In 2016, €41 billion was spent on debit and credit cards issued in Ireland. A total of €13.2 billion or 32% of this was spent online. With the internet providing consumers with a particularly convenient way to shop, greater selection and ease of price comparison, this figure is likely to continue growing, writes Erica McKinney, Financial Crime and Security, Banking & Payments Federation Ireland.
Overall, fraud on card payments is relatively low – amounting to under €30 million or 8 cent in every €100 in 2015. However, notably, circa 70% of this fraud occurred in a ‘card not present environment’, i.e. when the card was being used remotely for internet, phone or mail order shopping. While the internet provides consumers with a convenient way to shop, it also provides criminals with a lower risk way to attempt card fraud.
Remote payment
Retailers are posed with a challenge: for most businesses, offering a remote payment or e-commerce option is now essential but without the card and cardholder present, how does the retailer know the transaction is genuine? If a transaction is fraudulent, the retailer can have a double loss – the loss of the goods sold and of the payment amount. It is important that retailers who accept cards remotely familiarise themselves with the risks involved and with measures by which they can mitigate these risks. Before offering customers the option to pay by internet, mail or phone, it is essential to have the correct agreement in place with your card processor or acquirer, who will also advise on specific card not present risks and on tools and techniques which can be utilised when selling remotely, to build up a profile of the customer, authenticate the cardholder and ensure payment is received securely.
A more secure environment
One such tool, which creates a more secure environment and helps retailers to minimise online fraud losses, is 3D Secure. Recent advances in the implementation of 3D Secure provide for an improved cardholder and retailer experience which is seamless to the cardholder in many cases. Ensuring that your payment application is secure and meets Payment Card Industry Data Security Standards (PCI DSS) is also important. The following are some other steps retailers can take to protect against online fraud.
1. Always check the credentials of new customers, particularly if placing a high value first order or making multiple orders in a short timeframe.
2. Be particularly careful if the goods purchased are of a high value and easily re-saleable as this makes them more likely targets for fraudsters.
3. Be wary of unusually large or high value orders or orders that are being delivered to countries you would not normally do business with.
4. Obtain a landline number where possible because mobile numbers may not be verifiable.
5. Be cautious of rush orders, rush collections or last minute changes in delivery address. Criminals often create a time pressure so that you do not have time to carry out normal checks.
6. Check records of previous orders for anomalies or suspicious trends. Watch out for the same card number being used with different delivery addresses, the same delivery address/contact number being used with different card numbers or orders that don’t make sense e.g., much larger or more frequent orders than you would typically expect.
7. Check the delivery address is valid. The electoral register can be helpful in this regard for personal customers and business directories for business customers. Deliveries to PO boxes should be avoided.
8. If a purchaser calls to collect the goods in person, ask to see the card that was used in the purchase. Collections by taxi, courier or other third parties are not recommended.
Finally, ensure all staff, including those on temporary or parttime cover are familiar with what to watch out for.
You can find more information including downloadable training documents on the following links:
www.bpfi.ie/customer-assist/businesscustomers/reduce-card-not-present-risk/; and
www.bpfi.ie/customer-assist/business-customers/fraud-prevention-publications/
