How Payment Gateways Can Detect and Prevent Online Fraud

~ 6 min read | March 9

When you have just started out your business, you wouldn’t consider online fraud as a problem when you process ten transactions a day. However, as you scale to five hundred transactions and start accepting credit card payments, throwing caution to the wind will prove to be very expensive. Statista states that in 2018, US merchants lost an estimate of $6.4 billion dollars in payment card fraud loss. Small businesses especially, have suffered the most in cases of fraud, an estimate of $155,000 a year.

Credit card processors offer merchants basic security measures to reduce credit card fraud. Some merchants like PayPal do not provide seller protection especially in the sale of digital goods or services. Before you decide which payment gateway to use, find out how your business will be protected in case of fraud transactions.

With the digital economy evolving rapidly, businesses of all sizes need to re-evaluate their position and tools when it comes to fraud management. Employing techniques that have been deemed most effective when it comes tackling card payment fraud and minimising losses due to it.

Image Source: CyberSource

Let’s look at a few effectual ways payment gateways should imbibe to reduce online fraud-related losses:

Address Verification Service (AVS)
AVS is an effective security measure to detect online fraud. When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card issuing bank has on file. Part of a card-not-present (CNP) transaction, the payment gateway can send a request for user verification to the issuing bank.
The AVS responds with a code that would help the merchant understand if the transaction is has a full AVS match. If they don’t match, more investigation should be carried out by checking the CVV (Card Verification Value), email address, IP address on the transaction or allow your payment gateway to decline the transaction.

Card Verification Value (CVV)
The CVV (or Card Verification Code ) is the 3 or 4-digit code that is on every credit card. The code should never be stored on the merchant’s database. A CVV filter acts as an added security measure, allowing only the cardholder to use the card since it is available only on the printed card. If an order is placed on your website and the CVV does not match, you should allow your payment gateway to decline the transaction.  While making a card-not-present transaction (online, email or telephone orders), merchant gets the required card information from the customer to verify the transaction. Friendly fraud, is a risk associated with CNP transactions, that can lead to a chargeback. Enabling a CVV filter helps merchants fight fraud and reduce chargebacks.  

Device Identification
Device identification analysis the computer rather than the person who is visiting your website. It profiles the operating system, internet connection and browser to gauge if the online transaction has to be approved, flagged or declined. All devices (phones, computers, tablets, etc) have a unique device fingerprint, similar to the fingerprints of people, that helps identify fraudulent patterns and assess risk if any.
Companies like ThreatMatrix, monitor the device ID, using it as a reference point to see if other people have flagged it as a suspicious or fraudulent activity. Fraudsters cannot impersonate a computer’s unique identity, making it a viable option for protecting your business against online fraud.

Flag Large Transactions
With stolen card information, fraudsters will take a shot at making large transactions before the card is blocked. This would be deleterious to your business (big or small) where you will have to bear the cost of allowing a fraudulent transaction to take place. It can also lead to a payment processor terminating your processing account, and your business would take a big hit.
You can limit the number of large transactions by specifying a flat dollar amount, which is an essential step towards avoiding chargebacks. In addition to this, you can limit the number of failed transactions that go through the payment gateway.

Payer Authentication (3-D Secure)
Payer authentication, also called Verified by Visa (VeB) and MasterCard SecureCode, is a cardholder authentication measure that secures online transactions for customers. This method allows cardholders to create a PIN (secure code) that can be used during checkout to confirm the user’s identity. By implementing this, merchants are provided chargeback protection and lower interchange rates.
This is one of the most sought-after fraud prevention tools that businesses undertake that also looks after their interests

High-Risk Countries
If you are shipping items overseas, you need to exercise greater restriction for such orders. Pay more attention to orders made from countries considered to be “high-risk”. Customers in these countries have to call the company to verify their identities before their transactions are processed.
According to the Online Fraud Guide, some of the countries with the highest online fraud rates are Israel, Malaysia, Egypt, Pakistan, Ukraine, Russia, Bulgaria, Romania, Lithuania, Nigeria and Yugoslavia.

Lockout Mechanisms

The lockout mechanism is a type of fraud prevention system meant to deter fraudsters who use automatic card number generator programs. These programs circulate in underground fraud forums and can generate hundreds of “valid” credit card numbers. The fraudster will typically try hundreds of numbers on your website until he finds some that are valid and will then charge the accounts to their limits.
To prevent this fraud, merchants can:

  • Lockout transactions from a particular IP with a large number of credit cards declined within a set time.
  • Disable transactions that fail the AVS test (since the fraudster will not have the account’s address).                                     

When you detect such actions, you should to immediately prevent orders from the originating address.

Risk Scoring
Risk scoring tools are based on statistical models designed to recognize fraudulent transactions based on a number of rules. When a payment is done on your website, the tools will indicate the probability of the transaction being fraudulent. A higher probability of a transaction being fraudulent indicates that you should verify the order.
Risk scoring tools provide a case by case evaluation and will flag transactions based on the rules you choose such as AVS failure test, IP range, use of anonymous emails, billing address and others.


John Solomon

Marketing Leader / Sales Enabler. Head of India Operations for @Infrascale / @sosonlinebackup.