Credit card fraud is a serious problem all over the world. No matter how secure we make our credit cards, thieves work to find ways to steal our payment information and assume our identities.
However, you can’t run a business – especially an online business – without accepting credit cards. Cash and checks are impractical and fraught with their own problems. If people can’t use their card on your website, they’ll simply find another.
Whether a fraudster steals and tries to use someone else’s credit card or a customer fraudulently demands a refund or issues a chargeback, all credit card fraud is theft. It’s your job as the owner or manager to minimize your business’ risk of falling victim to theft.
So how do you do that? Protecting yourself from credit card fraud is an ongoing battle. These strategies will help.
Use a Popular Payment Processor
This is the most important piece of advice we can give, which is why we listed it first.
The best way to protect your business from credit card fraud is to work with a mainstream payment processor that offers a suite of fraud protection and resolution tools. These services will do most of the work of detecting and canceling fraudulent transactions.
Which processor do we recommend? There’s no contest. We think Stripe is the best payment processor, partly due to its powerful fraud protection tools. Since our plugin, WP Simple Pay, integrates with your Stripe account, using WP Simple Pay means you get Stripe’s built-in protection.
Here’s what it looks like when Stripe spots a payment with a high fraud risk.
Collect as Much Information as Possible
Each piece of information you request from your customers is one more piece of information a fraudster would need to acquire. Just like longer passwords make your accounts more secure, more information makes it harder for malicious people to fake identities.
Ask your customers for as much information as you think they will provide. For instance, while billing zip codes aren’t always required to process a card payment, asking for it gives the card issuer the opportunity to verify it. A failed verification is a strong indication of fraud (because people generally know their own zip code).
Even if your payment processor doesn’t need additional data points, it can still be useful to request more information from your customers in order to deter fraudsters. For example, asking for a phone number could make the fraudster worry that you’ll call and verify the purchase.
Delay Delivery of Your Product or Service
Generally speaking, shipping your customers’ orders or getting to work providing their service is smart business, so it’s tempting to get to work as soon as you see a new order come through. But that doesn’t help prevent fraud.
Wait to help your customers until your credit card processor has had time to review the transaction for fraud signals. This should only take a couple of days. Don’t ship physical products or spend time providing services until your processor indicates that the transaction is legitimate.
Create Rules to Prevent Fraud
Depending on your payment processor, you may be able to create rules that automatically decline suspicious transactions. This is a great way to use automation to protect your business from credit card fraud.
In Stripe (our favorite payment processor), you can use Stripe Radar to automatically block transactions or set them aside for your review. For example, you might create a rule that blocks any transaction where the billing address and shipping address are in different countries. Or you might create a rule that sets all transactions from a particular card aside until you can review them manually.
Here are a few examples of rules you can set to block transactions.
Look Out for Odd Purchases
You know your customers, including what they need, what they buy, and how they behave. Use that knowledge to look out for odd behavior that could indicate fraud.
For instance, let’s say you’re a coach who offers one-on-one consulting. A customer pays for a session, then demands it right away, even though you normally book two or three weeks out. They aren’t willing to wait for a time slot because they “need the information now.” If last-minute meetings aren’t usual in your line of work, the customer may be trying to receive your service before you realize their payment is fraudulent.
Or, for instance, let’s say a customer refuses to give you their last name for “privacy concerns,” even though you don’t sell anything embarrassing or unethical. This person may not want to give you a name because they don’t have it.
Communicate with Customers
If something doesn’t feel right about a credit card transaction, don’t be afraid to reach out to the customer directly for additional information. If they are behaving honestly, they won’t mind answering your questions. But if they are trying to commit fraud, they either won’t respond, or they will immediately ask you to cancel the transaction.
Even if the fraudster is willing to talk with you on the phone, you can learn a lot about someone from just their voice. Do they seem anxious or nervous? Does it take them a long time to provide information that most people have on the top of their head? Do they sound like they are the right age of your typical customer? Does their accent match their identity?
Fraudsters and thieves generally don’t want to have conversations with the businesses they steal from. Most of them will abandon their thievery as soon as you show a little bit of resistance.
Price in Your Fraud Costs
Even if you follow all of this advice, you will never completely eliminate credit card fraud. Technology improves all the time and we get better at identifying fraud every year, but for now, we have to accept a certain amount of credit card fraud as a cost of doing business. So one of the best ways to protect yourself is to factor some credit card fraud into your prices.
How much credit card fraud is unavoidable? That depends on your business, what you sell, and your customers. Some businesses are prone to more credit card fraud than others.
The best way to determine how much credit card fraud to consider as a cost is by benchmarking your chargeback rate. For example, if you average $200 worth of chargebacks every month, raise your prices to compensate yourself for that $200.
Refund Suspicious Payments
Sometimes a payment will get through your payment processor without getting flagged for fraud, but you still aren’t satisfied that it’s legitimate. Rather than deliver your products or services and wait for the real cardholder to notice the charge, it’s usually best to issue a refund as soon as possible.
When this happens, you will also want to send a note to the email address that came with the order. Let them know why you think the transaction might not be legitimate and if there’s anything they can do to order again with better payment information.
Does this mean you might lose some legitimate sales based on hunches? Yes, but it’s better than dealing with chargebacks, paying fees, and losing physical products for the time you spent delivering a service.
Don’t Let Your Guard Down
Protecting yourself from credit card fraud is an ongoing battle. It’s important to stay vigilant and look at every transaction suspiciously. Trust your gut. If something doesn’t look right, take steps to investigate. Complacency can cost you a lot of money.