With the variety of online payment options continuing to grow, you have an increasing number of considerations when choosing which to offer in your cart. While you need payment methods that are convenient, reliable and widely used by your customers, you should also be keenly aware of the vulnerabilities of each as well as the options available to mitigate your risk as a merchant from fraud and, occasionally, human error. Both can result in costly refunds, chargebacks or having funds withheld which can have a significant impact on your revenue.
While all payments methods have measures to mitigate the risk, it can be hard to know what level of protection your customers and, by extension, you have with each particular method and what you might be liable for as an online merchant.
Credit and debit cards continue to reign as the most preferred payment method for US online shoppers with 76% using credit cards and 50% using debit cards to make internet purchases. Unfortunately, their popularity with consumers has also made them a popular payment method with which to commit fraud. In 2014, over $16 billion was stolen from 12.7 million U.S. consumers and 45% of this was through online transactions.
However, with EMV, or “chip,” technology expected to be fully implemented in the U.S. by October 2015, fraudsters are expected to increasingly rely on online purchases. This is what happened in Canada, Australia and the UK after the integration of EMV with card-not-present fraud increasing 79%.
Unfortunately for online merchants, when fraud does occur, the consequences almost always fall on them. In fact, under the United States’ Fair Credit Billing Act (FCBA), the most a credit card holder can be liable for in the case of a stolen credit card or unauthorized card use is $50. And if the card is not present during the transaction, like during online purchases, that number drops to $0. Once a fraudulent transaction has been detected, the credit card issuer refunds the cardholder with the cost of any fraudulent transactions passed on to the merchant. In 2013, merchants lost an average of .68% of their revenue this way, with each dollar of fraud costing them $3.08 in total.
Merchants can also be the victim of “friendly fraud,” which accounts for 30-50% of all chargebacks. This happens when individuals claim the charge for a product was not authorized and have their credit card issuer charge back the price leaving merchants with lost inventory, shipping costs and chargeback fees. Merchants also face the possibility of having their accounts shutdown by Visa or MasterCard if more than 1% of their charges are reversed. This can obviously be devastating to merchants who sell most of their products in countries where credit cards are the most widely used payment method.
The good news though is that there are a number of tools provided by companies such as Visa, MasterCard, American Express, Diners Club and Discover to help clients and merchants mitigate fraudulent transactions, including friendly fraud. Visa offers address verification services to allow merchants to further validate a cardholder’s ownership in real-time during an online transaction using Verified by Visa. Similarly, MasterCard offers a service called SecureCode which requires an additional password from shoppers to complete an online purchase. These security measures are only some of the proactive approaches credit card companies are offering to help merchants ensure online purchases are authentic.
Second to credit and debit, PayPal has surpassed all other US online payment methods in popularity. In addition to its convenience, this may be partially attributed to the company’s guarantee against fraud. Their industry-leading data encryption and fraud fighting specialists help online merchants detect fraudulent transactions before they are able to impact business. Additionally, patent-pending bank account verification and a second-level of authentication make this payment option extremely hard for fraudsters to take advantage of.
However, when refunds and chargebacks do occur, PayPal’s fraud guarantee has historically sided with customers, leaving online retailers more susceptible to friendly fraud than with credit or debit cards. There have been multiple instances in which the company has frozen merchant accounts or refunded legitimate orders after they have been shipped.
To further complicate matters, the absence of any federal banking regulations within PayPal’s business model leaves the company capable of freezing merchant accounts and funds for any length of time, without having to seek any permission or approval.
EWallets, digital currencies and buy-now-pay-later credit providers are among the many payment options that fall under the umbrella of ‘alternative payments.’ Each have their own advantages and drawbacks when it comes to fraud.
While they do offer heavy encryption, eWallets don’t often come with fraud insurance like credit cards and PayPal. Therefore, consumers are more likely to be personally liable for fraudulent transactions. At the same time though, merchants are at less risk for friendly fraud and chargebacks.
In addition to eWallets, digital currencies like Bitcoin have emerged as payment alternatives, featuring better security but fewer safeguards. As a decentralized medium of exchange, there is no mechanism to force a chargeback once payment is made. Therefore, the advantages for merchants include the elimination of the risk of chargebacks in addition to lower transaction fees. However, these mediums of exchange have shown some vulnerability to theft and human error, in which case there is then no way to get your money back.
With online buy-now-pay-later payment methods, merchants receive payments whether or not the customer pays off their account. Therefore, the risk is mostly borne by the credit issuer. Additionally, these payment alternatives minimize fraud with additional credit checks, password protection and authorization measures before the customer has an account.
While every payment method has vulnerabilities as well as fraud prevention techniques, avoiding fraud is ultimately in the hands of the online merchant. You must stay on top of the latest fraud prevention technology and be wary of transactions that could be deemed suspicious. This means being cautious of expensive purchases or large quantities of the same item. You should also ensure all authorization safeguards are followed for express orders and watch for customers who make purchases using multiple cards or payment methods. Ways to safeguard against fraud include billing address verification, IP address verification and requiring a security code for purchases.
It can also be beneficial to take advantage of mitigation applications like Accertify and ThreatMetrix, which help to identify threats, examine users’ identities and activity, generate reports and manage chargebacks.
With technology continually changing how we shop and pay for products, so too will payment security and fraud evolve. While protections have come a long way, billions of dollars worth of goods continue to be bought every year through fraudulent means and merchants are most often on the hook for the cost. With commerce increasingly moving online, alternative payments may provide a way to better mitigate online fraud and costly chargebacks in the future. But until they become the dominant payment methods for online shoppers globally and they figure out how to offset their own vulnerabilities, merchants must continue to protect themselves as best they can with the tools available from all payment methods.