4 Fraud Prevention Tips for the Holiday Season
The holiday shopping season is always a big gift to fraudsters, meanwhile retailers rarely get what's on their list — i.e. more revenue, fewer chargebacks and stronger customer relationships. Unfortunately, the holiday season fraud problem is growing year-over-year. There was a huge spike in e-commerce fraud between 2015 and last year — 33 percent, according to Experian. The problem could be even worse this year thanks to a new round of consumer data breaches, including the huge Equifax breach that exposed protected data on more than 145 million Americans. To make the holiday season safer and happier for you and your customers, here are four steps you can take now to review and reinforce your store's fraud prevention practices:
1. Be on the lookout for account takeover fraud.
Account takeover fraud, in which criminals hack into store customers’ accounts to make their own purchases, was already on the rise before thieves gained access to Equifax data. Now, fraudsters have much more data they can use to identify vulnerable accounts, access them, change the email addresses and passwords, and go shopping on the customers’ cards. This can lead to major chargeback losses for merchants as well as damaged relationships with customers.
To detect account takeover fraud, you'll need to use multiple factors to verify the customer's identity each time they shop with you. Logins from new devices, larger-than-usual orders, dramatic location changes, and multiple attempts to log in are some of the indicators that the order needs manual verification. You can also configure your site to lock customer accounts after several failed login attempts and send an alert to them.
2. Update your fraud detection data and tools.
Fraudsters are always on the move and changing tactics, so static fraud-detection data that was accurate last holiday season may be nearly useless this year. For example, Experian found that of the 100 U.S. ZIP codes with the highest risk for fraud in 2017, 70 of them were not on the 2016 list. And location alone isn't a reliable measure of fraud because many good customers — especially those with high net worth and disposable income — shop on the go as they travel. Declining one of their orders can cause problems that go beyond lost sales. Many customers will never shop at a store again after a false decline. Some will take their rejection to social media, eroding trust with your target market.
Express or overnight shipping is another example of a factor that could indicate fraud — most fraudsters prefer to get items for resale fast, before their scam is discovered — or could indicate a valid customer who's counting on your business to get a gift to someone on time. Canceling the order based on automated shipping-method flags is going to create ill will with these shoppers. To avoid that, ensure that analysis of orders draws on real-time data and customer behavior, which might require a human touch.
3. Add the human touch to manually screen declined transactions.
When an order raises red flags for fraud, it's best to have it manually reviewed. Having a person reach out to the customer on each flagged order can be a logistical and staffing challenge during holiday sales peaks, but meeting the challenge can pay off over the long term. That's because when someone from your business reaches out to the customer, it greatly reduces the likelihood of a false decline, because humans understand context and nuances that machines cannot. That outreach protects your company's revenue and reputation going forward. It also increases the customer's trust in your store, because he or she knows you're watching out for them. That trust can boost the lifetime value of the customer to your business and help you gain word-of-mouth referrals. The only potential downside to adding human outreach to order analysis is the time involved. For businesses without the staff or training resources to devote to this, it may make more sense to contract out the customer outreach portion of order analysis.
4. Remind customers of your company's contact policy to prevent phishing.
One other element that could contribute to a spike in account takeover fraud this holiday season is phishing. Experts predicted a phishing frenzy after the Equifax breach. Indeed, Equifax itself got ensnared in a phishing scam when it accidentally directed consumers to a post-breach help page that spoofed its own, which shows just how pervasive the problem is.
Armed with this trove of new data, thieves are already posing as major banks to try to trick consumers into sharing missing pieces of data needed to steal their payment information and identities. Criminals could easily take the same approach by spoofing retailers to steal more data from their customer account holders. Now is a good time to create a campaign to remind your customers that your company will never ask for their passwords via email, phone or text.
By reviewing these security elements now, you can protect your revenue, reduce your chargeback costs, and keep your real customers happy — things at the top of online retailers’ holiday wish lists.
Rafael Lourenco is the executive vice president at ClearSale, a card-not-present fraud prevention operation that protects e-commerce merchants against chargebacks.
Related story: How Brookstone is Fighting Back Against Fraudsters