It’s no fun when someone visits your website and attempts to commit payment fraud, but the threat of it – and cybercrime in general – appears to be getting worse.
A recent report from PwC1 shows that 44% of UK organisations that have experienced economic crime in the last 24 months have been affected by cyber incidents. That’s 20 percentage points higher than 2014.
What’s more, 51% of UK organisations expect to be a victim of cyber crime in the next two years.
Meanwhile, Paul Ashes, Payment Fraud and Risk Manager at Barclaycard, says that when it comes to spotting a fraudster there are ways to help tip the scales in your favour.
Know your enemy
Spotting a fraudster is easier if you understand why they are there. Paul says there are five main motives for online payment fraud:
- Obtaining goods: This is the main reason for fraud and accounts for a large percentage of attacks. Quite simply, a fraudster wants to buy something and uses someone else’s details to get it.
- Account testing: This describes fraudsters checking whether the card data they hold still works for making payments online. “This is often with merchants that have low-value transactions, or charities,” says Paul. The reason? Small amounts are less likely to raise suspicions if the transaction is declined.
- Money laundering: Fraudsters use stolen card data to generate cash or commodities that can be traded for cash. For instance, topping up a SIM card, and either selling it or using it to call a specially set up premium line phone number that gives the owner a share of the revenue.
Services: “Fraudsters act as ‘ghost brokers’, luring unsuspecting people to pay up front for policies that the fraudster buys for them with stolen card data,” says Paul. “When the policy is cancelled, they’ve made off with the clients’ cash."
There’s another crafty swindle fraudsters play on insurance companies. “They insure a car using stolen data, and even when the transaction has been shown to be fraudulent the insurance company still has to honour third party coverage for the entire length of the policy,” says Paul.
- Affiliate fraud: This refers to a fraudster setting up a rogue affiliate network. Genuine affiliate networks send genuine customer data to a merchant in exchange for a referral fee. Fraudulent networks send fraudulent data, and the fraudsters take the money and run before the merchant realises.
Keep your eyes peeled
It’s impossible to stop every fraudster, but there are some telltale signs to look out for. And there’s one golden rule, says Paul. If it seems too good to be true, it usually is.
“If it’s a new customer and they keep coming back in a short space of time, it’s a big red flag,” says Paul. Check if they keep buying the same thing, and also think about how many times you want a card to be used in one day before you decline it.
Another potential warning sign is if the delivery location is different to the cardholder’s address. An insistence on next day delivery – particularly if the ‘customer’ places a call after ordering to make sure – is also a worry.
“If one transaction is the equivalent of your total monthly transactions, it should be another big red flag,” says Paul.
And if you do get hit?
Keep your defences up
Paul advocates having a fraud screening provider in place, with its sophistication levels based on the businesses risk and resources. These use several different automated tests to assess whether a transaction is likely to be fraudulent.
There are lots of other things that can be done too.
One of them is keeping a close eye on high-risk products (it’s a good idea to have a record of items fraudsters have bought before) to help you spot unusual sales activity early. You should also maintain a list of email addresses and phone numbers that you feel may be linked to fraudsters and that you don’t want to be dealing with. Most importantly though, Paul says that fraud protection must be tailored to help you stay ahead of the fraudsters .
“The only way to get good at preventing fraud is to learn from previous fraud,” Paul says. “By looking at transactions and looking at fraud, you start to get a sixth sense.”
But you don’t have to fight the battle alone, there are many areas where you could be getting a helping hand .
For example, is the volume of online transactions you’re receiving being monitored for surprising spikes? Is the velocity of transactions being closely tracked? It should be – if they start coming in at an unusually high frequency, it’s a definite warning sign.
And are checks in place to detect whether the same email address is being used across numerous cards? Or if the card country of issue matches the delivery address?
Fortunately, this is where Barclaycard can come in. All of these are part of our online payment solution .
1 PwC – Double-digit rise in crime against UK corporates as cyber becomes the fastest growing economic crime
Please note that the views expressed in this article are personal opinions. Barclaycard cannot accept any responsibility or liability for reliance by any person on this article or any of the information set out in it.