The holidays are coming, which is a stressful time for online businesses. No matter what you sell (whether holiday gifts or B2B services), you’re bound to see an increase during this time of the year. Sales are great, of course, but with more sales come more fraud attempts.
Some types of fraud can rise by over 20 percent during the holiday season, starting with Black Friday and Cyber Monday and lasting through the first couple weeks of January. Holiday fraudsters tend to target items that cost an average of $215.
Why is fraud more prevalent during the holidays? A few reasons:
- Businesses are busier and less likely to scrutinize each transaction and follow their current fraud prevention strategies.
- Businesses offer faster processing and shipping services, which fraudsters love.
- Credit card holders make more purchases, which makes them less likely to spot suspicious transactions.
Furthermore, the COVID-19 pandemic has created opportunities for fraud. Businesses are offering new services to accommodate people, like buy-online-pickup-in-store programs that don’t verify the identity of the person who picks up the product.
Preventing fraud is important all year long, but it’s important to take extra steps to protect your business during the busy season. In this article, we’ll show you how.
7 Steps to Prevent Holiday Fraud
As the holidays approach, it’s important to take steps to protect your business from holiday fraud. Let’s go over seven key steps to keep you safe, and how our favorite payment processor – Stripe – supports your efforts.
1. Enable Your Address Verification System (AVS)
AVS is a simple tool that flags transactions as fraudulent if the billing address supplied by the customer doesn’t match the billing address in the bank’s file. Essentially, this forces fraudsters to acquire several more data points (street, city/town, state, and zip code) before they can use a stolen credit or debit card.
If you haven’t enabled AVS through your payment processing company, now’s the time. Basic identify verification methods like this go a long way toward halting fraud.
Stripe Radar includes a default rule to block any payments that fail postal code verification. You can enable or disable this in your dashboard.
2. Monitor Any Express Shipping or Rush Transactions
Fraudsters love to “purchase” products and services with fast turnarounds. This increases the likelihood that they will receive the product or service before the real buyer identifies a suspicious transaction.
Unfortunately, as we get closer to the holidays, more of your customers will choose express shipping and rush options to get their purchases in time. If you take away these options, you will undoubtedly lose business. The only solution, therefore, is to diligently examine each rush transaction for other signs of fraud.
3. Thoroughly Screen Any Charities
Like a lot of businesses, you may generously open your wallet to well-meaning charities during the holidays. A few dollars could buy you some high-quality advertising and support a good cause.
But scammers will use your goodwill against you. It’s not unusual to receive requests from charities who, upon further inspection, don’t really exist or don’t use their funds in any charitable way (i.e., 90% of donations pay for “administrative costs”).
Poke around before you give to any charity. If they send you a letter, call to verify their name, mission, tax-exempt status, and account details. Check how much they actually give toward its cause by using CharityWatch or Charity Navigator.
4. Implement 3D Secure Authentication
3D Secure is a tool used to verify card transactions. It sends more than 100 data points on each transaction to the cardholder’s bank, such as the shipping address, IP address, device information, and the customer’s previous transaction history. The cardholder uses these data points to assess the transaction’s risk.
If the bank thinks the transaction is legitimate, the customer doesn’t even know 3D Secure was used. But if the data isn’t enough, the checkout flow is interrupted by an additional page. On the new page, the user must enter additional information from their bank (like their login details).
During the holidays, customers will make transactions that would ordinarily seem fraudulent. For instance, a New York resident might purchase a gift from a store in Montana with express shipping. 3D Secure steps in and says, “We recognize this is out of character, so we’ll give you a chance to prove you’re the cardholder.” This protects you from fraud without losing the sale.
What’s great about this system is that if the customer is presented with the extra step (the login page), liability for the transaction shifts to the bank. You aren’t on the hook for the money if the customer passes that extra step.
3D Secure is enabled by default in Stripe. We recommend checking to make sure it’s on in your dashboard. If it’s disabled, enable it right away and leave it on forever.
5. Monitor for Early Fraud Warnings
Early fraud warnings are notices your payment processor generates to flag payments that it suspects to be fraudulent. They appear when a cardholder lodges a claim of fraud with their issuing bank, but before an official chargeback.
If you act quickly, you can respond to early fraud warnings by refunding the payment before you suffer a chargeback. You typically have 24 to 48 hours to respond before the issuing bank files a chargeback, but this time frame is entirely up to the bank, so don’t wait too long.
You can review your fraud warnings in your Stripe dashboard and respond accordingly. This video explains how.
If you don’t use Stripe, look for your payment processing’s warning system. Set up some kind of alert for yourself when transactions are triggered by that system.
6. Look Out for Attempts to Bypass Your Tools
Scammers know that you have systems in place to automate fraud detection. They can’t fool these tools, so they’ll take steps to bypass them.
For example, a fraudster knows you prefer to ship to the billing address, so he’ll click your “same as billing address” button to arrange shipping. The transaction will go through without raising an alarm. Later, he’ll call or email you to change the shipping address manually because he “forgot to change it” or “entered it wrong out of habit.” In this example, the fraudster is trying to get you to bypass your own fraud system.
In cases like this, remember that your tools are in place for a reason. For example, Stripe Radar, a machine learning fraud detector, is smarter at spotting fraud than any of us, so you’ll want it to evaluate all of your transactions. If a customer wants a manual change that bypasses your tools, offer to cancel the order and let them place a new one.
7. Document Every Interaction with Customers
In order to protect yourself, it’s important to maintain records of all of your interactions with customers. Not just transaction data. Everything.
Let’s say you perform a service for a customer who seems happy with your work. They sign off on mockups, confirm your deliverables, and even compliment the quality of your work. Later, they file a chargeback claiming that the work was “unsatisfactory.”
Sounds frustrating, right? But just because a customer files a chargeback doesn’t mean they get it. As the merchant, you have an opportunity to defend yourself with evidence. The cardholder’s bank will consider that evidence before they declare a winner of the dispute. Your records and documentation can save you from an unjust chargeback.
The Stripe dashboard offers a list of disputes. Each dispute item gives you an opportunity to respond.
Start Before You Get Too Busy
If you wait until the holidays to prepare for holiday fraud, it’s probably too late. Now’s the time to consider how you’ll protect yourself over the upcoming season. Use the steps we outlined above to secure your business and discourage scammers.
Join more than 7,000 subscribers
Learn more about accepting one-time and recurring payments on the web.