Credit Card Processing Tips and Tricks

Understanding Fraud in the eCommerce Payment Chain

Written by David Harper | Sep 19, 2019 8:17:31 PM
 
Guest Post by Rafael Lourenco, EVP, ClearSale

Many merchants are so focused on winning a sale — getting a customer to click “Buy” — that they don’t realize a transaction is not over when a browser has converted into a buyer. Not only are there multiple steps going on behind the scenes to successfully process a customer’s payment, but a sale is never truly won until the chargeback window has closed and the customer is satisfied with their purchase.

The more educated eCommerce retailers are about the payment process, the better prepared they will be to make sure every fraudulent order gets declined and every legitimate order gets approved. When this goes wrong, fraudulent orders turn into chargebacks, and legitimate orders can be falsely declined – both of which hurt the retailer’s revenue and aggravate the good customers.

Here are the top spots in the payment chain where fraud and false declines are most likely to happen.

1. The Customer Places the Order

After the customer places an online order with a credit card, the merchant’s website uses a payment gateway to process the payment. The payment gateway may be configured to run the transaction through preset fraud filters to confirm the legitimacy of the transaction.

Opportunities for Fraud

Merchants have no way of knowing at this point whether this order is legitimate or fraudulent.

Opportunities for False Declines

Since the order hasn’t been approved or declined, merchants don’t know if this transaction will turn into a false decline.

2. The Payment Gateway Checks the Order

If the merchant uses an outsourced fraud prevention solution, the payment gateway then sends the transaction details through that system to perform additional fraud checks and compare the order against typical fraud indicators. If no red flags are detected, the payment gateway passes the order to the payment processors. If red flags are detected, the payment gateway declines the order.

Opportunities for Fraud

Fraudsters today are savvy and sophisticated. By using virtual private networks, legitimate addresses and even real (but anonymous) phone numbers, fraudsters easily slip through basic fraud filters like CVV, AVS and transaction size.

Opportunities for False Declines

Unlike fraudsters, fraud filters aren’t savvy or sophisticated. They have trouble accurately assessing transactions that fall into gray areas, like large purchases being shipped to a different address than the billing address or purchases made by first-time customers in high-risk cities. As a result, these fraud filters lead to many legitimate orders incorrectly registering as fraudulent and customers’ transactions being automatically — and falsely — declined.

3. The Fraud Prevention System Processes the Order

After the payment gateway approves the order, the third-party fraud prevention solution (if applicable) will review it. Some solutions may use simple automated filters, while others may use a combination of advanced machine learning techniques and human analysis to apply merchant-specific fraud rules to the review.

Opportunities for Fraud

It may seem that more fraud protection is better, but that’s not always the case. The way fraud filters are configured can play a role in the effectiveness of the solution. Most automated systems, for example, look at only individual orders — which means they’re often missing the bigger picture when it comes to fraud and causing merchants significant losses.

Opportunities for False Declines

Not every order that looks suspicious is fraudulent. Consider the holidays, when merchants are often overwhelmed with larger-than-normal orders or orders being shipped to addresses that differ from the bill-to address. If the fraud prevention system starts auto declining these orders incorrectly based on too-strict rules, merchants end up with lost sales and frustrated customers.

4. The Issuing Bank Evaluates the Payment Details

After the payment processor approves the payment details, they are sent through the card network to the issuing bank. The issuing bank has its own processes for flagging suspicious orders, which may include looking at the cardholders’ spending habits, account balance and card information. The bank then sends an approval or a decline through the card network back to the payment processor, who then sends it through the payment gateway to the website, merchant and customer.

Opportunities for Fraud

If a fraudster’s techniques are savvy enough to have the transaction approved to this point, there’s no guarantee that issuing bank’s fraud detection system will catch it. And even if the transaction is declined, many fraudsters just try the purchase again later, hoping the transaction will be approved the next time around.

Opportunities for False Declines

Some banks take an extra-conservative approach to fraud and may decline an order — even if everything appears fine on the surface. If the bank opts to decline the order, merchants will receive a response code that describes the reason for the decline. When this happens with a legitimate transaction, frustrated customers will need to contact their bank directly to have the charge accepted.

5. An Approved Transaction Is Settled

If the transaction was approved, the merchant can ship the order. The bank also charges the customer’s account and uses the card network to forward the funds (less any fees) to the merchant’s bank. Although it’s rare, merchants may find that orders are declined even after a successful authorization.

Opportunities for Fraud

Even if a transaction settles, a customer may call their bank to report a questionable transaction and have the bank cancel the payment. If merchants have already shipped the order based on the bank’s initial authorization, merchants may find they’re out the product and shipping and processing fees already incurred.

Opportunities for False Declines

All it takes is one small technical issue between the bank and the customer to disrupt the transaction and create a frustrated, unhappy customer.

While the payment chain process might seem straightforward, merchants might not realize there are multiple points at which the transaction might be run through fraud checks. With multiple fraud rules in play, they may contradict each other which could result in fraudulent transactions slipping through the cracks and legitimate orders being flagged as fraudulent. While it is impossible to stop every instance of fraud and false decline, merchants can prevent lost revenue, free up their time and resources, and streamline the billing process, with the right tools and education.

Rafael Lourenco is Executive Vice President and Partner at ClearSale, a card-not-present fraud prevention operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives. Follow on Twitter at @ClearSaleUS or visit http://clear.sale/.     

The opinions expressed in this guest blog do not necessarily reflect the opinions of APS Payments. APS Payments has elected to share this blog with readers because we find some merit in the content and/or trust the expertise of the author. Any and all information on the APS Payments blog is accurate and true to the best of our knowledge but that there may be omissions, errors, or mistakes. All present articles are for informational purposes only and do not constitute legal, compliance, fraud, or tax advice that can replace consulting with a qualified professional. We do not recommend any readers take action following the advice within our blog without first calling us for an individualized, free merchant statement audit or other professional consultation.