How to Protect Your Business From Credit Card Fraud
Last updated on
Are you wondering about how you can protect your online business from credit card fraud?
While credit card fraud is a serious problem all over the world and was responsible for a record $34.36 billion in merchant losses last year, you can’t run an eCommerce business without accepting credit card payments. If a site doesn’t let people use their card, they’ll simply find another one that will.
In this article, we’ll share some ways you can protect your business from credit card fraud.
What is Credit Card Fraud?
Credit card fraud is a criminal act that most often occurs when someone steals a person’s credit card or credit card information and then uses it to make a transaction.
Traditionally, the most common form of credit card fraud has been when a thief steals a person’s physical card and uses it to make in-store purchases. Today, fraudsters are more likely to steal credit card numbers using a variety of different ways, and then use them to make online transactions.
Another form of credit card fraud is chargeback fraud. This occurs when a customer submits a transaction dispute with their payment provider for illegitimate or dishonest reasons.
Let’s take a look at a few steps you should take to prevent credit card fraud from happening on your site and reduce chargebacks to ultimately grow your business.
1. Use a Popular Payment Processor
This is the most important piece of advice we can offer, which is why we listed it first.
The best way to protect your business from credit card fraud is to work with a mainstream payment processor that offers a suite of fraud protection and resolution tools. These services will do most of the work of detecting and canceling fraudulent transactions for you.
Which processor do we recommend? There’s no contest. We believe Stripe is the best payment processor, partly because of its powerful fraud protection tools.
Because WP Simple Pay, the best Stripe payments plugin for WordPress, easily integrates with your Stripe account, using the plugin means you get Stripe’s built-in protection.
Here’s what it looks like when Stripe spots a payment with a high fraud risk.
2. Collect Customer Information During Checkout
Each piece of information you request from your customers is one more piece of information a fraudster would need to acquire. Just like longer passwords make your accounts more secure, more information makes it harder for malicious people to fake identities.
Ask your customers for as much information as you think they will provide without abandoning the check out process.
For example, while billing zip codes aren’t always required to process a card payment, asking for it gives the card issuer the opportunity to verify it. A failed verification is a strong indication of fraud because people generally know their own zip code.
WP Simple Pay makes it easy to add and edit custom form fields to your payment forms using the no-code, drag-and-drop form builder. You can collect information from dropdowns, check boxes, and text fields by simply adding and customizing them in the Form Fields tab of the plugin.
Even if your payment processor doesn’t require additional data points, it can still be useful to request more information from your customers in order to deter fraudsters.
For example, asking for a phone number could make the fraudster worry that you’ll call and verify the purchase.
Additionally, requiring customers to provide their shipping and billing address is also a great way to avoid fraudulent transactions. This is because it’s possible the fraudster does not know the correct address.
WP Simple Pay allows you to create payment forms that offer automatic phone number validation using a smart Phone field. The plugin also lets your customers complete their purchases quicker and more securely with auto-completed shipping & billing addresses.
3. Delay Delivery of Your Product or Service
Generally speaking, shipping your customers’ orders right away or getting to work providing their service is smart business, so it’s tempting to process and express ship it as soon as you see a new order come through.
But, this method doesn’t help prevent fraud.
Wait to help your customers until your credit card processor has had time to review the transaction for fraud signals. This should only take a couple of days. Don’t ship physical products or spend time providing services until your processor indicates that the transaction is legitimate.
This technique won’t protect you against identity theft fraud or friendly fraud, but it can help protect you against transactions with inaccurate or incomplete payment information.
4. Create Rules to Prevent Fraud
Depending on your payment processor, you may be able to create rules that automatically decline suspicious transactions. This is a great way to use automation to protect your business from credit card fraud.
In Stripe, you can use Stripe Radar to automatically block transactions or set them aside for your review.
For example, you might create a rule that blocks any transaction where the billing address and shipping address are in different countries. Or you might create a rule that sets all transactions from a particular card aside until you can review them manually.
Here are a few examples of rules you can set to block transactions.
WP Simple Pay makes it easy to create payment forms that are already SCA-compliant and have 3D Secure 2.0 enabled.
To learn more, see our guide on SCA and how to enable 3D Secure 2.0 in WordPress.
5. Look Out For Odd Purchases
You know your customers, including what they need, what they buy, and how they behave. Use that knowledge to look out for odd behavior that could indicate fraud.
For example, let’s say you’re a coach who offers one-on-one consulting. A customer pays for a session, then demands it right away, even though you normally book two or three weeks out. The customer isn’t willing to wait for a time slot because they “need the information now.” If last-minute meetings aren’t typical in your line of work, the customer may be trying to receive your service before you realize their payment is fraudulent.
Or, let’s say a customer refuses to give you their last name for “privacy concerns,” even though you don’t sell anything embarrassing or unethical. This person may not want to give you a name because they don’t have it.
6. Communicate With Customers
If something doesn’t feel right about a credit card transaction, don’t be afraid to reach out to the customer directly for additional information. If they are behaving honestly, they won’t mind answering your questions. However, if he is trying to commit fraud, he won’t respond, or he will immediately ask you to cancel the transaction.
Even if fraudsters are willing to talk with you on the phone, you can learn a lot about them from just their voice. Do they seem anxious or nervous? Does it take them a long time to provide information that most people have on the top of their head? Do they sound like they are the right age of your typical customer?
Fraudsters and thieves generally don’t want to have conversations with the businesses they steal from. Most of them will abandon their fraud attempt as soon as you show a little bit of resistance.
7. Price In Your Fraud Costs
Unfortunately, even if you follow all of this advice, you will never completely eliminate credit card fraud.
Technology improves all the time and we get better at identifying fraud every year, but for now, we have to accept a certain amount of credit card fraud as a cost of doing business. So, one of the best ways to protect yourself is to factor some credit card fraud into your prices.
How much credit card fraud is unavoidable? That depends on your business, what you sell, and your customers. Some businesses are prone to more credit card fraud than others.
The best way to determine how much credit card fraud to consider as a cost is by benchmarking your chargeback rate.
For example, if you average $200 worth of chargebacks every month, raise your prices to compensate yourself for that $200.
8. Refund Suspicious Payments
Sometimes a payment will get through your payment processor without getting flagged for fraud, but you still aren’t convinced that it’s legitimate. Rather than deliver your products or services and wait for the real cardholder to notice the charge, it’s usually best to issue a refund as soon as possible.
When this happens, you will also want to send a note to the email address that came with the order. Let the buyer know why you think the transaction might not be legitimate and if there’s anything they can do to order again with better payment information.
Does this mean you might lose some legitimate sales based on hunches? Yes, but it’s better than dealing with chargebacks, paying fees, and losing physical products for the time you spent delivering a service.
There you have it. We hope this article has helped you learn more about how you can protect your business from credit card fraud.
Remember, it’s an ongoing battle and requires you to stay vigilant and look at every transaction suspiciously. Trust your gut. If something doesn’t look right, take steps to investigate. Complacency can cost you a lot of money.
If you liked this article, you might also want to checkout our guide on how to protect your business from holiday fraud.
What are you waiting for? Get started with WP Simple Pay today!
To read more articles like this, follow us on Twitter.
Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.