New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

The Secret to Fraud Protection

December 8, 2015

Tags:

eCommerce fraud grew an incredible 33% from 2013 to 2014, underlining the increasing threat to merchants and customers. In the U.S., the first steps have been taken to fight this trend with the mandatory EMV rollout in October of this year (see our recent blog for more on how that affects merchants), and consumers are receiving new “chip” credit cards that will require a pin to complete their purchase. Since implementing the new “chip-and-pin” cards, Europe has seen an 80% reduction in credit card fraud, and it’s dropped by 56% in the UK, 49% in Canada, and 38% Australia.

However, though the new “chip-and-pin” cards will better protect merchants and consumers at the brick-and-mortar point-of-sale (POS), fraudsters are increasing their use of stolen card numbers online. Canada, Australia, and the UK have already seen dramatic increases in “card-not-present” fraud since they introduced similar laws in recent years.

Here are the three key ways merchants can fight fraud:

Look for Good Customers

Merchants are sandwiched between the need fraud prevention and the desire to provide a hassle-free buying experience for their customers, so balance is critical when developing a fraud prevention strategy. Also, only about 0.9% of transactions are fraudulent, making fraud difficult and time-consuming to find.

Instead of picking through every transaction, merchants should start by identifying their good customers, mapping their spending patterns and order history and cross-referencing with their information. Eliminating good customers from the fraud search will make sure their transactions are never held up in fraud checks, providing a much better customer experience, and shrink the stack of potentially fraudulent transactions that need further scrutiny.

Use Fraud Protection Tools to Sort Out Bad Ones

While merchants may always do some manual fraud checks, there are great software tools that identify both good transactions and likely-fraudulent transactions in mere seconds. These dedicated credit and debit card fraud detection solutions look for fraud in two main ways:

  • Identifying Stolen or Suspect Cards – In moments, fraud prevention software reviews more than four billion transactions globally to see if the card entered has been found faulty and flags the transaction as “risky”, preventing it from being completed without further examination.

  • IP Piercing and Device Fingerprinting – Accurately tying individuals to their past purchases helps identify when cards are being used in strange places or on too many devices, key signs of fraud.

Using fraud prevention software to hold potentially-fraudulent transactions not only saves merchants a lot of time, money, and frustration, it creates that seamless experience for good customers.

Tap Tokenization
As we mentioned in our earlier blog on tokenization, many security problems have the same root cause: attackers got access to raw credit card information from systems owned by merchants or retailers, who saved this data with the legitimate intention to reuse it at a later point. Tokenization eliminates a merchant’s need to store customers’ payment information directly. By storing it on a payment provider’s secure and PCI compliant infrastructure, you never have to transmit sensitive information through your own systems.

To a hacker, a token is worthless. But to merchants and consumers, they are priceless. Tokenization helps reduce risk for merchants by eliminating the need to save credit card information on merchant servers. As a result, it has become a popular way for businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations. To protect consumers, today’s PCI standards call for vastly complex certification and infrastructure setup for businesses who actually want to store credit card numbers after a transaction. Tokenization minimizes the cost and effort associated with these regulations.

Learn More About Braintree and How to Prevent Fraud
Braintree, a PayPal company, helps online and mobile businesses around the world accept credit and debit card payments by providing a merchant account, payment gateway, recurring billing, and sophisticated fraud management tools. The Braintree Payments extension connects your Braintree Gateway account with your Magento store, so customers can quickly and easily use cards for payment.

Visit the PayPal Learning Center for full primers on how to prevent fraud and on tokenization.