The following is a guest post from Michael Manapat, engineering manager for Payments Intelligence and Experience at tech company Stripe.
If estimates are correct, retailers have just made it through another record-breaking year of online shopping. But even as projected sales cross the $100 billion mark, a 13.8% increase from the same period last year, online retailers have faced an equally significant, but far more insidious, trend emerge as well: online fraud.
While chip-enabled cards have made in-store shopping safer, online stores have become a more attractive target for fraudsters of all types. And unlike their brick-and-mortar counterparts, online businesses are responsible for paying the associated costs, including reimbursements and chargeback fees to the credit card companies. On average, every $1 of fraudulent orders costs a business an additional $2.62, and those costs can add up quickly given the frequency with which fraudsters target online retailers. Estimates vary, but most experts agree that online businesses collectively lose $30-60 billion dollars every year due to fraud.
Stripe recently looked across a year’s worth of fraud data, based on transactions from hundreds of thousands of businesses around the world, to gain insight into fraudster behaviors that can help guide businesses’ approaches to battling fraud.
Here are a few of the things we learned, and some quick tips on what you can to address the issue:
1. Boost after-hours security
While the raw volume of fraud incidents increases on heavy shopping days like Cyber Monday, fraud rates as a percentage of overall traffic spike during quieter times — on Christmas day, on the weekends, or late at night. To protect against fraudsters looking to strike during these times, consider adding extra scrutiny to purchases made outside of normal business hours, either through manual reviews or other, more stringent automated filters.
2. Test and implement geography-based rules
Fraud rates vary by country. In fact, the country where a given credit card is issued can affect the likelihood that a transaction is legitimate by as much as 300 percent! But while cards from Argentina, Brazil, India, Malaysia, Mexico, and Turkey tend to be more fraud-prone than many other countries, even U.S., Canadian or French cards are susceptible. So rather than block all purchases from a given country or region, test different geography-based rules and ask for more information from all customers (like CVV numbers and full addresses).
3. Look for smaller transactions in the US, and larger transactions elsewhere
You might assume that fraudsters prefer big-ticket items like televisions or jewelry. And in many countries, you’d be correct. Outside of the United States, fraudulent transactions can often be significantly larger than normal transaction sizes — even twice as large in some countries.
In the United States, however, fraudulent transaction amounts closely mirror "normal" transaction sizes and are only slightly larger than regular amounts. Retailers should adjust their rules accordingly based on their location.
4. Look out for rapid-fire purchases
Once a fraudster makes a successful charge on a credit card with a particular merchant, he or she tends to make additional charges with that same merchant very quickly — up to 10 times more quickly than legitimate card holders. In fact, three-quarters of all fraudulent transactions are not the first fraudulent transaction on a given card.
Businesses can address the issue by using automated tools to limit the speed of repeat purchases to a rate that will facilitate legitimate purchases, while deterring fraudsters.
5. Know the goods or services that are most likely fraud targets
Fraud patterns suggest that fear of arrest — not a desire to blend in with normal transactions — offers a more compelling guide to understanding and identifying fraudsters’ behavior. Delivery of physical goods, for example, carries obvious risks, so fraudsters tend to buy products that do not need to be delivered, or target online services that can be performed immediately before the charge has any chance of being detected and invalidated. Low-end consumer goods also stand out because fraudsters assume authorities de-prioritize low-stakes theft.