The credit card business appeared early and quickly improved in the United States, and its payment methods are also very popular. According to data from the American Credit Bureau, as of the end of 2021, there were more than 250 million credit card users in the United States, of which more than 80% of adults held at least one credit card, and the market size of the credit card industry was approximately US$3.5 trillion. . With nearly half of the global credit card market share, it is the world's largest credit card market.
With the popularity of e-commerce services, signal card cardless transactions have gradually become mainstream. Consumers only need to provide a few simple information such as card number, validity period and CVV to complete the payment without password verification. This payment method improves the success rate of order transactions, but it also increases the risk of malicious chargebacks. Criminals are increasingly targeting online merchants to make fraudulent purchases out of money. In addition to financial losses due to chargebacks, merchants also experience a loss of consumer trust and a negative impact on their brands.
Types of U.S. Credit Card Online Transaction Fraud
Credit card fraud is the unauthorized use of a credit card account to obtain money, products or services, including by stealing the physical card, stealing electronic credit card information through a card reading device or malware, or purchasing credit card information on the dark web. In 2021, the Federal Trade Commission handled nearly 3.9 million credit card fraud reports, according to Bankrate. Due to the rapid growth of e-commerce, the shift of consumers to online shopping behavior and the rapid development of technology, online transactions have become increasingly vulnerable to credit card fraud.
E-commerce merchants face a wide variety of credit card fraud methods, among which five types of credit card fraud methods are the most common, including stolen card transactions, card testing, malicious chargebacks, fake identities, and phishing.
Stolen card fraud : After a fraudster purchases goods, he or she uses stolen card information to pay. When the owner discovers that his or her card has been stolen, he or she will call the bank to reverse the transaction and charge back the transaction. At this time, the merchant has sent the goods to the buyer, thus facing the situation of losing both money and goods.
Card test fraud : Bank card test fraud refers to a fraud method in which fraudsters "test" a stolen bank card to see if it is valid. Card test fraud occurs when a fraudster illegally obtains a credit card number and first attempts to use each card number to make a small purchase to confirm the validity and limit of the card. Valid cards can then be sold on shady websites at higher prices or used for large consumer purchases.
Malicious chargeback fraud, also known as "friendly" fraud/first-party fraud : Malicious chargebacks occur when consumers purchase goods on an e-commerce website but initiate a refund after receiving the goods. Fraudsters will return items to merchants as broken, damaged or partially returned items, or request refunds using false excuses such as not receiving the goods or not matching the goods. What's more serious is that some fraudulent users deliberately abuse credit card policies and try to engage in "refund fraud" to obtain free goods, and the funds purchased for the goods will be refunded to the credit card. Since such transactions are usually initiated by users themselves, they are relatively difficult to monitor and avoid. In addition, fraudsters sometimes work as "professional refunders" to make money by filing refunds, and fraudsters often return different items or counterfeit items that are different from the item purchased.
Impersonation fraud : A fraudster gains access to a consumer's account and takes control of the account. They then impersonate the victim, change their mailing address, and request a replacement credit card. Fraudsters use temporary addresses and false information to obtain new credit cards,
Phishing fraud : Fraudsters may directly use payment information saved in a consumer's account or create a legitimate-looking website to steal consumers' payment information. For example, pretending to be a card-issuing bank or financial institution or retailer, defrauding users of their account information by notifying users that personal information is required for credit card verification (such as passwords and security codes) or sending discounts, free gifts, etc. For merchants, this type of fraud will cause "consumers to apply for a chargeback after discovering that their accounts have been stolen", resulting in economic losses for the merchants.
Challenges of credit card online payments
As digital transactions and payment methods continue to grow, people enjoy a more convenient shopping experience, and online transactions become more diverse. However, it is precisely because credit card networks like Mastercard and Visa have "exemption policies" that consumers generally do not need to bear losses when they encounter fraud, which provides fraudsters with more convenience.
Although credit cards use smart card technology to enhance security in physical store transactions, there are still certain security risks in online transactions. Because scammers can quickly make purchases and obtain items, most consumers don't realize their credit card accounts have been compromised until they notice unauthorized charges.
This situation is particularly prominent on online platforms for credit card payments. Unlike physical store transactions, it is difficult to detect fraud in online transactions in a timely manner. Malicious users can use other people's credit card information to make purchases, and the seller only discovers the problem after the transaction is completed, causing the merchant to suffer financial losses.
In addition, credit card networks’ “disclaimer policies” also give fraudsters more opportunities. When consumers discover that their credit cards have been compromised, they can promptly contact their bank to request a chargeback, often without having to pay a fee. While such policies protect consumers, they also provide fraudsters with the opportunity to evade capture and accountability.
Ensure the security of credit card online transactions
Faced with the insufficient security of credit card online payments, merchants need to strengthen preventive measures to protect the interests of merchants and consumers. Taking more stringent identity verification measures, such as two-factor authentication and the use of three-dimensional security codes, can effectively reduce the occurrence of fraudulent transactions. In addition, establishing a more intelligent and sensitive fraud detection system can promptly monitor and detect abnormal transaction behaviors, thereby reducing losses caused by fraud. For consumers, they should enhance their security awareness, check their credit card bills regularly, and discover and report abnormalities in a timely manner. At the same time, credit card networks and related institutions should also strengthen supervision and cooperation to jointly promote the improvement of payment security.
Enhance transaction security
Improve payment security, reduce the risk of malicious transactions, and create a safer and more reliable payment environment for users and merchants.
(1) Adhere to payment transaction security standards. Need to ensure that default passwords are changed on all devices and that cardholder data is encrypted. Also, establish an effective firewall between the Internet and the systems used to store data, creating unique identifiers for users processing credit card data.
(2) Use the Credit Card Verification Value (CVV). CVV is the three- or four-digit security code printed on your credit card. The payment processing system automatically verifies these numbers and confirms or denies the user's transaction request based on the user's validity to ensure the user's legitimacy.
(3) Use 3DS verification service. 3DS verification service is a network security certification service launched by international card issuing organizations such as Visa, MasterCard, JCB, etc. Before making online purchases with a credit card, users need to enter a preset password to ensure that the cardholder himself is conducting the online transaction.
Strengthen abnormal transaction identification
The following measures can effectively identify abnormal orders that may be risky, and take necessary verification methods to protect the rights and interests of merchants and consumers.
(1) Pay attention to the consistency of the billing address and the shipping address. If the billing address and shipping address are different, this could be a red flag for an unusual order. In this case, we may require the purchaser to provide a credit card statement, a copy of the corresponding cardholder's driver's license, a telephone number and other identification, or conduct a telephone verification to confirm the purchaser's identity.
(2) Be wary of multiple orders placed by the same person using different cards. If you find the same person placing multiple orders via different credit cards, this could also be a risk flag for unusual orders. We may ask the purchaser to provide additional identification or conduct a telephone check to verify the purchaser's identity.
(3) Pay attention to the purchasing behavior of sudden increase in order quantity. If the number of orders suddenly increases significantly, this may also be a risk signal of abnormal orders. In this case, we may ask the purchaser to provide additional proof of identity or conduct a telephone verification to ensure the authenticity of the purchaser's identity.
(4) Purchase behavior that pays attention to sudden changes in consumption amount. If you find that the consumption amount is small and suddenly becomes huge, this may be a risk signal of an abnormal order. We may require the purchaser to provide further proof of identity, such as a credit card statement, a copy of the cardholder's driver's license, and conduct telephone checks to verify the purchaser's identity.
(5) Pay attention to buyers who urge shipment. If the buyer repeatedly urges the merchant to ship the goods as soon as possible after purchasing, this may also be a risk signal for abnormal orders. In this case, we may require the purchaser to provide additional proof of identity or conduct a telephone verification to ensure the authenticity of the purchaser's identity.
(6) Pay attention to buyers whose credit card and shipping address are different. If the buyer uses a domestic card but the delivery address is in another country, this may be a risk signal for an unusual order. We may verify the identity of the purchaser by requesting additional proof of identity or conducting a telephone verification.
(7) Pay attention to the transaction behavior of multiple cards under the same IP address. If multiple different credit cards are found performing transactions under the same IP address, this may also be a risk signal for abnormal orders. We may ask the purchaser to provide additional proof of identity or conduct a telephone verification to ensure the authenticity of the purchaser's identity.
Identify extortion with anti-fraud technology
Through anti-fraud technology that proactively monitors transaction activities in real time, we proactively prevent and block theft, reduce business risks, reduce fraud costs, and protect the reputation of corporate brands.
(1) Use tools such as external mobile phone number risk scoring, IP risk database, and agent email detection to promptly detect malicious fraudulent accounts . E-commerce companies can establish a blacklist of fraudsters to record fraudulent or malicious chargeback orders. Once we find the same purchase information, we can directly intercept the transaction.
(2) Detect whether the device fingerprint of the client or browser is legal and whether there are risks such as injection, hook, and simulator. Detect the presence of batch cheating software in time to protect the security of transactions.
(3) Detect and intercept abnormal behaviors such as frequent orders placed by the same device or user, a large number of accounts associated with the same device, and a large number of orders associated with the same delivery location. For accounts with abnormal behavior, we can mark them and add them to the corresponding list library for subsequent focused investigation.
(4) Model user order scenarios based on risk control data and business accumulation data. Through a risk control system that combines machine learning and rule-based guidance, we can explore potential risks and improve security levels.
With the help of Dingxiang Defense Cloud and Dingxiang Dinsight risk control engine, e-commerce companies can build a risk control system that combines machine learning and rule guidance, conduct multi-dimensional and in-depth analysis, create in-depth portraits of consumers, and perform big data matching. , accurately identify abnormal transactions. Based on the standards of the return and refund policy, we can gain insight into suspicious payments, assess fraud risks, and track and prevent fraud in a timely manner.