As technology continues to improve, fraudsters have become more creative in the way they target individuals and businesses. In 2019, Australians lost over $634 million to scammers (ACCC, 2019). This number is up 30% on 2018 figures.
Rather than the traditional methods of asking someone to provide their sensitive information, fraudsters now have improved technology and carefully curated techniques that help them commit fraud with minimal risk of detection.
As we move closer towards a cashless society, credit card fraud is becoming more prevalent and there are a number of methods fraudsters can use to steal another person’s funds.
Fraudsters used advanced techniques and one of the most effective and efficient means of credit card fraud is card testing. Card testing involves physically stealing a number of credit cards, purchasing credit cards from the dark web, randomly generating credit card numbers or using phishing or spyware techniques to obtain a card’s numbers. The core purpose of testing is not the purchase of an item but to verify the card details are valid and if the transaction was approved.
Fraudsters have now also created a means to commit illegal activity on a much greater scale, in the form of botnets. Botnets are a network of internet-connected devices that can validate a huge number of credit cards at an alarming rate. Botnets submit a large number of transactions to test the viability of stolen credit card details. Many popular shopping carts are being targeted by botnet attacks and one of the most effective means of prevention is velocity checking.
When a valid credit card is detected, it is common for fraudsters to use the credit card details to make small purchases on a merchant’s site. If a small purchase is successful, fraudsters can then proceed to make much larger purchases, a series of micro-purchases or sell the valid card on the dark web.
Challenges for Merchants
Fraudulent purchases are often made on small to medium businesses that don’t have the technology in place to detect or prevent it. Unfortunately for targeted merchants, this means they will likely suffer some challenges when fraudulent purchases prevail.
Chargebacks occur when the original cardholder has recognised fraudulent activity on their account with an unrecognised transaction made to you as the targeted merchant. When a dispute is made by the original cardholder or their bank, and you do not have proper proof that a legitimate sale was made using a PIN or signature, you may be liable to pay back the accepted funds and lose the value of the sale and incur a chargeback fee.
Each successful transaction, no matter how small, will count against the merchant’s chargeback ratio once it’s disputed – and crossing over the excessive chargeback threshold can be extremely costly for merchants.
This is particularly important for eCommerce and online services, where a physical card is not present. In fact, ‘Card not present’ fraud represents more than 80% of all fraud on Australian cards. When a dispute arises, it is very difficult for an online merchant to prove a legitimate purchase was made. Therefore, it is critical that online merchants have technology in place to detect and prevent fraudulent transactions.
Opportunities for Merchants
To avoid liability for fraudulent transactions, merchants must be vigilant in their online payment processes. Some best practices to implement include Firewalls, CAPTCHA, Time out of user session and data validation of guest checkouts. Additionally, one of the best ways to avoid being out of pocket for fraudulent transactions is to partner with a verified payment processor.
Latpay’s fraud management service assists merchants to prevent chargebacks and stop fraud in its tracks. With advanced technology, Latpay can actively set a threshold for individual merchants to detect when unusual activity occurs on their site.
In applying the velocity and value threshold, Latpay reviews the past performance of the merchant to work out transactional averages. Latpays innovative technology has helped assist merchants who have been the victims of botnet attacks to significantly minimise losses.