You know that battling fraud is important for your business, but why does it have to be so complicated? How are you supposed to protect your business when you can’t speak the language?
The first step to effective fraud management is understanding the basic terminology. The following definitions explain common fraud terms, so that you can push aside the confusion and keep fraudsters at bay.
Address Verification Services (AVS)
A process that matches the address provided by a customer to the address on record with the credit card provider; it is supported by the major credit card companies, like Visa and MasterCard.
In practice: The payment form on your website will asks customers to enter their address to verify that it is the same address that is on file with their credit card company.
Card Verification Value (CVV)
A 3- or 4-digit number that appears on the physical credit card; it is used as a security feature to confirm that a customer has the physical card on them, and not just access to the credit card number.
In practice: Most payment forms require customers to enter their credit card’s CVV, in addition to their credit card number, before completing a purchase.
A form of fraud that involves testing a large number of illegally obtained credit cards via automated scripts to find the one that works.
In practice: Front-end carding happens at your checkout. A fraudster tries to purchase something from your store and runs through a number of credit cards for the same purchase until one works.
The forced reversal of a payment made to a business by a customer using a credit card. While chargebacks are decided by the customer, fraud management tools can help businesses cover their bases and avoid chargebacks based on fraud. There are different kinds of chargebacks, including:
- Merchant error, which occurs when a business accidentally over charges a customer, initiates unwanted recurring payments, or makes other customer service errors.
- Unauthorized card use, which involves fraud. This occurs when individuals purchase products or services using stolen card information, and the actual card owner files a chargeback for the transaction.
- Friendly fraud, which occurs when a customer falsely claims a transaction was fraudulent to avoid paying for a product or service.
The process of ensuring customers are who they say they are when making a purchase.
In practice: A basic, yet powerful validation tool is AVS, as outlined above.
Using a code to convert sensitive data into a format that is unintelligible to anyone who is not authorized to decode the data.
In practice: Obscuring the characters of an online banking password so that it can only be read/understood by the intended bank.
The use of strategies and tools to minimize the risk of fraud.
In practice: You can incorporate customer validation (verifying the identity of customers) or encryption (using code to protect sensitive data) to mitigate fraudulent behaviour.
aka. fraud minimization, fraud prevention
Validating a hash value, or a number generated using an encoded string of text that’s designed to keep payment transactions secure and prevent unauthorized modifications to a business’ payment form link.
In practice: Any transaction requests sent through an API without a valid hash value or the appropriate passcode is rejected by a hash validation-enabled system. They won’t show in your transaction report either since they are blocked completely.
The process of ensuring that a payment received by a business is legitimate and not fraudulent.
In practice: You can request the CVV to confirm that a customer has the physical card. More advanced methods include services like eIDCompare, which provide real-time validation of customers’ payment and shipping information with Equifax at the point of checkout.
aka. payment validation, payment verification
A certification of adherence to the Payment Card Industry Data Security Standard (PCI DSS) that all businesses need to meet when accepting any card transactions. To become compliant businesses must meet a set of 12 basic requirements that are designed to make sure merchants keep online processing risks.
In practice: All businesses that process, store, or transmit credit card information must meet the PCI standards created by Amex, Discover, MasterCard, and Visa. This includes having a PCI–compliant payment host.
A predetermined level of risk based on various factors; if a transaction has a risk score above this level, it is not approved to proceed.
In practice: A high risk score may be attributed to transactions originating from a different continent or IP address.
aka. risk limit
A way to encrypt sensitive data to keep it safe and protected against hackers. An ideal tokenization service will encrypt any piece of data into a non-sensitive equivalent, referred to as a “token”, which is stored on PCI Level 1–certified servers.
In practice: Converting the name, address, and credit card number that make up a customer profile into a single token, which you can then send to a payment provider when they make a repeat purchase.
Using filters based on specified criteria to decide which transactions are approved or not approved.
In practice: Considering the geographic location or specific IP address when deciding whether to treat a transaction as legitimate.
aka. transaction monitoring, real-time payment screening
This is a security feature that authenticates that the customer is actually the card holder. This is a win for merchants because it allows for them to pass off the liability onto the credit card company.
In practice: Authorizing payments on a form such as Visa Checkout, MasterPass, or Amex SafeKey, where customers are asked to enter the password registered with their credit card company before the transaction can be completed.
Take an Informed Approach to Managing Fraud
Fraudsters are using increasingly sophisticated methods to carry out their crimes. To stay one step ahead, fraud management requires powerful, complex tools.
For business owners, understanding the basics of the strategies and tools for fighting fraud is the first step. What’s even more important is to work with a trusted partner who has the expertise to keep your payments safe and secure.
Now that you’ve run through the basics with the definitions above, discover how Bambora can protect your business with top-of-the-line fraud management and authentication tools, so that you can focus on your business and your customers.