Twitter
Facebook
YouTube
SecureTrading Blog
Flickr
LinkedIn
Fraud - How do I prevent fraud on my e-commerce site?
SecureTrading provides a high level of encryption to protect sensitive data and offer the most sophisticated array of security and counter-fraud products and services available to protect transactions. But no amount of encryption or security can prevent fraud if the fraudster has managed to get hold of card numbers and other details from credit cards that haven't been reported as stolen. Unfortunately, as credit and banking laws stand, it is you, the merchant, who must bear the financial cost of any fraudulent non 3-D Secure transactions. However, if you are fully aware of the risk of fraud when trading on the Internet, you stand a better chance of avoiding its consequences.
Based on the experience we have gained after many years in the business of online authorisations, we would recommend you take the steps listed on this page to help you to reduce the risk of fraud. Please note that these steps and suggestions are only a guideline, and that this is not the definitive list of precautions you can take. Fraudsters are finding new ways of committing their crimes all the time, and there is no absolute solution to prevent online card fraud.
SecureTrading Solutions
SecureTrading Identity Check
SecureTrading Identity Check is a global identity verification solution. This cutting edge solution enables you to check if your customer exists and lives at the given address and whether that address has been associated with fraud or suspected fraud in the past. In addition, if you need to verify a customer’s age or be compliant with Anti-Money Laundering legislation, then SecureTrading Identity Check can provide you with the information you need.
SecureTrading Identity Check provides you with a simple check on UK Electoral Roll and BT databases (including Ex-Directory). It also allows you access to traditionally expensive additional databases such as credit reference files, Directors databases and sanction lists all for the same low price.
The SecureTrading Identity Check also has access to, and checks against, a shared fraud database. The database is a shared database from all users of the service and contains any fraud or suspected fraud that has been carried out at specific addresses. By keeping you up to date with the latest fraudulent transactions it helps reduce the likelihood of you being a victim and facing charge backs.
You can find more information on the Identity Check here.
For more information regarding how to set up Identity Check please contact your Account Manager. If you are unsure who your Account Manager is please call +44 (0)1248 672 070 or via email on sales@securetrading.com.
SecureTrading Card Check
Using the card’s Issuer Identification Number (IIN), the first 6 digits of a credit or debit card number, SecureTrading Card Check enables you to identify the card type, the issuing bank, product type, and perhaps most useful of all, the country the card was issued.
Although checking the IIN will not definitively identify a fraudulent transaction, using the SecureTrading Card Check can help prevent fraud by identifying if the card has been issued in a different country to that given in the cardholder’s address. This could be a trigger to suspend the transaction for further investigation. In the majority of cases, a user will have a credit card issued in their own country of origin.
Please note that legitimate users sometimes do use a credit card from another country, therefore we do not recommend you decline a transaction based on the Card Check alone. The SecureTrading Card Check should be used alongside our other counter-fraud services to enable you to make the best decision.
You can find more information on SecureTrading Card Check here.
SecureTrading Fraud Score
SecureTrading Fraud Score offers merchants the ability to implement a fraud detection solution through IP reputation. Geolocation is the ability to determine where online visitors are physically located based on their IP addresses. With geolocation, merchants can use information they already have, the user's IP, to non-intrusively determine where their customers are physically located. This can be used effectively to detect potential fraud by analysing the differences between the user location and the billing address.
As the IP address needs to be passed to the SecureTrading Fraud Score system, only users of the new SecureTrading API can access the service.
For more information or to check whether you are eligible please see here or contact the Support Team on support@securetrading.com.
Address verification and card security codes
Online address verification (AVS) and card security code checking (CVV2, CVC2) are now available through all the banks with whom SecureTrading is integrated. These services are free of charge, and we recommend that all our merchants use them. You will need to add extra fields to your customised forms in order to use these features; full instructions are in the Address Verification (AVS) and Security Code Guide, which you can download from the Support Downloads page.
For more information about address verification and card security codes, see our Core Services page.
You can also use our SecureTrading Identity Check service to verify and validate addresses.
IP blocking
SecureTrading also offers the ability to block certain IP addresses from your payment facility. Unfortunately, this is not foolproof. Some persistent fraudsters will merely sign in using another ISP. In these instances, we cannot prevent internet access to these people because it becomes impossible to detect a repeat attempt when a different ISP is used.
Deferred settlement
If you sell high value goods, then it would be a good idea to defer automatic settlement until you have had a chance to vet the order. You can find out how to do this in the My-ST guide, which you can download from here.
Be aware of multiple transaction attempts
As a SecureTrading merchant, you have been given access to view all your transactions in the My-ST area. If you detect multiple failed attempts from the same person followed by an authorisation, this could signal fraud. With My-ST, you have the ability to suspend settlement of such transactions using settlement control - instructions are in the My-ST Guide, which you can download from here.
You can into My-ST here.
General Advice
Be wary of free email addresses
Be wary of transactions that originate from free email accounts (such as Hotmail or Yahoo!). Free email accounts are easy to set up and they enable a fraudster to retain total anonymity - no proof of ID is required when opening a free email account. We are not suggesting that every customer who uses a free email account is a potential villain - many people have quite legitimate reasons for using them - but the use of a free email account should be considered particularly suspicious if it occurs in conjunction with one or more of the other circumstances listed on this page.
Be wary of Suspect countries
Always check your delivery addresses. Countries with the highest incidence of online card fraud include many parts of Asia (including Indonesia, Malaysia and Singapore), the Baltic region, Eastern Europe, Africa and South America.
Be aware of transaction values
Be aware of the general average value of your Internet sales. If you suddenly receive an authorised order for an amount that far exceeds your average order value, instead of calculating the vast profits you feel you are about to make from this sale, you should exercise caution.
Confirmed delivery
Signature upon delivery is NOT acceptable proof to the banks in the event of a dispute. However, if you do operate this policy, make sure that you always use a reliable delivery agent. Should you subsequently wish to raise a suspected fraud case with the police, such information would be vital in attempting to establish whether fraud has taken place.
Look like you mean business
Make it clear on your web site that you operate anti-fraud precautions, and that you will make every effort to find and prosecute fraudsters who abuse your online shopping system. Even if you lack the resources to do this, it may encourage fraudsters to look for easier targets elsewhere.
Another way of doing this is to display the SecureTrading Merchant logo clearly on your home page and shopping cart page. You can download these from here. If you have any specific logo or branding requirements please don’t hesitate to contact the Marketing team on marketing@securetrading.com.
Summary
SecureTrading are reliant on the banks for authorisation codes. We run additional fraud checks that operate across our systems looking for suspicious patterns in an attempt to avert large hits on any of our merchants’ sites. But as the merchant, you also need to be vigilant and take responsibility for your own transactions. If in any doubt, place the transaction on hold and do not dispatch the goods. Allow yourself time to investigate.
Also please make use of the additional fraud measures offered by SecureTrading e.g. SecureTrading Identity Check. You can familiarise yourself with all of these here.
Any fraud measures being implemented are a step in the right direction for the merchant and consumer alike, and SecureTrading welcome any new bank initiatives in this regard. However, we can not offer you any guarantee that by using our (nor any other company's) payment system you will not encounter fraud or chargebacks. What we can do is reassure you that SecureTrading are doing all we can to prevent fraud.
