iGaming Fraud Prevention: How to Mitigate Risks and Stay Profitable

iGaming has become hugely popular. And so have the associated fraud risks. Protect your games, your players, and your business.

iGaming — or online gambling for games and events — has been steadily increasing in popularity. Despite its appeal, iGaming is not without fraud risk. In fact, its growth has contributed to the rise in account takeover fraud and bot attacks on the wider online gaming industry.

Here’s what you need to know about iGaming fraud prevention.

What is iGaming Fraud?

iGaming fraud is any type of fraudulent activity targeted at iGaming operators and players, online casinos, and online betting shops.

The reason this industry is so appealing to fraudsters is because it promises high rewards. Global online gambling is a multi-billion dollar market. And fraudsters are reaping the benefits. Because online fraud allows them to remain anonymous and online casinos lack the face-to-face interaction of traditional casinos, fraudsters can get away with all kinds of schemes.

Fraud Threats in the iGaming Industry

As a merchant in this vastly growing industry, you face a multitude of threats each day. While fraudsters perpetuate the majority of these attacks, even customers you might know can take advantage of your generosity and commit fraud.

Account takeover attacks

During account takeover attacks — sometimes referred to as account takeovers — fraudsters hack into player accounts with stolen credentials. Sometimes, they may deploy bots to crack valid username and password combinations.

Once fraudsters get into accounts, they may change account credentials, steal payment information, drain any stored account value, or make unauthorized purchases with the account information.

Bonus Abuse

Bonus abuse happens when a fraudster or player exploits promotions for personal gain. For example, a fraudster might create multiple fake accounts to take advantage of a sign-up bonus.

Chargeback fraud

Chargebacks happen when cardholders dispute purchases with their banks. And they can happen a couple different ways.

  • Unauthorized transactions – Payment fraud happens when a fraudster uses stolen credit cards and debit cards to make purchases. In iGaming, a fraudster may use stolen cards to top off betting accounts. When cardholders discover the fraud, they call their banks to dispute the charges.
  • Friendly fraud – Friendly fraud happens when cardholders and opportunistic customers use the chargeback process incorrectly. For example, a player might regret the amount gambled and falsely claim fraud to get the money back. Or a significant other might not know the family member is gambling and disputes the charge as suspected fraud.

Multi accounting

Gnoming, or multi-accounting, involves players creating multiple online gambling accounts to help one player win or increase their odds of winning over other players.

Money laundering

Online casinos provide an easy opportunity for fraudsters to launder money. They can buy chips with laundered money, gamble, and then cash out with real money. This threat puts you at risk of failed compliance with anti-money laundering (AML) regulations.

Self-exclusion fraud

Some casinos participate in self-exclusion policies — which allow a person with a gambling problem to request their name be added to a self-exclusion list. The person is then legally banned from participating casinos and faces repercussions for entering those casinos.

In this scam, fraudsters open online gambling accounts and make false claims under the self-exclusion policy to blackmail iGaming operators into getting a refund.

Unfair gameplay

Unfair gameplay refers to using tactics to gain an advantage over other players or bypass restrictions set by the iGaming operator. For example, players can use bots to assess the odds in a game and bet accordingly. Underage players often use technology to bypass ID verification so that they can gamble.

How to Prevent iGaming Fraud

Protecting your online casinos and sports betting sites is crucial to maintaining the success of your business. Although iGaming fraud prevention can be difficult, the benefits far outweigh the negatives.

Improve site security.

First and foremost, make sure your site is safe for users. That includes everything from monitoring your site traffic to protecting account logins.

Implement firewalls

Firewalls allow you to monitor your site traffic and filter out bad traffic — such as traffic from bots. Implementing firewalls can improve your overall site security and give you better insight into who is visiting your online casinos.

Use a secure web hosting service

Choose a host that is aware of threats and offers ongoing support. Also make sure your host backs up your data to a remote server so that you can easily restore it in case your site is hacked.

Encrypt login pages

Use SSL encryption on your login pages to prevent fraudsters from accessing your login data. SSL is a web security protocol that allows sensitive information — like credit card numbers, social security numbers, and login credentials — to be transmitted securely through a web browser.

Keep software up-to-date

Fraudsters are always on the lookout for loopholes and weaknesses in web software. Combat their efforts by regularly updating all the software products you use.

Implement identity verification methods.

Preventing fraud starts by separating the good customers from the fraudsters. You also need protocols that allow you to verify that users are who they say they are.

Add CAPTCHAs

A CAPTCHA is a test to determine if a user is a human or a bot. When users sign up for a new account or make a purchase, require them to fill out a CAPTCHA.

Use authentication protocols

Require two-factor or multi-factor authentication to verify your players. These protocols require users to provide multiple pieces of information to prove their identity — which can deter fraudsters trying to hack into someone’s account.

For example, you can send an authentication link to a user’s phone when they log in. Or you can use protocols like fingerprinting or facial recognition.

Verify document authenticity

If you require a player to provide a driver’s license or other documentation to prove age and identity, make sure your technology can detect liveness. In other words — determine if the player is taking a photo of an actual item or uploading a fake document that’s been computer generated.

Check cardholder information.

The more information you collect from your users, the better your chances are at identifying and preventing fraud. During checkout, ask for more information so that you can verify that the cardholders are the ones making purchases.

Require CVV codes

The card verification value (CVV) is a three-or-four digit number on a credit or debit card that’s meant to help verify online purchases. Businesses can’t store security codes, so if fraudsters obtain card credentials from a data breach, they likely won’t have the CVV. Requiring this information could block card testing and prevent unauthorized transactions.

Perform AVS checks

Address Verification Service (AVS) compares the billing address provided during checkout to the billing address on file with the cardholder’s bank. If the addresses don’t match, the user probably isn’t the cardholder. Checking this information can help you reduce unauthorized transactions.

Set limits around account creation.

Players that cheat by multi-accounting ruin games for the rest of your players — and potentially cause them to leave your platform altogether. However, you can set up policies to reduce this activity.

First, you’ll need to analyze your users to identify suspicious behavior. From there, you can limit or block attempts to create multiple accounts.

Use device fingerprinting to identify multiple accounts

Device fingerprinting is collecting information — such as the software and hardware — of the devices used to access your website. Collecting this information can help you identify users who try to create multiple accounts using the same device.

Flag IP addresses

You can identify a user’s attempt to create multiple accounts by checking IP addresses and flagging known VPN IPs. Then, you can limit the number of accounts that can be associated with that IP address.

Evaluate email addresses

Evaluate email addresses used during sign up to identify suspicious account creations. With technology, you can find out when the email was created, how often it has been used, and when it was last used.

Newer email addresses with no usage history can be a sign of fraud. If you’re able to identify suspicious emails, you can then block or challenge attempts to create accounts with them.

Offer ongoing account protection.

The players are at the heart of your business. And if you want to maintain positive relationships with them, you’ll need to protect their accounts. Account takeover prevention software is the easiest and most accurate way to give your players the right protection, but you can also implement tools and policies to remind players that you care about securing their accounts.

Require strong passwords

Help keep accounts safe by requiring players to create unique, strong passwords. Most account takeover attacks happen because users share the same weak or easy-to-guess password across multiple accounts.

Notify players of unusual logins

When a user logs in from an unknown device, notify the account holder that an attempt has been made to sign in from a new device. This reminds your players that account safety is important to you and encourages them to monitor their accounts.

Authenticate users at sign in

You can also implement authentication protocols like MFA when users log in from new locations or devices. Of course, if the user is logging in from a known location, this step wouldn’t be necessary.

Monitor transactions.

Regularly check your transaction data to identify any suspicious activity that could indicate fraud. Some red flags include unusually large bets or frequent deposits from multiple accounts.

It’s also important to monitor transactions so that your platform doesn’t contribute to criminal money laundering or terrorist funding. AML regulations mandate that merchants carry out customer due diligence. Failure to comply with these regulations could leave you with huge fines and penalties.

Digital Fraud Prevention for iGaming Companies

Preventing fraud can be challenging to do well on your own. It’s possible, but you still may need help from technology. And you can use multiple solutions to address all the issues you may face, but the truth is fraud detection software is your best option.

You don’t want to spend your precious time fighting fraud or manually reviewing suspicious transactions. That’s what fraud experts and technology are for. And that’s where our partner, Kount, can help. They understand the threats facing iGaming companies today and have built technology to solve evolving fraud challenges in real time.

14 Direct and Hidden Costs of Chargebacks

The cost of chargebacks includes more than chargebacks themselves. So businesses must understand how the costs of chargebacks affect them.

Chargebacks are expensive. And unfortunately, the cost of chargebacks includes more than chargebacks themselves.

It’s important to understand the true price of chargebacks so you know just how much revenue is at risk. Learn more about the direct and hidden costs of chargebacks — and find out how to minimize financial losses as much as possible.

7 Direct Costs of Chargebacks

What are the most obvious and easy-to-recognize costs associated with chargebacks?

1. Lost merchandise: Products obtained as the result of criminal fraud are 100% business losses.

2. Chargeback fees: Fees can range from $15 to $100 per chargeback.

3. High transaction fees: If your business is classified as “high-risk,” your processor might increase processing fees — meaning you’ll have to pay more for each transaction you process.

4. Reserve accounts: High-risk businesses are often required to maintain a reserve account. This means your processor could withhold thousands of dollars each month in a separate, off-limits account.

5. Monitoring program penalties: If your chargeback activity breaches set thresholds, you could be enrolled in a monitoring program. Associated penalties vary by card brand and processor, but fines can be thousands of dollars per month.

6. Operational costs: These expenses include the costs to store inventory and market a product across channels.

7. Account termination: Businesses that experience excessive chargebacks risk account termination. Your payment processor can revoke your ability to process credit and debit card purchases.

7 Hidden Costs of Chargebacks

In addition to the obvious financial losses caused by chargebacks, there are other expenses that aren’t as well known.

1. Manual reviews: Some businesses react to increased fraud by performing more manual reviews, which is time-consuming and expensive.

2. Wasted labor: Chargeback responses, complaints, audits, and other fraud issues steal time from profitable activities.

3. Lowered bank authorization rates: If issuing banks perceive your business as high-risk, they might tighten their fraud filters and decline more — or even all — orders, costing you revenue from legitimate customers.

4. Opportunity costs: If chargeback activity becomes excessive, you may be tempted to spend more time on management than tasks with higher returns.

5. Customer acquisition costs: If transactions turn into chargebacks, you’ll have a lower return on investment (ROI) for your marketing campaigns and customer acquisition.

6. Customer friction: Businesses that increase friction to reduce fraud risk frustrating good customers.

7. Brand loyalty: Customers may become impatient and choose a competitor if their order is declined.

How to Reduce the Cost of Chargebacks

There are several things you can do to reduce the impact that chargebacks have on your bottom line.

Prevent chargebacks.

The first step to reducing costs is to reduce the number of chargebacks you receive. And there are tools and techniques that can help.

Start by checking your reason codes. Why are you getting chargebacks? Are criminals making unauthorized purchases? Or are customers unsatisfied with their orders?

It is crucial to understand why disputes are happening so you can solve problems at their source. For example, if fraudsters are stealing from you, updating your inventory won’t change much. On the other hand, if customers are complaining about the quality of your merchandise, fraud detection technology won’t be helpful!

Once you know what the underlying issues are, you can implement the most appropriate solutions. For example, you may do some or all of the following:

  • Add fraud prevention technology to your payment stack. That way, you can detect and block suspicious activity.
  • Make sure your product descriptions are clear and easy to understand. Help customers know exactly what they’ll be getting.
  • Review your marketing campaigns. Don’t promise something you can’t deliver.
  • Write clear billing descriptors. Help customers remember and understand their purchases when they see charges on their credit or debit card statement.

Fight chargebacks.

Not all chargebacks are valid. The majority are actually “friendly” fraud — customers using the chargeback process incorrectly.

For example, a customer might claim a purchase was unauthorized. But in reality, that same card number has been used at your business a dozen times before.

When these illegitimate chargebacks happen, fight back. Challenge the false claims and recover revenue that’s rightfully yours.

Ask for a review.

Once you have your chargeback situation under control, try to get people to notice. If your processor enforced penalties when chargebacks increased — like higher processing fees or a reserve account — see if you can get that action reversed.

Get help with chargebacks

Chargebacks can be difficult to manage — especially if you are trying to do it on your own. If you aren’t achieving the results you expect, don’t be afraid to ask for help. Service providers — like Midigator® — have the technology and expertise you need to be successful.

Sign up for a demo today if you’d like to learn more about our chargeback management solutions.

Visa Chargeback Monitoring Program and Dispute Management Tips

Want to learn about the Visa chargeback monitoring program and find out how to manage disputes? We’ve outlined everything you need to know in this blog.

If you’ve been in the card-not-present space for long enough, you know it’s crucial to keep your chargeback rate in check. But what happens when you experience an unexpected influx in chargebacks that lands you in the Visa® chargeback monitoring program?

In this guide, we’ll cover everything you need to know about the Visa dispute monitoring program and provide tips for managing chargebacks so you can avoid enrollment in the future.

What is the Visa Dispute Monitoring Program (VDMP)?

The Visa Dispute Monitoring Program (VDMP) is Visa’s global chargeback monitoring program. It’s meant to keep track of merchants’ chargebacks and enforce management techniques if thresholds are breached. It also serves as a penalty when merchants fail to comply with Visa’s standards.

Your acquiring bank monitors activity to ensure that your business doesn’t pose risk to their own organization or card networks. Therefore, if you breach Visa dispute thresholds, you will automatically be enrolled in the VDMP.

Risk thresholds

Visa monitors your dispute count and ratio to determine which program category you fall into. You are issued fines based on that category and the amount of time you spend in the program.

Each month you violate Visa’s thresholds, you could be placed in one of the following categories.

  • Early warning classification – 75 dispute count and 0.65% dispute ratio
  • Standard classification – 100 dispute count and 0.9% dispute ratio
  • High-risk merchant classification – 100 dispute count and 0.9% dispute ratio
  • Excessive classification – 1,000 dispute count and 1.8% dispute ratio

NOTE: The early warning threshold is not an actual violation, so you will not be issued any fines at that level. It’s an alert that your merchant account is getting close to violating dispute thresholds.

How do I calculate my dispute ratio?

Your dispute ratio — also known as a chargeback ratio or chargeback rate — is a metric that shows the ratio between the total number of transactions you process and the total number of chargebacks you receive.

Here’s how Visa calculator your dispute ratio:

For example:

Violation statuses

Visa’s violation statuses determine when fines and penalties are issued. Those three statuses are:

  • Notification: The first month that your account is in the standard threshold. Visa does not issue any fines during this stage; however, your processor can.
  • Workout: In the months following the Notification status, Visa allows time for you to fix your chargeback issues. This is the workout status. Again, Visa won’t issue fines during this stage, but your processor probably will.
  • Enforcement: If you do not fix your fraud issues during the months in the workout stage, your account moves to the enforcement stage. During the first month and any following months that your account meets the standard threshold or higher, Visa will issue fines and penalties.

NOTE: The notification and workout statuses only apply to merchants classified in the standard category. If you are classified as high-risk or have a dispute ratio of 1.8 or higher, you’ll immediately be issued fines without a grace period.

Fines

Fines are charged per each dispute. And the fines you owe depend on your classification type — standard, high-risk, or excessive. Fines start as soon as you are enrolled in the Visa chargeback monitoring program if you are classified as high-risk or excessive.

Regardless of the classification, the longer you are in the program, the more you’ll pay in fines. Typically, you are charged $50 per dispute and then a $25,000 review fee during certain months.

If you’re enrolled in the program for 12 months, Visa can close your merchant account, and you will no longer be able to accept Visa payments. However, it’s possible your acquirer will choose to close your merchant account much sooner.

How Chargeback Monitoring Programs Can Affect Your Business

Being enrolled in a chargeback monitoring program can be a huge drain on your revenue. Just the accumulation of chargebacks alone can hurt your profits. But with fines and additional fees, you’re looking at a large expense.

Additionally, fraud and an excessive number of chargebacks can put your merchant account at risk — which means you could potentially lose the ability to accept Visa payments.

Plus the stress of managing chargebacks and working towards exiting the program can be exhausting. You may have to hire more resources to get the problem under control.

The ideal scenario would be to avoid monitoring programs altogether. However, once you are enrolled, there are steps you can take to exit as quickly as possible.

NOTE: Aside from disputes, Visa monitors your fraud count and fraud ratio as well. There are two Visa fraud monitoring programs: the global Visa Fraud Monitoring Program (VFMP) and the Visa Fraud Monitoring Program – 3D Secure for US merchants. You can be enrolled in both the VDMP and VFMP at the same time. And chances are if you have issues with chargebacks, you likely have issues with fraud.

What to Do When You Are Enrolled in the VDMP

So how do you deal with enrollment in the VDMP? Fortunately, there are steps you can take to shorten the amount of time you spend in the program and resources that can help you develop an effective chargeback management strategy.

Develop a remediation plan.

Part of a chargeback monitoring program is to encourage merchants to develop an effective chargeback management strategy. Visa may request that you submit a remediation plan that outlines the steps you’re taking to resolve chargeback issues and regain compliance with the card brand standards.

Most remediation plans include the following key elements.

Business description

Describe the type of business you own — including payment and billing methods, marketing strategies, company mission, etc. Provide enough information to give the card brand a good sense of who you are.

Policy outlines

Provide details about your return and refund policies, terms and conditions, and any other internal procedures that could relate to the excessive level of chargebacks.

Chargeback description

Provide details of the events that lead to the increased number of chargebacks and high chargeback rates. That means you may have to investigate beyond the reason codes to figure out what the root cause of the issues are.

Risk management strategy

Your plan for reducing risk is one of the most important parts of this process. Provide a description of all the chargeback management tools you plan to use, when you will implement them, and how those will help prevent chargebacks.

Action plan

Lastly, you’ll want to let the card brand know what steps you will take to reduce chargebacks — what solutions you will use and your expected results. You’ll also need to include a backup plan in case the first plan fails.

Tips for Managing Chargebacks

Getting out of the VDMP really depends on how well you get your chargeback issues under control. There are a variety of tools and resources that can help you resolve disputes and prevent chargebacks from happening in the first place.

Chargeback prevention tools

There are several tools that can help resolve disputes before they become chargebacks.

Order validation

Order validation helps prevent chargebacks without causing you to issue refunds. When a customer files a dispute with the bank, the bank can look up additional information about the transaction using order validation. With that information, the bank can work with the customer to resolve the issue without a chargeback.

Prevention alerts

Prevention alerts give you an early warning when disputes are issued. With the extra time, you can take steps to resolve the problem — which usually involves issuing a refund — before a chargeback is filed.

Rapid dispute resolution (RDR)

RDR is another chargeback management tool that uses refunds to resolve disputes. The main difference between RDR and prevention alerts is automation.

With RDR, you can set thresholds for what you are willing to accept liability for — such as orders with certain reason codes or maximum dollar amounts. Anything that fits within your criteria is automatically refunded by the bank.

Data analysis.

Stopping chargebacks means figuring out what caused the disputes in the first place. And data analysis is usually the best way to do that.

Look for patterns to identify anomalies. For example, maybe chargebacks are more common in one country than another. Or one product is disputed more frequently than others.

Data analysis is easier and more accurate if you use fraud detection software that incorporates chargeback management. Using technology to collect and consolidate the data makes the review process more effective.

Fraud protection software.

For most merchants, the vast majority of chargebacks are fraud related. So using fraud technology can be an effective way to reduce chargebacks.

Most solutions use machine learning to automate decisions. What this does is help you minimize the most fraud possible without having to use up all your internal resources.

Additionally, fraud prevention providers can help you create a strategy to reduce chargebacks, lower your chargeback rate, and prevention issues in the future.

Customer service protocols.

Sometimes chargebacks happen because customers don’t recognize purchases on their billing statements or they have a difficult time contacting your customer service teams. Other times, it’s because your employees ship items incorrectly — causing goods to arrive damaged or a customer to receive the wrong item.

The best thing to do is reevaluate your customer service protocols — both on and off your website. That includes:

  • Making sure your fulfillment team is sending the right merchandise and packaging items correctly.
  • Having your customer service teams answer phone calls quickly and accurately.
  • Providing clear billing descriptors.
  • Writing detailed and accurate product descriptions on your website.

Verification tools

Another way to combat chargebacks is to implement verification protocols during checkout that will check if the cardholder is the one making a purchase. Therefore reducing unauthorized purchases.

One method is to require customers to enter the card verification value (CVV) on the card. Fraudsters who obtain card numbers online will not have this information and will not be able to complete the transaction.

You can also use address verification service (AVS) — which allows you to compare the billing address a customer provides during checkout to the billing address on file with their bank. If the addresses don’t match, the transaction may be declined.

Lastly, you can implement 3D Secure 2.0 — an identity verification tool that authenticates card-not-present transactions. When a customer makes a purchase, you can send information like shipping address and order history to the customer’s issuing bank. The bank then reviews the information to determine the likelihood of fraud and accepts or challenges the transaction.

Web security protocols

One of the easiest ways to mitigate fraud-related chargebacks is by updating your website security. Make sure you have a firewall so that you can monitor incoming and outgoing traffic on your site and block suspicious traffic.

Additionally, you can require CAPTCHAs during checkout to verify that the user interacting with your site is a human. These protocols can help you block bad traffic from bots — software that is programmed to run automated tasks such as card testing fraud and credential stuffing. As a result, you can mitigate chargebacks from unauthorized purchases.

Exiting the program

To leave the VDMP, your merchant account must be below the standard category thresholds for three consecutive months. If either your dispute count or dispute ratio fall below the thresholds, you will be considered compliant for that month.

Want help exiting a Visa chargeback monitoring program?

If you’ve been enrolled in a monitoring program, you need rapid results. And the best way to see quick and accurate improvements to your chargeback situation is to use chargeback management technology.

Midigator® can help. Midigator has the industry’s leading dispute management software with proven-effective solutions. Sign up for a demo today to learn more.

Mastercard Chargeback Monitoring Program: How to Manage Enrollment

Are you on the verge of placement in Mastercard’s chargeback monitoring program or have just been enrolled? Check out our guide to learn more about the program.

Enrollment in the Mastercard® chargeback monitoring program — called the Mastercard Excessive Chargeback Program — can be stressful.

But with these tips and suggestions, you can safely exit the program and avoid future enrollment.

What is the Mastercard Excessive Chargeback Program?

The Excessive Chargeback Program (ECP) is designed to encourage merchants to reduce chargebacks and improve their chargeback management strategy. It also serves as a penalty for merchants with excessive chargebacks.

Acquiring banks and card brands like Mastercard want to make sure your business doesn’t become a liability for their organizations.

Mastercard ECP thresholds

Mastercard uses two benchmarks to evaluate risk: the number of chargebacks in a given month and the chargeback rate. Merchants must exceed the threshold for both in order to be enrolled in the program.

Your chargeback rate is a metric that shows the ratio between the total number of transactions you process and the total number of chargebacks you receive. It’s also referred to as your chargeback-to-transaction ratio or chargeback ratio.

Here’s how Mastercard calculates your chargeback rate:

For example:

Merchant risk classifications

When you are enrolled in the ECP, your acquirer will classify you as either an excessive chargeback merchant (ECM) or a high excessive chargeback merchant (HECM).

Excessive chargeback merchant

Merchants are classified in this category when they breach both of the following monthly ECM thresholds:

  • Chargeback count: 100 – 299
  • Chargeback ratio: 1.50 – 2.99%

High excessive chargeback merchant

Merchants are classified in this category when they breach both of the following monthly HECM thresholds:

  • Chargeback count: 300+
  • Chargeback ratio: 3.0%+

Note: As of April 2020, merchants in the Excessive Chargeback Program are no longer classified as a Chargeback Monitored Merchant (CMM) with thresholds of 100 chargebacks and a 1.0% chargeback rate.

Fines

Mastercard assesses fines for merchants enrolled in the ECP based on the time spent within the program. The first month is a grace period — Mastercard won’t charge fines. However, your processor might.

After the first month in the program, fines are issued monthly and increase the longer you are enrolled. Amounts can range from $1,000 to $200,000 depending on your program classification.

However, you could potentially face additional fines from your processor or Mastercard through the Issuer Recovery Assessment (ISR). The ISR is an additional fine for merchants classified as HECM at 5 USD/EUR per chargeback over 300 chargebacks.

How Chargeback Monitoring Programs Can Affect Your Business

The unfortunate reality of being enrolled in a chargeback monitoring program is that the process of getting out of it can be difficult. And more than that, the program itself can be a huge drain on your revenue.

Chargebacks alone can dampen your profits. Add fines and penalties on top of chargebacks, and the financial health of your business could be seriously damaged.

Additionally, fraud and excessive monthly chargebacks put your merchant account at risk — which means you could potentially lose the ability to process transactions.

Taking proactive measures to avoid enrollment in a monitoring program is ideal. However, once you are enrolled, there are steps you can take to exit as quickly as possible.

What to Do When You Are Enrolled in the Mastercard ECP

When it’s impossible to avoid enrollment in Mastercard’s chargeback monitoring program, there are steps you can take to minimize the impact.

STEP ONE

Develop a remediation plan

Part of a chargeback monitoring program is to help merchants develop an effective chargeback management strategy. Mastercard may request that you submit a remediation plan that outlines the steps you’re taking to resolve issues and regain compliance.

Most remediation plans include the following key elements.

  • Business description – Talk about the type of business you own, payment and billing methods you accept, marketing efforts, and any other notable aspects of the business. The card networks need to get a good sense of who you are.
  • Policy outlines – Provide details about your return and refund policies, terms and conditions, and any other internal procedures that could relate to the chargeback issue.
  • Chargeback description – Provide details of the events that lead to the increased number of chargebacks. That means investigating the root cause of the issues — not just the reason codes — so you can tell a complete story about what happened.
  • Risk management strategy – Your strategy for reducing risk is one of the most important parts of the remediation plan. You’ll need to provide a description of all fraud tools and prevention methods you plan to use, when you will implement them, and how those will help prevent chargeback issues.
  • Action plan – Let the card network know what steps you will take to reduce chargebacks — what solution you will use, when you will implement it, and your expected results. You’ll also need to include a backup plan in case the first plan fails.
STEP TWO

Work on Managing Chargebacks

Your main goal when in a monitoring program is likely to get out of it. And you do that by reducing your chargeback activity.

But the reality is you need to develop an entire strategy around chargebacks for the present and the future. You want to reduce the current chargebacks you have but also prevent them from happening again. There are a variety of tools you can use to accomplish this mission.

3D Secure (3DS) 2.0

3DS 2.0 is an identity verification tool used to authenticate card-not-present transactions. When a customer makes a purchase, the merchant sends information like shipping address and order history to the customer’s issuing bank.

The bank then reviews the information to determine the likelihood of fraud. From there, the transaction can be accepted, denied, or challenged.

Address Verification Service (AVS)

AVS compares the billing address provided during checkout to the billing address on file with the bank.

During checkout, the customer enters their billing address. The address provided is compared to the address on file at the customer’s issuing bank. If the addresses don’t match, a fraudster might be at work. Suspicious transactions can be declined to avoid the resulting chargeback.

Card Verification Value (CVV)

The card security code or card verification value is a number printed on the card. This code is used to verify that the cardholder physically has the card on hand during card-not-present transactions. Requiring this code at checkout can help reduce the amount of unauthorized payments made from fraudsters who obtained stolen card information online.

Fraud Detection Software

Using a customizable, automated solution — like our partner  Kount — can drastically reduce the amount of fraud-related chargebacks you receive. The main benefit of using technology is that you can more accurately prevent chargebacks from happening using a combination of data, machine learning, and artificial intelligence.

Additionally, you can conduct more robust data analyses — which can help you identify problems associated with friendly fraud that are difficult to discover on your own. You can more easily figure out the source of your chargeback issues rather than taking guesses at what the problem might be.

Order Validation

When a customer files a dispute with the bank, the bank can activate order validation to get additional information about a transaction. With additional insights, the bank can hopefully resolve the dispute for you at the moment it happens.

Prevention Alerts

Prevention alerts notify you when a dispute is filed. This gives you the opportunity to resolve the issue — usually by processing a refund — before the dispute becomes a chargeback.

Rapid Dispute Resolution (RDR)

Like prevention alerts, RDR helps reduce chargebacks by issuing refunds on disputed transactions. The main difference between the two strategies is automation.

RDR allows you to set thresholds regarding liability — for example, the reason codes or dollar amounts you are willing to accept. And anything that fits your criteria is automatically refunded by the bank.

Exiting the program

To exit the ECP, your merchant account must be below the excessive chargeback merchant threshold for three consecutive months. That means if either your chargeback count or chargeback rate fall below the thresholds, you will be considered compliant with the program requirements.

Want help exiting the Mastercard monitoring program?

If you’ve been enrolled in a monitoring program, you need rapid results. And the best way to see quick and accurate improvements to your chargeback situation is to use chargeback management technology. And Midigator® can help.

Midigator has the industry’s leading chargeback management software with proven-effective solutions. Sign up for a demo today to learn more.

Visa Fraud Monitoring Program: How to Resolve Fraud Threshold Breaches

Have you breached Visa’s fraud thresholds and are now facing a monitoring program? Check out this guide to learn about how you can resolve fraud issues.

Being enrolled in fraud monitoring programs can be stressful and frightening — and the Visa® fraud monitoring program is no exception.

So what happens when enrollment is unavoidable? What can you do? We’ll walk you through everything you need to know about the Visa monitoring programs and actions you can take to resolve fraud issues.

What is the Visa Fraud Monitoring Program (VFMP)?

Visa has two fraud monitoring programs:

1. the global Visa Fraud Monitoring Program (VFMP)

2. the Visa Fraud Monitoring Program – 3D Secure (VFMP-3DS) for US-based merchants

These programs exist to monitor merchant accounts for compliance to Visa’s fraud thresholds. When merchants fail to comply with those standards — by having excessive fraud and chargeback levels — they are automatically enrolled by their acquiring bank.

Risk thresholds

Merchants are enrolled in a Visa fraud monitoring program only if they exceed the thresholds for both the fraud ratio and fraud amount. The thresholds vary slightly for each program.

For the Visa Fraud Monitoring Program (VFMP), there are four classification types. Each month you breach both thresholds you could be classified in as one of the following:

  • Early warning – Fraud amount threshold of $50,000 and a fraud ratio threshold of 0.65%
  • Standard – Fraud amount threshold of $75,000 and a fraud ratio threshold of 0.9%
  • Excessive – Fraud amount threshold of $75,000 and a fraud ratio threshold of 0.9%
  • High risk merchant – Fraud amount threshold of $250,000 and a fraud ratio threshold of 1.8%

Keep in mind that the early warning classification is not an actual violation. It’s an alert that your merchant account is close to the violation — which starts at the standard threshold.

For the Visa Fraud Monitoring Program – 3D Secure (VFMP-3DS), there are only two classification types. Each month you breach both thresholds you could be classified in as one of the following:

  • Early warning – Fraud amount threshold of $50,000 and a fraud ratio threshold of 0.65%
  • Standard – Fraud amount threshold of $75,000 and a fraud ratio threshold of 0.9%

Again, the early warning classification is not an actual violation and you will not be issued any fines.

Calculating your fraud ratio

Your fraud ratio or fraud rate is the total number of fraud reports (TC40s) you receive in the current month divided by your monthly sales volume for the same month.

Visa Fraud Monitoring Program (VFMP)

For the VFMP, that calculation would look like this:

An example would be:

Visa Fraud Monitoring Program – 3D Secure (VFMP-3DS)

For the VFMP-3DS, that calculation would look like this:

An example might be:

Fines

If you are enrolled in the VFMP, you will be issued fines in one large, lump-sum amount each month. The fines and penalties you owe will depend on your program classification — standard, high-risk, or excessive. Fines start much earlier if you are classified as high-risk or excessive.

Regardless of the classification, the longer you are in the program, the more you’ll pay in fines. Costs usually range from $10,000 USD to $75,000 USD per month.

If you are enrolled in the VFMP-3DS, you won’t be issued any fines, but you will lose liability shift protections until you exit the program.

How Fraud Monitoring Programs Can Affect Your Business

Fraud alone can cause a lot of harm to your business — reputation loss with banks and customers, increased labor costs, and more.

Additionally, being enrolled in a fraud monitoring program can increase the strain on your business — draining resources that would otherwise be dedicated to normal business operations. Plus, the fines you accrue from the program can put a huge dent in your bottom line.

The reality is being enrolled in a program puts your merchant account in jeopardy.

If you are enrolled in a program for too long, your acquiring bank is required to close your account so you can no longer accept Visa payments. However, your acquirer will likely close your account much sooner.

Enrollment in a monitoring program tells your acquiring bank you are struggling to detect and stop fraudulent activity. Your shortcomings could become a liability for your acquirer — and your acquirer probably isn’t willing to take that risk.

NOTE: In addition to the fraud rate, Visa monitors your chargeback rate as well. If you’re having fraud issues, chances are you’re also having chargeback issues. You could face enrollment in both the VFMP and the Visa Dispute Monitoring Program (VDMP) at the same time if you have excessive fraud and chargebacks.

What to Do When You Are Enrolled in the VFMP

So how do you overcome enrollment in one of Visa’s fraud monitoring programs? You start with a strategy for how you’re going to resolve the fraud issues that landed you in the program. Then, you can focus on getting out of the program.

Develop a remediation plan.

Part of a fraud monitoring program is to help merchants develop an effective risk management strategy. Visa will likely request that you submit a remediation plan outlining the steps you plan to take to resolve issues and regain compliance.

Most remediation plans include the following key elements.

Business description

Card networks need to get a good sense of who you are. Describe what type of business you own, payment and billing methods you accept, marketing efforts, and any other notable aspects of your business.

Policy outlines

Provide details about your return and refund policies, terms and conditions, and any other internal procedures that could be related to your fraud issues.

Fraud description

Provide details of the events that lead to the excessive level of fraud and high fraud rate. You may need to take a closer look at your data to figure out the root cause of the issues so you know exactly what happened.

Risk management strategy

Your strategy for reducing risk is one of the most important parts of the remediation plan. You’ll need to provide a description of all fraud tools and prevention methods you plan to use, when you will implement them, and how those will help prevent fraud issues in the future.

Action plan

Provide a detailed description of steps you will take to reduce fraud and chargeback rates — the technologies you will use, when you will implement them, and your expected results. You’ll also need to include a backup plan in case the first plan fails.

Resolve fraud issues.

The most important step to take when enrolled in a monitoring program is to get your fraud issues under control. You want to find a solution that can solve your issues in a reasonable amount of time but also provide long-lasting benefits so that you never face enrollment in a program again.

Resolving fraud starts with a well-rounded risk management strategy.

Conduct data analysis

Some fraud issues — like friendly fraud — are difficult to track because card brands don’t have a specific reason code for it. Issues like customers trying to get items for free by disputing purchases with their banks or kids making purchases without the cardholder’s knowledge are all just fraud.

But these issues can be prevented as long as you’re able to discover them. And the only way to find those cases of fraud is with data analysis. You need to look for patterns of behavior across a customer’s history to identify anomalies that could indicate friendly fraud.

Implement fraud technology

Using fraud detection software is the quickest way to reduce fraud accurately and effectively — which is especially important when you have a limited amount of time. Look for technology that allows you to customize solutions to fit your business needs.

The best part about using technology is that you don’t have to use all your internal resources to get the issue under control. The technology can work independently and much quicker than a human.

Update web security protocols

An easy way to minimize fraud is by updating or adding to your website security protocols. Make sure you have a firewall so that you can monitor incoming and outgoing traffic on your site and block suspicious traffic.

Additionally, add authentication tools like CAPTCHAs during checkout to verify that the user interacting with your site is a human. Using these protocols will help you block bad traffic from bots that can run automated tasks such as card testing and credential stuffing.

Use verification tools

Implementing verification tools is one way to check if the cardholder is actually the one making a purchase. And there are a few ways you can do that.

  • 3D Secure 2.0 (3DS) – 3DS is an identity verification tool that authenticates card-not-present transactions. Whenever a customer makes a purchase, you can send information — such as shipping address and order history — to the customer’s bank. The bank receives that information and reviews it to determine the probability of fraud. Based on the analysis, the transaction can be accepted or challenged.
  • Address verification service (AVS) – AVS allows you to compare the billing address a customer provides during checkout to the billing address on file with their bank. If the addresses don’t match, the transaction may be declined.
  • Card verification value (CVV) – The security code printed on a debit or credit card is meant to verify that the shopper has physical possession of the card. Requiring that customers enter the CVV during checkout can stop fraudsters who obtain stolen card information from an online hack.

Communicate with customers

Friendly fraud happens for a variety of reasons — customers don’t recognize purchases, want to get goods for free, experience buyer’s remorse, and more. The best way to tackle these issues is to communicate with customers throughout the buying journey.

That means:

  • Providing clear billing descriptors so customers recognize their purchases and don’t incorrectly claim fraud
  • Sending reminders before recurring billing renewals — especially ones that are quarterly or annually
  • Sending order confirmation emails to let the cardholder know a purchase has been made

Additionally, you can use order validation — which gives customers and banks detailed purchase information. This tool helps clear up billing confusion. Plus, with Visa CE 3.0, your fraud ratio can be reversed with the right evidence.

Exiting the program

To leave either of Visa’s fraud monitoring programs, your merchant account needs to be below the Standard threshold for three consecutive months. That means if either your fraud ratio or fraud amount fall below the threshold, you will be considered compliant for the month.

Want help exiting a Visa fraud monitoring program?

If you’ve been enrolled in a monitoring program, you need rapid results. And the best way to see quick and accurate improvements to your fraud situation is to use fraud detection technology.

We recommend our partner, Kount. Kount has the industry’s leading fraud detection and prevention software with proven-effective solutions. Sign up for a demo today to learn more.

Mastercard Fraud Monitoring Program: What to Do When You Get Enrolled

Are you enrolled in Mastercard’s fraud monitoring program? We’ll walk you through everything you need to know about the program and how to exit in this guide.

So you’ve been enrolled in the Mastercard® fraud monitoring program — also known as the Mastercard Excessive Fraud Merchant (EFM) program. Maybe you knew it was coming. Maybe it feels unfair. So what do you do now?

What is the Mastercard Excessive Fraud Merchant Program?

Mastercard’s EFM program is a way for the card brand to ensure you maintain compliance with their fraud thresholds. If you fall out of compliance, the program is partly meant to serve as a penalty. But mostly, the point of the program is to help merchants reduce fraud and develop better fraud management practices.

When you breach Mastercard’s fraud thresholds, you are automatically enrolled in the program by your acquiring bank. The program monitors your merchant account for compliance and issues fines for months that you fail to meet compliance requirements.

Risk thresholds

Merchants are enrolled in the Mastercard EFM Program only if all of the following criteria are met:

  • Volume requirements: At least 1,000 Mastercard transactions in the previous month
  • Amount threshold: $50,000 (USD/EUR) or more in fraud claims
  • Fraud ratio threshold: 0.50% or higher fraud-to-sales ratio

NOTE: Enrollment criteria differs for Australian-based merchants. If you operate a business in Australia, your ratio must be below 0.2% and your fraud amount below $15,000 USD.

If you use 3D Secure, there are additional thresholds you need to keep in mind. These thresholds vary depending on whether or not your country has legal or regulatory requirements for strong cardholder authentication.

How do I calculate my fraud rate?

Your fraud ratio or fraud rate is the total number of fraudulent transactions you process in a given month measured against your monthly sales volume. Mastercard calculates your fraud ratio by taking the total number of fraud claims filed against your business in the current month and dividing it by the sales count from the previous month.

The calculation looks like this:

For example:

Fines

Mastercard assesses fines for merchants enrolled in the EFM Program based on the amount of time you spend in the program. The first month is a grace period — Mastercard doesn’t issue any fines during that time. However, your processor might.

After the first month in the program, fines are issued monthly and increase the longer you are enrolled in the program. Amounts can range from $500 (or €500) to $100,000 (or €100,000) or more.

For example:

How Fraud Monitoring Programs Can Affect Your Business

Fraud alone can cause a plethora of problems for business — damaged reputation with banks and customers, increased labor costs, and more. Navigating fraud schemes like card testing and account takeover fraud are already challenging to overcome. But the addition of being enrolled in a fraud monitoring program can increase the strain on your business.

Not only is fraud costly to resolve, the fines you accrue from the program can put a huge dent in your bottom line and strain your resources.

What’s more, being enrolled in a program puts your merchant account in jeopardy. If you are enrolled in a program for too long, your merchant account will likely be terminated.

What to Do When You Are Enrolled in the Mastercard EFM

Navigating a monitoring program can be overwhelming. And it may feel like your options are limited or hope is dwindling. But there are actions you can take to get your business back on track.

Develop a remediation plan.

Part of a fraud monitoring program is to help merchants develop an effective risk management strategy. Mastercard may request that you submit a remediation plan that outlines the steps you’re taking to resolve issues and regain compliance.

Most remediation plans include the following key elements.

Business description
Card networks first need to get a good sense of who you are. Let them know what type of business you own, payment and billing methods you accept, marketing efforts, and any other notable aspects of your business.

Policy outlines
Provide details about your return and refund policies, terms and conditions, and any other internal procedures that could be related to your fraud issues.

Fraud description
Provide details of the events that lead to the increased level of fraud and number of chargebacks with fraud reason codes. This step may involve taking a closer look at your data to figure out the root cause of the issues so you can tell a complete story about what happened.

Risk management strategy
Your strategy for reducing risk is one of the most important parts of the remediation plan. You’ll need to provide a description of all fraud tools and prevention methods you plan to use, when you will implement them, and how those will help prevent fraud issues in the future.

Action plan
Provide a detailed description of steps you will take to reduce fraud and chargebacks — what technologies you will use, when you will implement them, and your expected results. You’ll also need to include a backup plan in case the first plan fails.

Develop a complete fraud and chargeback management strategy.

It’s important to start managing risk effectively as soon as you find yourself in a monitoring program. But it’s equally important to continue those efforts long after you exit a program so that you never face enrollment again. That’s why you want to develop a well-rounded strategy that can provide long-term protection.

Best business practices for an effective strategy usually consists of the following items.

Scalable, accurate, and flexible technology
Using fraud protection software is the quickest way to reduce fraud accurately and effectively — which is especially important when you have a limited amount of time. You want to look for technology that allows you to customize policies so that it fits your business needs and can scale as you grow.

It’s important to find a solution that can resolve your issues and get you out of the monitoring program. However, keep in mind that the best solution is one that will benefit your business long-term.

Web security protocols
An important element to mitigating fraud is to boost your website security. Add a firewall so that you can monitor incoming and outgoing traffic on your site and block suspicious traffic. Additionally, add CAPTCHAs during checkout to verify that the user interacting with your site is a human.

Using these protocols will help you block bad traffic from bots — software that is programmed to run automated tasks such as card testing fraud and credential stuffing.

Verification tools
Another way to combat fraud is to implement verification protocols during checkout. This helps determine if the cardholder — or fraudster — is making the purchase.

One method is to require the shopper to enter the security code (CVV) printed on the card. This step helps ensure the shopper has the card in hand and isn’t just using stolen card information from online hacks.

You can also sign up for address verification service (AVS) — which allows you to compare the billing address a customer provides during checkout to the billing address on file with their bank. If the addresses don’t match, the transaction could be declined.

Lastly, you can use 3D Secure 2.0 — an identity verification tool that authenticates card-not-present transactions. When a customer makes a purchase, you can send information like shipping address and order history to the customer’s issuing bank. The bank then reviews the information to determine the likelihood of fraud. This analysis can help determine if the transaction should be accepted or declined.

Data analysis
It’s great to stop fraud, but it’s better to discover the root cause of fraud.

Fraud reports provided by the card brands are pretty generic — they simply inform you that the cardholder claimed the transaction was fraudulent. But how do you know if that fraud claim was legit or not?

What about opportunistic shoppers who try to get items for free? Or spouses making purchases without the cardholder’s knowledge?

Oftentimes, the only way to discover the true cause of fraud is with data analysis. You need to look for patterns to identify anomalies. The easiest and most accurate way to analyze data is to use fraud detection software.

Up-to-date policies and procedures
Sometimes fraud happens because your refund and return policies aren’t very clear or are hard to find. Or sometimes your employees aren’t trained to recognize social engineering tactics — methods of manipulation fraudsters and customers use to get goods for free.

The best thing you can do is to keep your policies up-to-date and your employees well-trained on fraud trends — such as refund fraud, e-gift card fraud, chargeback fraud, and more.

Exiting the program

To get out of the Mastercard EFM program, your merchant account needs to be below the EFM program thresholds for three consecutive months. And because you must meet all requirements to be enrolled in the program, if you fall below the threshold for any of the requirements, your account will be considered compliant for the month.

Want help exiting a Mastercard fraud monitoring program?

If you’ve been enrolled in a monitoring program, you need rapid results. And the best way to see quick and accurate improvements to your fraud situation is to use fraud detection technology.

We recommend our partner, Kount. Kount has the industry’s leading fraud detection and prevention software with proven-effective solutions.

Ecommerce Fraud Prevention & Detection Best Practices for Businesses

Learn about the most common types of ecommerce fraud and signs your business is experiencing it. Plus, get tips for mitigating risks and protecting revenue.

Ecommerce fraud prevention is a key factor in running a successful digital business. Online merchants are a huge target for fraud simply because it’s easy for fraudsters to commit scams and get away with them — which is why being proactive about fraud is a necessity in today’s digital marketplaces.

What is Ecommerce Fraud?

Ecommerce fraud is an umbrella term for fraud schemes that specifically target ecommerce businesses. And each type of fraud can have serious consequences for your business — such as revenue loss, poor customer experiences, reputational damage, and inventory loss.

9 Types of Ecommerce Fraud

No matter what type of ecommerce business you run, you could experience any of the following types of online fraud.

1. Unauthorized transactions
Unauthorized transactions are any purchases made that are not approved by the cardholder. For example, when a fraudster uses a stolen credit card to make an online purchase, that would be an unauthorized or fraudulent transaction.

In addition to buying merchandise for resale or their own personal gain, fraudsters will also commit this type of fraud during a card testing attack — making dozens of small, unauthorized purchases to test the validity of stolen payment information.

2. Friendly fraud
Friendly fraud occurs when consumers use the chargeback process incorrectly.

In some cases, consumers have malicious intent. They will buy something with a premeditated plan to later dispute the purchases so they can have goods or services for free. But more often, consumers call their banks to dispute charges they don’t recognize or don’t realize were made.

For example, a son might use a mom’s card without her knowledge. Or the cardholder might forget about a subscription purchase.

3. Account takeover (ATO) fraud
ATO fraud happens when a fraudster forcefully gains access to customer accounts. Once in an account, the fraudster can steal personal and payment information, change account details, or drain any loyalty points or gift card balances.

4. Promotion fraud
Promotion fraud or promo abuse occurs when a customer or a fraudster exploits sales or promotions for personal gain. For example, they might open multiple new accounts with fake email addresses to obtain multiple free trial subscriptions — a practice known as new account opening fraud.

5. E-gift card fraud
E-gift card fraud is a scheme where a fraudster buys digital gift cards with stolen payment information then uses or resells them. Essentially, it’s a way for fraudsters to get cash for free.

6. Refund fraud
Refund or return fraud are schemes to get goods or services without paying for them. A fraudster or opportunistic customer exploits gaps in order fulfillment or shipping processes to get refunds without returning items.

Customers sometimes even hire professional refunding services to get refunds for large-dollar items.

7. Retail arbitrage fraud
Retail arbitrage fraud occurs when a fraudster purchases large quantities of discounted or limited edition items and then resales them on a different marketplace for higher price.

Often, fraudsters will use bots to override web protocols that place limits on the amount of items one buyer can purchase — gaining an unfair advantage over legitimate customers.

8. Triangulation fraud
Triangulation fraud occurs when fraudsters build fake online stores that advertise low prices on goods. When customers make purchases on the fake site, the fraudster collects their payment information, then forwards the legitimate transaction to the real merchant. The customer is then charged a second time — often resulting in a chargeback for the legitimate merchant.

9. Interception fraud
Interception fraud is a scheme where fraudsters attempt to intercept a customer’s order and obtain goods.

Interception fraud typically involves taking over a customer’s account to access order and shipping details. Then, the fraudster would use social engineering tactics to get the shipping address changed on an order.

Industry Best Practices for Ecommerce Fraud Detection

Despite the many threats facing your business, there are ways you can help prevent fraudulent activities.

Analyze customer data

Data analysis is a key component in a successful fraud management strategy.

Recognize high-risk orders

Part of stopping ecommerce fraud is about knowing when it is happening to your business. Most high-risk orders have certain characteristics in common such as:

  • Buying high-priced items
  • Ordering multiples of the same thing
  • Placing larger-than-normal orders

Check out this blog article about high-risk orders to learn more.

If you notice any of these details on a transaction — especially multiple red flags on a single interaction — you might want to block it.

Monitor chargeback and refund data

Monitor your chargeback and refund data so that you have a better understanding of who is interacting with your brand and why fraud has happened in the past.

Once you have that data, you can choose to either block or accept customers that have engaged in bad behavior — such as filing disputes or committing refund fraud.

Evaluate things like customer lifetime value (CLV), your chargeback rate, fraud ratios, and online reputation before you make those decisions.

Check IP addresses

An IP address is a unique set of numbers assigned to each internet or network device. It allows devices to communicate with one another. Monitoring IP addresses can help you detect fraud a couple different ways.

First, IP addresses are location specific. If the IP address doesn’t match the same geographical area of either the billing or shipping address, a fraudster could be at work. Second, multiple purchase attempts from a single IP address could mean a fraudster is testing multiple cards.

Track fraud by country

An IP address is a unique set of numbers assigned to each internet or network device. It allows devices to communicate with one another. Monitoring IP addresses can help you detect fraud a couple different ways.

First, IP addresses are location specific. If the IP address doesn’t match the same geographical area of either the billing or shipping address, a fraudster could be at work. Second, multiple purchase attempts from a single IP address could mean a fraudster is testing multiple cards.

Use available tools and resources

There are several available tools and technologies that can help prevent fraud.

Implement risk-based or step-up authentication

One way to keep out bots and fraudsters is to require authentication steps for suspicious interactions on your site. This authorization step could mean adding a CAPTCHA before checkout for orders under or over unusual amounts to ensure a user is not a bot. You could also implement secure multi-factor authentication protocols for suspicious logins.

Selective authentication requirements means you only challenge suspicious behavior and don’t add unnecessary friction for good customers. This keeps your experience safe yet user friendly.

Request card security codes

The card verification value (CVV) is typically a three- or four-digit code printed on a card. It’s meant to add a layer of security to online purchases and mitigate credit card fraud.

Businesses can’t store CVV codes, so it’s unlikely fraudsters will have that information if they obtain card numbers from data breaches. If a business requires the CVV at checkout, fraudsters with just the card numbers won’t be able to complete the purchase.

Sign up for address verification services (AVS)

Address verification service (AVS) compares a customer’s billing address provided during checkout to the billing address on file with the customer’s financial institution. If the addresses don’t match, the shopper probably isn’t the cardholder. If that happens when you run an AVS check, you might want to cancel the order.

Use 3D Secure 2.0

3D Secure 2.0 is a tool to help verify a shopper’s identity to reduce the risk of fraud. When a cardholder makes a purchase, the merchant sends real-time information — such as shipping address, the customer’s device ID, or order history — to the customer’s bank (called the issuer or issuing bank).

The issuer reviews the information to determine the likelihood of fraud. New information that differs from past attributes could indicate fraudulent activity. Based on the assessment, the transaction can either be approved, declined, or challenged with further authentication steps.

It’s important to note that 3D Secure 2.0 provides a guarantee. If a transaction is fully validated with 3DS2.0, a chargeback is blocked.

Partner with a reliable payment processor

Make sure you partner with a reputable payment processor. You don’t want to put your business at risk. Do your research and know who you’re working with before you sign up for services.

The benefit of working with a reliable processor — in addition to safely being able to accept payments — is that they can help you put security systems in place like CVV and AVS checks to minimize fraud.

Keep your site safe

Your website is one of our greatest assets. But if managed improperly, it can also be one of your biggest liabilities.

Set up firewalls

A firewall is a network security device that monitors incoming and outgoing network traffic. It can allow or block traffic based on a defined set of security rules.

Setting up a firewall can improve your network security by blocking unauthorized access to your site. Plus you can better monitor your traffic and identify suspicious interactions — such as abnormal, high velocity activity from bots.

Follow PCI standards

PCI-DSS is the global security standard for all businesses that store, process, or transmit sensitive cardholder data.

Maintaining compliance can help you create long-lasting relationships with customers, acquirers, and payment processors. Not maintaining compliance can lead to data breaches, law suits, damaged reputation, and a host of other problems.

Keep your website and software up to date

Fraud is constantly evolving, which means your website and fraud software needs to be continually updated to keep pace. Outdated technology can leave you vulnerable to attacks.

Use HTTPS

HTTP is a protocol that allows data transmission via the web. HTTPS is HTTP but is more secure. It uses TLS (SSL) to encrypt normal HTTP requests and responses. This means that any information you transmit — like passwords or credit card numbers — will be difficult for anyone to intercept.

Implement procedures and protocols

Take the necessary steps to ensure your internal teams and processes are secure.

Train employees on fraud

Training can play a crucial role in preventing fraudulent activity and should be offered to your whole team. Anti-fraud training can help employees identify and respond to potentially fraudulent inquiries more effectively.

For example, you can train each department on the following fraud practices.

  • Fulfillment team – Train your fulfillment team to look for empty boxes that should have returned merchandise. Also, equip your fulfillment team to identify returns that involve counterfeit merchandise.
  • Marketing team – Help your marketing team understand the importance of monitoring and analyzing ad traffic. With the marketing team’s help, you can detect and discontinue campaigns attracting fraud and promo abuse.
  • IT team – Make sure your IT team is aware of emerging fraud threats so that they can respond appropriately. That includes keeping software up to date, installing firewalls, and setting up any other technologies that can stop potential threats.
  • Customer service – Teach your customer service agents about social engineering and refunding services — these are some of the biggest threats your agents face. Also encourage agents to answer emails and calls promptly to maintain positive customer relationships.

Create custom fraud policies

Policies are the foundation of fraud detection software and prevention strategies. You need to establish rules about who you do and don’t want to do business with. However, these policies aren’t one-size-fits-all.

What works for another merchant in your industry might not work for you. And the way you handle one customer might be different for another. You need to be able to create policies that can block suspicious behavior on your site while still accepting the maximum number of customers possible.

Determine if manual reviews are best practice

Manual reviews means that one or more team members manually evaluates different data points to find fraud patterns.

Some businesses like to do some manual reviews to deliver better customer service or supplement older fraud solutions. However, manual reviews can be time-consuming, inaccurate, and ineffective at fighting fraud. And some businesses simply don’t have the time to manually review suspicious orders.

The decision to manually review transactions is something only you can decide. Maybe you want to review everything flagged as suspicious. Maybe you only review some. Or maybe you don’t review any at all.

Here are some things to consider:

  • Return on investment (ROI) – Will you save more than you’ll spend in manual labor? Potentially losing $1,000 for a designer purse might warrant $10 in labor costs.
  • Time – Can you afford delays in the checkout process? If you’re selling something that a customer expects to receive right away — such as a digital download or food order — you don’t have time to review orders.

Have clear policies for refunds, returns, and cancellations

Make sure your policies are written clearly on your website and placed in a location that is easy for customers to find. Consider having customers check a box that says they agree to your policies before checking out. That way, when a customer tries to exploit a policy, you can point back to their original consent.

Reevaluate your thresholds around busy shopping times

Certain times of the year are usually busier than others. That might mean you want to accept a little more risk during the holidays to maximize profits. Maybe you change your refund and return policies to be more lenient or lower risk thresholds. Perhaps you pause manual reviews.

Whatever you decide, just make sure you reevaluate your strategy once the busy time has passed.

Audit your merchandise

Certain merchandise can be more appealing for fraudsters. For example, if you mostly sell high-dollar items, fraudsters may target your low-dollar items so that they can use your business for card testing. Other items might be targeted for resale fraud — such as collectables or limited edition merchandise.

Keep track of items that attract fraud and consider removing them from inventory if they cause issues.

Protect multiple points of sales

Fraud can happen through mobile apps, websites, phone orders, and more. Make sure your fraud systems protect different sales methods if you offer multiple ways to pay for merchandise.

Adjust the customer experience

The customer experience is always evolving. Make sure you balance expectations with safety.

Set purchase limits

Setting limits on the number of items a customer can buy or the minimum amount they need to purchase can help you avoid card testing fraud and retail arbitrage.

Require accounts

It may seem extreme, but unless you implement fraud prevention software, don’t allow guest checkout.

The more customer information you have, the better you can verify if the cardholder is the actual shopper. Plus, the extra work of opening an account may dissuade fraudsters from attacking your business.

Consider collecting proof of delivery

One way to avoid return fraud and friendly fraud is by requiring your shipping and delivery department to take photos of orders once they have been delivered. This kind of proof can be extremely difficult for a customer to protest.

Implement friendly fraud prevention tactics

There are a variety of reasons for friendly fraud. For example:

  • Buyer’s remorse
  • Kids or a spouse making purchases without the cardholder’s knowledge
  • Restrictive return policies

There are lots of things you can do to reduce the risk of friendly fraud. Generally, the more robust your strategy, the greater your protection. Here are some best practices that can get you started:

  • Write clear product descriptions and include images so that customers know what they are getting
  • Use a clear billing descriptor
  • Don’t use bait and switch marketing
  • Wait to charge the card until you are ready to ship merchandise
  • Remind customers of recurring transactions before charging the card
  • Share policies before completing transactions and require customers to accept the policies before finalizing purchases
  • Offer great customer service when a customer has an issue

Some customers will still file disputes despite these protocols. For those cases, you can use chargeback prevention tools — such as prevention alerts, order validation, and RDR — to reduce the negative impacts disputes can have on your business.

Require strong passwords

Account takeover fraud happens so frequently because most customers use the same easy-to-guess password on multiple accounts. Setting password requirements will help with account protection and reduce ATO attacks.

For example, some password requirements you can implement include:

  • Minimum length of eight characters
  • Combination of letters and numbers
  • Mix of upper and lowercase letters
  • Use of special characters

Additionally, you can encourage customers to regularly update their passwords for stronger protection.

Payment Fraud Prevention Solutions for Ecommerce

Different fraud types require different solutions. You can use multiple vendors to solve each problem or build a solution yourself. However, you might waste a lot of time and effort trying to manage fraud that way.

A smart option would be to use an all-in-one solution that not only mitigates all types of fraud, but also improves business efficiencies. And our partner Kount can help.

Kount has decades of experience in ecommerce fraud and have helped hundreds of businesses just like yours. We recommend you check them out!

Egift Card Fraud Prevention: The Complete Guide

Egift card fraud can drain revenue and frustrate customers. Check this guide to learn everything you need to know about how it happens and ways to prevent it.

Egift card fraud is a growing threat to businesses that offer digital gift cards. And while these cards present many benefits — such as customer loyalty and more revenue — they come with risks. However, you can mitigate the negative impacts by recognizing gift card scams and implementing prevention tools.

What Is Egift Card Fraud?

Egift card fraud is a scheme where a fraudster buys gift cards online using stolen payment information then uses or resells them. Essentially, it’s a way to get cash. And because egift cards don’t require buyers to attach hardly any personal details to them, fraudsters can easily get away with scams.

Types of Egift Card Scams

There are several common fraud scams involving egift cards.

Secondary marketplace scam

In this scam, a fraudster will buy gift cards online from retailers or restaurants using stolen credit cards and debit cards. Then, the fraudster resells those egift cards on secondary marketplaces like eBay.

Meanwhile, the person whose payment information the fraudster used to buy the egift card notices a fraudulent charge on their bank statement. They call the bank to dispute the charge and the bank refunds the customer, then issues a chargeback to the business.

Card testing

Card testing occurs when a fraudster makes small purchases with stolen payment information to validate which cards work. Egift cards are prime targets for this kind of scam because fraudsters can make these purchases in low denominations without raising suspicion.

And once they validate cards that work, they typically move on to make larger purchases elsewhere.

Account takeover

In an account takeover attack, a fraudster forcefully gains access to a customer account. The goal is to steal anything with monetary value — such as loyalty points or account balances — or steal personal information. They can easily convert account balances into cash by purchasing gift cards and selling them online.

If a business doesn’t have any account protection protocols in place, fraudsters can also use existing gift card balances on a customer’s account to make purchases on that business’s website and ship the goods to a different address.

Gift card number hacking

In this scam, fraudsters attempt to find valid egift cards by deploying bots to test egift card numbers against combinations of activation codes. Because bots are computers designated to run tasks automatically, they can test thousands of card numbers and codes within minutes.

Elder abuse

Sometimes fraudsters use social engineering tactics — like phishing scams or phone scams — to obtain gift cards. Often, they will target older adults that they can easily manipulate.

Typically, fraudsters will call an elderly person pretending to be an employee of a government agency and say that a family member is in jail. The only way to bail that family member out is by sending money in the form of gift cards. So the elderly person purchases digital gift cards and gives the card numbers to the fraudster.

How Egift Card Fraud Affects Merchants

Like other fraud schemes, egift card fraud can have a multitude of negative effects on your business — profit loss, inventory loss, and brand damage, to name a few. Understand the risks so that you can take the necessary precaution to avoid this type of fraud altogether.

Chargebacks and penalties

When cardholders discover unauthorized purchases, they typically dispute those charges with their banks. So if a fraudster buys egift cards with stolen payment information from your business, you will be liable for any associated chargebacks and fees.

Too many chargebacks can put you at risk of breaching dispute thresholds with card brands — which can lead to enrollment in a chargeback monitoring program.

Reputational damage

If a customer becomes a victim of an egift card scam through your business, it’s likely that customer may stop purchasing products or gift cards from you again. That’s because most customers blame businesses for fraud. And when customers stop shopping from you, it can hurt your overall reputation — causing your business to look untrustworthy.

Revenue loss

Fraudulent purchases almost always fall back on the merchant. If a cardholder disputes charges for egift cards, you not only lose the revenue from the original sale, you have to refund the cardholder and potentially pay penalties and fees.

Future risks

Scams like card testing reveal weaknesses in your security systems. If fraudsters learn that they can use your business to make test purchases with egift cards, they are likely to use your business to commit other dangerous fraud schemes.

Egift Card Fraud Prevention Tips

Wondering how to stop egift card fraud and chargebacks? Fortunately, there are ways to help protect your business.

Increase website security.

Add captchas to your website to stop scripts and bots from running card testing attacks or egift card number testing. Also set up firewalls so that you can better monitor your site traffic.

Require more information from customers.

When customers make egift card purchases, require that they give you more information such as name, physical address, and email. Typically, fraudsters get away with e-gift card fraud because they don’t have to provide personal information like a physical address to purchase. However, requiring additional information can help identify potential fraud.

Add identity verification steps.

When a customer tries to redeem a gift card, add an identity authentication step — such as multi-factor authentication for unknown customers and passive authentication for known customers. Additionally, you could require customer sign in to an account to redeem a gift card.

Place limits on large or repeated gift card purchases.

Set up your website to automatically decline transactions for egift cards with unusually high amounts or for multiple gift card purchases made in quick succession. While it’s possible a legitimate customer could buy a gift card with a balance of $1,000 or more, it’s very unlikely.

Implement account security protocols.

The best thing you can do to keep your loyal customers safe from account takeover attacks is to implement account safety protocols. This will help prevent fraudsters from breaking into accounts and stealing valuable information or draining the accounts.

Get professional help.

While you can implement safety protocols to help mitigate egift card fraud, the best way to truly stop it is to use fraud detection and protection software. We recommend Kount.

Egift Card Fraud Frequently Asked Questions

Want to know more about egift card fraud and how to manage it? Here are some of the most frequently asked questions we’ve heard from other merchants. Check out our team’s answers.

QUESTION

What do I do if a customer reports that they have been scammed using gift cards?

You can refund the customer and resolve the issue; or you can deny a refund and risk the customer filing a dispute.

Decisions like this are usually based on several factors such as the customer’s lifetime value (CLV), the current state of your brand’s reputation, and your chargeback-to-transaction ratio.

QUESTION

Can egift cards be traced online?

The only way a gift card could be traced is through receipts for purchases. Egift cards cannot be traced back to a specific person unless they are tied to personal identifying information.

QUESTION

Are gift cards worth the risk?

Despite the risks associated with egift cards, they are still worth offering to your customers. They’re a great way to maintain positive relationships with customers and an excellent way to bring in revenue.

Customers often overspend when they use a gift card — bringing in revenue on top of the profits you already earned from the gift card sale. On the flipside, some customers may forget about the gift cards and never use them or don’t use the full balance. In that case, you earn revenue without shipping out merchandise.

Machine Learning Fraud Detection and Prevention Guide

Using machine learning fraud detection can improve business processes and increase revenue. Read more in our detailed guide.

When shopping for a fraud prevention solution, you probably hear about machine learning- based fraud detection systems all the time. But does anyone really explain what it is and why you need it? We know it can be a complex topic, so we’re here to break it down.

What is Machine Learning Fraud Detection?

Machine learning for fraud detection is the practice of using artificial intelligence to analyze data and learn from data to make informed decisions about fraudulent activity.

Some fraud prevention tools use supervised and unsupervised machine learning models. But most fraud providers only utilize supervised, which can weaken the tool’s ability to accurately decipher data and make informed decisions. The best fraud detection systems use both types.

What is Supervised Machine Learning?

Supervised machine learning is used to classify data or make predictions. When used for fraud detection, this type of machine learning looks at a user’s past actions — such as filing chargebacks, requesting refunds, or defaulting on loans — to make predictions about that user’s future behavior.

Supervised learning relies on well-labeled, extensive data to make accurate predictions. Essentially, that means fraud prevention providers need tons of historical data to create a successful system — especially providers that only use supervised learning.

What is Unsupervised Machine Learning?

Unsupervised machine learning uses algorithms (rule sets or processes) to analyze and group datasets. These algorithms then uncover patterns and trends without human intervention. That means it can evaluate a user’s current attributes — such as device type or number of email addresses associated with the user — to gauge potential risk.

Unsupervised learning is used less often in fraud detection software than supervised learning because of the complexity of its algorithms. However, the combination of both types of machine learning is what makes a fraud solution efficient, powerful, and accurate at detecting fraud and preventing it from happening.

The Difference Between Machine Learning and Artificial Intelligence

Machine learning is often used interchangeably with artificial intelligence (AI). However, they are not the same thing. Artificial intelligence refers to programming machines to think and act like humans. Machine learning is a subset of AI that acquires its own information and knowledge to make predictions.

Note: Machine learning also has its own subset called deep learning. Deep learning is what creates an artificial neural network — a layered structure of algorithms — that allows machines to make intelligent decisions on its own.

How Does Machine Learning Work?

Generally, the way that machine learning works is by collecting data, analyzing it, and using it to make predictions about user behavior. From there, the system makes decisions on whether to block or accept an interaction.

When we break that down further, it looks something like this:

1. Users interact with your business. Interactions can include accessing an account, requesting a loan, or buying a product from an online store.

2. Machine learning extracts data about users. The technology collects information about the user such as location, email address, type of device, and more.

3. The data is analyzed by machine learning. Using one or both types of machine learning, the collected data is evaluated for patterns of behavior.

4. Machine learning algorithms make predictions about users’ behavior. The technology identifies any risks associated with a specific user.

5. Decisions are made. The technology approves or declines interactions based on policies and rules.

6. Machine learning learns from each interaction. The technology records event outcomes and learns from them to improve decision accuracy consistently over time.

The Benefits of Machine Learning-Based Systems

Machines can process large amounts of data very quickly — which is why machine learning-based fraud systems are more effective, accurate, and consistent than manual fraud management practices. Plus, these systems are able to conduct extensive data analysis that just isn’t possible for humans to do.

Using machine learning in fraud detection relieves you of the hassle and resources needed to keep fraud in check — which means you:

  • Gain back time and resources: Machine learning works faster and more efficiently than humans, so you can reduce labor-intensive, time-consuming manual processes and spend more time on revenue-generating tasks.
  • Get better fraud detection: Machine learning can detect patterns and trends that humans simply can’t see. Plus, it learns from every interaction so outcomes are always improving — giving you the best possible fraud prevention.
  • Are always protected: Algorithms don’t need breaks or sleep. They work 24/7, giving you never-ending protection.
  • Receive accurate results: Because machine learning acts on facts — not subjective biases, assumptions, or opinions — it makes accurate decisions without the risk of human error. Plus, it analyzes data in real time, so decisions are based on current information.

FAQs About Using Machine Learning for Fraud Detection

Need to know more? We’ve answered the most common question we get about machine learning for fraud detection.

QUESTION

Does machine learning cost more?

The simple answer is no — it doesn’t cost more.

But to break it down, take this scenario:

Say it takes an employee one minute to complete a manual review. Hypothetically, that employee could complete 60 reviews in one hour. Let’s say the employee is paid $25 per hour. That means each review costs about $0.42.

But humans need breaks. And sometimes they make mistakes.

On the other hand, technology might cost $0.07 for each transaction review. In one hour alone, you’ve saved $20. An employee would have to review 857 transactions each hour to be as cost-effective as machine learning.

Plus, technology doesn’t need breaks — it can work around the clock.

So even the most expensive technology is still more cost-effective because it provides better, more accurate protection in significantly less time than error-prone, labor-intensive processes.

QUESTION

Will I have a higher rate of false positives?

No. Because machine learning can pick up on trends and patterns that humans can’t catch with manual reviews, you should have more accurate results — thus, less false positives.

For example our partner, Kount, helps businesses reduce false positives by an average of 70% while still blocking the greatest amount of fraudulent transactions.

QUESTION

Does machine learning slow down the decision making process?

No. Machine learning does the exact opposite — it speeds up the decision making process with better accuracy. It analyzes data within milliseconds — less time than it takes to blink an eye — and delivers immediate results so customers don’t experience any delays no matter what stage they’re at in the customer journey.

QUESTION

What happens to manual reviews?

If you like to have complete control over your business, don’t fear. Machine learning can be customized to fit your needs. If you still want to manually review certain orders, all you have to do is create policies that will set aside orders that meet specific criteria.

On the flipside, if you want to completely eliminate manual reviews, machine learning can help you do that too. It all depends on the policies and risk thresholds you set up.

QUESTION

What is the difference between a rules-based system and a ML-based system?

Rule-based fraud detection relies on sets of rules to detect and make decisions about fraud. Common rules include location, frequency, and user history. The technology blocks or accepts transactions depending on whether or not a transaction fulfills the rules. This system requires frequent intervention from humans to quality check and update rules as the system collects more data.

Machine learning-based fraud detection operates similarly; however, it requires no intervention from humans. Because machines constantly learn from interactions, they can improve processes on their own. As a result, ML-based systems significantly cut down the cost of fraud management — saving money in overhead and labor.

Plus, with a ML-based system, you can write your own rules that fit your unique business situations. Most rule-based systems have pre-packaged rule sets that leave little room for customization.

What to Look for When Buying Machine Learning for Fraud Detection

There are multiple fraud providers on the market. Picking the right one can be a lengthy and challenging process — unless you know exactly what you are looking for.

Uses multiple types of machine learning

Many providers only use one type of machine learning. But to get the best protection possible from a fraud tool, look for a provider that uses both supervised and unsupervised learning.

Think of it this way: gas cars are great, but can be expensive to fuel up. However, hybrid cars are typically more fuel-efficient — saving you money while still giving you the experience of a gas car.

Lets you customize policies

Your business has unique challenges. So you need a solution that can adapt to your business, not the other way around. Make sure you work with a provider that lets you determine the rules and policies that fit into your fraud strategy.

Gives you flexibility

What works for other businesses might not work for yours. Maybe you don’t have the time or resources to manage fraud at all. Or maybe you still want to review certain orders and let automation tackle the rest. Find a provider that can accommodate as much or as little automation as you need.

Collects robust data

Machine learning can only be as good as the data that fuels it. When looking for a provider, ask about the data they collect. Do they have decades-worth of data and experience or are they a newer provider? Do they collect information about users, devices, transactions, payments, and locations or do they only collect transaction details or payment data?

Offers guidance from fraud experts

No matter how “simple” and “easy” a fraud detection system may be to use, there might be times where you need a little bit of guidance. That’s why you want to work with a provider that provides additional services beyond fraud protection. A truly beneficial solution should come with fraud expertise from real humans.

Ready to get started?

Are you interested in machine learning for fraud detection? If so, we recommend you check our partner, Kount.

Kount is the industry’s leading trust and safety technology solution. They’ve been using machine learning for decades — ensuring you get the best results possible.

Visit their site to learn more about Kount’s machine learning.

Fraud-to-Sales Ratio: Everything You Need to Know

Every merchant is at risk for fraud. Regardless, all fraud claims can negatively affect your fraud-to-sales ratio — which comes with a host of problems.

Every merchant is at risk for fraud. And it can happen at any time for a variety of reasons. Regardless, all fraud claims can negatively affect your fraud-to-sales ratio — which comes with a host of problems.

In this guide, we’ll help you understand what a fraud-to-sales ratio is and how to manage it.

What is a Fraud-to-Sales Ratio?

A fraud-to-sales ratio measures the number of fraudulent transactions you process in a given month against your monthly sales volume. If you process a transaction and the cardholder later claims it was unauthorized, your fraud-to-sales ratio will be impacted.

Each card brand has a different method of calculating the ratio.

Visa® fraud ratio

Visa’s ratio compares the amount or value of total transactions to the amount of transactions classified as fraud.

The Visa fraud-to-sales ratio is calculated in the following way:

Here is a real-life example:

Mastercard® fraud ratio

Mastercard’s calculation differs in a couple ways. First, Mastercard considers transaction volume — not amount. And, the calculation compares the current month to the previous month.

Here’s Mastercard’s calculation:

And here’s a real-life example:

Only brand-specific transactions are included in the calculations. For example, fraud claims made on Visa transactions will only count towards the Visa fraud threshold.

Which Types of Fraud Are Included in the Fraud Ratio Calculation?

There are two types of fraud that are factored into the fraud-to-sales ratio: criminal fraud and friendly fraud.

Criminal fraud occurs when a fraudster uses a payment card or account information to make an unauthorized purchase.

Friendly fraud happens when a customer makes a purchase and later disputes it with their bank — most likely because they forgot about the purchase or don’t recognize it on their bank statement.

Unfortunately, it’s difficult to know which type of fraud you’re dealing with because there isn’t a friendly fraud reason code — it’s just fraud. If a cardholder claims a transaction is unauthorized, banks will typically file a chargeback. They won’t usually tell the customer no just because they suspect friendly fraud. Therefore, all fraud claims — valid and invalid — are included in the ratio.

Why Does Your Fraud Ratio Matter?

Each card brand sets its own fraud-to-sales ratio threshold or limit. And acquiring banks have to monitor merchants for thresholds violations — along with other risk metrics.

That’s because card brands and banks want to know if your business poses a risk to theirs. They don’t want to work with merchants that could potentially cause them to lose money or damage their reputation. So they monitor metrics to gauge risk levels. If your risk levels get too high, banks can close your accounts.

NOTE: The fewer transactions you process with a card brand, the easier it is to breach that card brand’s thresholds. For example, if you only process five Visa transactions in a month and one of those is fraudulent, you could go over the threshold limits.

But before closing an account, the bank will usually give you a chance to improve your fraud problems. One of the ways they do this is by enrolling you in a fraud monitoring program.

What are Fraud Monitoring Programs?

Fraud monitoring programs are used by card brands to penalize merchants who breach risk thresholds — similar to chargeback monitoring programs. These programs are meant to help you better manage fraud.

Programs typically require you to provide a detailed remediation plan outlining your strategy for reducing your fraud ratio. And that may include submitting monthly progress reports.

A WORD OF WARNING: If you remain in a monitoring program for more than 12 months, your acquirer is required to close your merchant account and terminate payment processing privileges. However, your acquirer will likely want to minimize potential risk and close your account sooner than the 12-month deadline.

Visa Fraud Monitoring Program

The Visa Fraud Monitoring Program (VFMP) consists of four classification types. Each month you breach both thresholds (or get close to violating them), you could be flagged as one of the following:

  • Early warning classification type – $50,000 fraud amount threshold and 0.65% fraud ratio threshold
  • Standard classification type – $75,000 fraud amount threshold and 0.9% fraud ratio threshold
  • Excessive classification type – $75,000 fraud amount threshold and 0.9% fraud ratio threshold
  • High-risk classification type – $250,000 fraud amount threshold and 0.9% fraud ratio threshold

The early warning threshold is not an actual violation. It’s an alert that your merchant account is getting close to the violation — which starts at the standard threshold.

A NOTE FOR U.S. MERCHANTS: If you use 3D Secure 2.0, there are additional metrics used to measure your risk and different threshold limits. Talk with your payment processor about those metrics and risks to see if the chargeback prevention tool is a good fit for your business.

Violation statuses

Visa has three violation statuses that determine when fines and penalties are issued. Those statuses are:

  • Notification: During the first month that your account is in the standard threshold, you will be notified. Visa does not issue any fines during this stage (but your processor might).
  • Workout: In the months following the Notification status, Visa gives you time to fix the fraud issues and your account is moved to the workout status. Again, Visa won’t issue fines during this stage — but your processor probably will.
  • Enforcement: If you do not fix the fraud issues, your account moves to the enforcement stage. During the first month and any subsequent months that your account meets the standard threshold or higher, Visa will issue fines and penalties.

The early warning threshold is not an actual violation. It’s an alert that your merchant account is getting close to the violation — which starts at the standard threshold.

NOTE: The notification and workout statuses are only applicable to merchants classified in a standard program. If you are classified as high-risk or excessive, you’ll immediately be fee-eligible. There is no grace period.

Fines

The fines and penalties you owe will depend on your program classification — standard, high-risk, or excessive. Fines start much earlier if you are classified as high-risk or excessive.

Regardless of the classification, the longer you are in the program, the more you’ll pay in fines. Costs usually range from $10,000 USD to $75,000 USD per month.

NOTE: It’s important to note how program monitoring fees are charged. Unlike a chargeback fee — which is a per-instance cost — monitoring program fines are issued in one large, lump-sum amount each month.

And it’s pretty rare to be enrolled in a monitoring program for one card brand but not the other. If you are consistently breaching Visa’s thresholds, you will probably also go over Mastercard’s limits. Therefore, you could receive fines from both card brands.

Don’t let these high-dollar expenses catch you off guard.

How to get out of the VFMP

Inclusion in the VFMP isn’t meant to be permanent. Visa intends for merchants enrolled in the VFMP to improve fraud prevention strategies and decrease their fraud-to-sales ratio to an acceptable level.

To exit the VFMP, your merchant account has to be below the standard threshold for three consecutive months. If you breach the threshold again — during month two, for example — you will have to start over.

Mastercard Excessive Fraud Merchant Program

The Mastercard Excessive Fraud Merchant (EFM) Program is designed to reduce fraud associated with card-not-present transactions.

Merchants are enrolled in the Mastercard EFM Program if all of the following criteria are met:

  • VOLUME REQUIREMENTS: At least 1,000 Mastercard transactions in the previous month
  • AMOUNT THRESHOLD: $50,000 (USD/EUR) or more in fraud-related chargebacks
  • RATIO THRESHOLD: 0.50% or higher fraud-to-sales ratio

NOTE: Enrollment criteria differs for Australian-based merchants. If you operate a business in Australia, your ratio must be below 0.2% and your fraud-chargeback amount below $15,000 USD.

If you use 3D Secure, there are additional thresholds to consider. These vary based on whether or not your country has legal or regulatory requirements for strong cardholder authentication.

Fines

Mastercard assesses fines for merchants enrolled in the EFM Program based on the time spent within the program.

The first month is a grace period — Mastercard doesn’t charge a fine. However, your processor might.

After the first month in the program, fines are issued monthly. Amounts can range from $500 (or €500) to $100,000 (or €100,000) or more.

How to get out of the Mastercard EFM Program

To exit the program, your merchant account must be below EFM program thresholds for 3 consecutive months.

And because you have to meet all criteria to be placed in the program, if either the fraud amount or ratio is less than the threshold limit, your account is considered compliant for that month.

Discover and American Express Fraud Monitoring Programs

Discover and American Express do not provide any public-facing information about fraud monitoring programs, terms, or fines.

We recommend you contact your acquirer to discuss thresholds and expectations for these card brands. If you are a Midigator client, contact your account manager for guidance.

Fraud Monitoring Program Reason Codes

Under normal circumstances, you can respond to chargebacks using compelling evidence and supporting documents. However, once you are enrolled in a fraud monitoring program, your response options are severely restricted.

The only way you can fight fraud-coded chargebacks while in a monitoring program is if:

  • The customer no longer wants to dispute the purchase.
  • A refund was issued before the dispute.
  • A prior dispute on the transaction was already accepted.

A WORD OF WARNING: Because it’s so difficult to fight a fraud-related chargeback, prevention and mitigation is your best option for protecting your revenue and keeping a low fraud-to-sales ratio.

Additionally, if you are enrolled in a monitoring program, Visa and American Express will no longer send the standard fraud codes. Instead, chargebacks will be sent with a specific code indicating program enrollment.

For example, the typical dispute reason code for Visa is 10.4. But once you are in a monitoring program, that reason code is 10.5.

The following are the various card brands’ fraud reason codes:

NOTE: If you receive one of the above chargeback reason codes and aren’t aware of being in a fraud monitoring program, contact your payment processor or acquirer immediately for a copy of your violation letter.

Best Practices to Prevent Fraud

Prioritize fraud prevention by learning and implementing best practices, strategies, and tools that reduce the likelihood of fraud taking place. That way you can avoid monitoring programs altogether.

Keep in mind, too, that you are automatically liable for the above reason codes for one year or within the timeline outlined in your violation letter.

Use identity verification tools

Your processor offers various identity verification tools that can help you maintain a low fraud ratio.

These identity verification tools help to verify a cardholder’s identity during a card-not-present transaction. These tools compare information provided during checkout to the information on file with the card issuer.

If the information provided matches what’s on file with the issuer, there’s a strong probability the shopper is actually the cardholder. A mismatch could indicate unauthorized activity.

If you haven’t already, contact your payment processor to add the following tools to your fraud management strategy:

  • Address Verification Service (AVS) compares a cardholder’s billing address at the time of checkout to the billing address on file with the issuer. Based on the information provided, the service returns a response code that indicates if a transaction should be approved or declined.
  • Card Security Code (CVC2, CVV2, CID) requires a shopper to input the three- or four-digit code printed on the payment card during checkout. This code is sent to the issuer for review. Mismatched card security codes can indicate that the shopper doesn’t have the physical card and may be using stolen cardholder information to conduct a fraudulent transaction.

Understand the red flags for fraud.

Fraudsters typically follow similar patterns when conducting unauthorized transactions. Recognizing these red flags can help you avoid a hit to your fraud-to-sales ratio. Look for transactions that represent a high risk to your business, such as:

  • Shopping for the first time
  • Buying high-priced merchandise
  • Placing larger-than-normal orders or buying multiple copies of the same item
  • Using the same shipping address for different orders, or making multiple purchases with the same card but shipping to different addresses
  • Using multiple payment cards to complete a single order
  • Re-trying an order with a smaller amount after a first attempt is declined
  • Choosing express shipping
  • Shipping to a freight forwarding service
  • Shopping from an IP address that doesn’t match the shipping or billing location
  • Using obviously fake information
  • Using an email address that doesn’t match the shopper’s name
  • Receiving an approval after multiple declines

It can be difficult to detect these warning signs and know how to respond. If you’d like easier and more accurate fraud detection with instant decisioning, consider using fraud detection technology. We recommend you check out our partner, Kount. Kount offers the industry’s best fraud detection and prevention software.

Develop a holistic risk management strategy.

The decisions you make and the tools you implement can have significant impacts on your fraud-to-sales ratio. The reality is you can’t just use one solution to address fraud — you need to use a variety of tools and resources to make sure you’re fully covered.

Create a multi-layer strategy with different tools and techniques that compliment each other. That way, when there is a shortcoming in one area, other layers are in place to cover any gaps.

Visa’s CE 3.0 initiative

Under Visa’s new CE 3.0 initiative, if you provide compelling evidence that disproves a fraud claim, the impact to your fraud-to-sales ratio will be reversed.

This works by comparing past transaction data to the disputed transaction. If there is a data match (such as IP address and device fingerprint) between at least two previously undisputed transactions and the current dispute, the fraud case is overturned.

Rapid Dispute Resolution

Rapid dispute resolution (RDR) is a chargeback prevention tool that resolves disputes by initiating refunds for certain disputed transactions.

This helps control and limit your chargeback-to-transaction ratio. However, it doesn’t protect your fraud ratio. Therefore, you’ll want to supplement this tool with something like Visa CE 3.0.

3D Secure 2.0

3D Secure 2.0 is an effective tool for combating chargebacks. Transactions that are fully authenticated with 3DS2 prevent issuers from initiating chargebacks for any resulting payment disputes.

However, fraud claims made against you still count against your fraud-to-sales ratio, so again, you’ll need to supplement this tool with another resource.

Chargeback insurance and guarantees

Chargeback insurance — also called a chargeback guarantee — reimburses you for certain fraud-related chargebacks. However, recovering revenue doesn’t reverse the damage done to your fraud ratio or chargeback ratio.

A better option is to focus on true fraud prevention. Not only will this have the biggest impact on risk overall, it’s also the most cost-effective.

Analyze your fraud data.

Figuring out why chargebacks are happening might seem impossible. But if you analyze your data, you can identify problems at their source and fix them before they escalate.

For example, data can uncover fraud schemes like card testing. It can also reveal countries that are high-risk for fraud or identify marketing sources that attract fraudsters.

Without data, you’re just guessing about the root cause of your fraud problems. Data gives you clarity — making it easier to stop fraud when it gets out of hand.

Use fraud detection technology.

Managing fraud is an essential part of growing a business. But it can also be a time-consuming, error-prone process if you use the wrong technique.

To get the best results in the most efficient way possible, you need to use technology. And our partner, Kount, can help.

Kount offers a complete approach to managing fraud — chargeback prevention, payment protection, identity verification, and fraud detection. Essentially, Kount does all the hard work for you so you don’t even have to worry about fraud, chargebacks, or monitoring programs.

If your fraud ratio is becoming a concern or you’ve recently been enrolled in a monitoring program, reach out to their team of experts. They’ll help you create a strategy with both quick wins and long-term protection so you can have complete confidence now and in the future.

Ready to Start Preventing
& Fighting
Chargebacks?

analytics-imac

Set up your
demo experience.

analytics-imac@2x analytics-imac

Sign up for
news & updates.

©2023, Equifax Inc., All rights reserved. Equifax and the Equifax marks used herin are trademarks of Equifax Inc. Midigator is a trademark of Equifax Inc. Other product and company names mentioned herin are the property of their respective owners.

Top