupulous sellers, but today, about 30% of chargbacks are “friendly fraud,” which means customers know they're committing fraud when they make the chargeback request.
Unless you can present meticulous records to your payment processor on a short deadline, you'll likely end up losing your chargeback appeals. That means losing the sale revenue, the merchandise, the shipping costs, and paying a fee of up to $100 per charged-back transaction.
2. False declines
A flood of chargebacks, or the fear of them, sometimes drives merchants to block whole categories of customers or falsely decline valid orders based on machine-screening flags. Obviously, this can reduce your revenue, too, if you're throwing good orders out with the bad. In fact, false declines cost US merchants an estimated $118 billion per year, much more than actual fraud losses. More importantly, declining valid orders can cost you long-term customer relationships as many customers will never return to a shop that declines their order.
3. Rising rates
Merchants must do something, though, because too many chargebacks can raise the cost of their payment processing. Card companies and banks monitor each merchant's chargeback ratio, the number of chargebacks compared to total transactions. Once your chargeback ratio reaches a certain level (which can vary by industry), you'll pay more to process your payments, and you run the risk of losing your account.
4. Account cancellation
If your chargeback ratio rises too high, your bank may cancel your merchant account, sometimes with little notice. If that happens, your business name goes on the industry MATCH list for 5 years. That can make it difficult or impossible to open a new merchant account during that time.
Options for CNP Fraud Prevention
To prevent these scenarios, there are steps small business owners can take.
Manually screening every order can be effective for some types of business, like luxury retailers, but it can be a challenge to keep up with the latest fraud methods and fraud control lists, to say nothing of the time involved. Some businesses geo-block entire countries or regions, but this undoes one of the great benefits of e-commerce: being able to reach customers worldwide.
Small business owners often find it's more time- and cost-effective to outsource their fraud prevention program to experts. If you decide to go this route, there are a few things to look for. A good service will provide:
Together, these elements protect your business from losses, chargeback ratio difficulties, and the long-term fallout from false declines.
- Real-time protection that can scale quickly to accommodate sales peaks and spikes in fraud attempts, so you're fully protected even during the pre-holiday rush.
- Telephone follow-up with customers to verify transactions before any declines. This helps strengthen customer relationships and reduce false declines.
- Continuously evolving protection methods to keep up with fraudsters' constant changes in approach.
- International fraud prevention knowledge so your business can accept valid transactions from abroad.
- A guarantee that any fraudulent chargebacks won’t cost your business a thing.
Why Outsourcing Works
Outsourcing your fraud protection lets you focus on building your business, helps you build stronger customer relationships, reduces false declines, and protects your business from chargeback fees, higher processing rates, and account closure. That way the payoff for your hard work goes to you and your employees, not to fraudsters.