The transition to EMV technology for card-present point of sale (POS) payments is an effective deterrent to credit card fraud in brick-and-mortar stores. However, online fraud is becoming an increasing concern as the focus shifts from fraud committed at physical stores to online storefronts.
According to Aite Group, card-not-present fraud now represents 45 percent of total U.S. card fraud, while U.S. online and mobile commerce is growing at an annual rate of 15 percent. Fortunately, there are a number of technologies and strategies retailers can use in the fight against online fraud.
Device Authentication
Device authentication helps to combat online fraud by verifying that the device being used by a consumer to complete an online transaction belongs to or is associated with the individual whose name appears on the payment card. Software used for device authentication captures the IP address, browser, and physical location of a PC or mobile device, matching it with information on file.
Multifactor Authentication
Multifactor authentication requires that an online shopper present more than one means of authentication from at least two distinct categories to verify that he or she is the actual cardholder. Before an online purchase is approved, identity is verified by a code or token generated by the merchant as well as through something the customer knows, such as a password or the answer to a security question.
Biometric Identification
Biometrics can serve as a good deterrent to online fraud through a smartphone or tablet. Some devices, such as iPhones and iPads, unlock only if the user verifies his or her identity using the device’s fingerprint reader. That same fingerprint reader can be used to verify online shoppers’ identity; if there is no match between the fingerprint stored in the reader and the finger submitted for reading, the transaction is declined.
Tokenization
Using tokenization, a consumer’s credit or debit card number is replaced by a token with no exploitable value to hackers. In the event of a data breach, stolen tokens have no value because they don’t provide any information about actual credit card numbers.
Email and Social Media Verification
Online merchants can also use email or social media verification to authorize a payment. This type of verification involves sending a one-time confirmation code or verification link to the email address or social media account associated with the account. To complete a purchase, the customer must enter the code on the merchant’s website, or click the link to verify identity and be redirected to a landing page where the customer can finish their purchase.
Verifying the Identity of BOPIS Customers
An emerging fraud scheme involves ordering merchandise through merchants’ websites and retrieving it at the store. Merchants are now learning to minimize fraud by requiring that customers show identification, such as a driver’s license and the physical credit card used to complete the purchase.
Ecommerce Account Issuance
Ecommerce account issuance is an online fraud prevention method that has become popular among merchants with a high transaction volume. It requires that the customer provide a username, password, email address, and telephone number to the merchant on its website. The merchant verifies the validity of this information by sending the customer a dynamic token via email or text, along with instructions for completing the account creation process. Following this verification, security questions and appropriate responses, as well as shipping, cardholder, and billing information are gathered. The account is then established.
The cost of online fraud to ecommerce merchants is high — $2.62 for every dollar in fraud losses and growing, according to figures released by LexisNexis in 2015. Research the online fraud prevention methods that work best for your business and with your customer base and establish a strategy that protects your business and your customers from loss.
