8 Ways to Prevent Payment Fraud

E-commerce companies lost $41 billion to online payment fraud last year. Fraudsters are developing more sophisticated approaches to making unauthorized purchases with stolen financial information. In this day and age, fraud attempts are a when, not an if. Online retailers must beef up their defenses with user verification, identification and suspicious activity monitoring.

Here are eight strategies to detect and prevent fraud:

1. Use reputable third-party solutions.

A website is only as secure as its weakest link. If you don’t vet third-party integrations fully, they could create a vulnerability. Use only reputable solutions with documented security protocols and do your due diligence before integrating any service into your webstore.

2. Require two-factor or multifactor authentication.

With two-factor (2FA) and multifactor (MFA) authentication, users must provide two or more pieces of evidence to verify their identity, such as a password and a verification code sent by SMS or email. This precaution prevents hackers from accessing accounts with just a password.

3. Enable single sign-on and SAML authentication.

Single sign-on (SSO) and SAML methods allow users to access multiple software applications through a single source. Google SSO is a well-known example.

4. Use address verification services.

Address verification services cross-check a cardholder’s stored address with the one provided during checkout. Mismatches trigger a decline or flag the transaction for further evaluation.

5. Enforce CVV verification.

The three- or four-digit security code on the back of credit and debit cards, known as the card verification value (CVV), is easy for the customer to type in, but a criminal is less likely to have that information. Requiring it for each purchase adds additional security.

6. Leverage device intelligence.

Device intelligence includes browser and device fingerprinting, which uses signals and device characteristics, such as screen resolution, location, language and operating system, to identify unique devices. A device fingerprint is much harder to spoof than passwords and helps flag suspicious behavior.

Device identification can recognize bots, devices with a history of fraudulent transactions and those with unusual locations, to name a few, allowing companies to block purchases from these users. The technology also lets companies distinguish repeat verified visitors, reducing verification friction.

7. Monitor the webstore for suspicious activity.

Retailers should proactively monitor their sites for suspicious activity. Fraud detection helps retailers catch bad actors before they make a purchase. Signs of fraud include:

• inconsistent customer/order information;
• excessively large orders;
• orders from unusual locations;
• multiple delivery locations;
• multiple small orders from one account, card or device; and
• multiple payment failures.

Device intelligence enhances fraud detection by providing additional context to the user’s behavior.

8. Create a customer experience that prevents chargebacks.

Chargebacks happen when customers dispute a charge through their bank or credit card company. Retailers often lose the merchandise and the transaction amount.

Merchants can prevent chargebacks by following the payment protocols mentioned above, improving their user interface, making it easier to cancel subscriptions, and being forthcoming and reasonable with the refund policy. Sellers should also provide optimal customer experience to build goodwill and provide documentation to prove a transaction was in good faith. Browser and device fingerprinting can identify users who have initiated multiple chargebacks in the past.

Bottom line: Online retailers must employ more than one identification method. Multiple verification points make it much harder for fraudsters to break through. By implementing a security-minded fraud prevention strategy, businesses can more accurately protect their customers and themselves.

Jack Spirou is Fingerprint’s director of product, who joined the company in 2022, coming from an extensive engineering and product development career.