Most credit card fraud prevention features are designed for “card-present” (face-to-face) payment environments. But the shift toward EMV chips, to authenticate and secure transactions, has introduced something entirely new -- and sinister.
Now, fraudsters are turning their attention to “card-not-present” transactions (where card payments are made without a physical swipe of the card, such as for online payments) performed on online platforms or marketplaces.
When people fall victim to identity or card theft, they can request that their credit card provider (a.k.a., the issuing bank) work on their behalf to reverse the fraudulent charges. In the traditional online commerce model, with a buyer and a single seller, the issuing bank would typically hold the seller or “merchant” liable for any fraudulent charges made on the website.
However, in this newer state of ecommerce (e.g., crowdfunding sites, niche marketplaces and, particularly, business-tool providers), in which an online platform or marketplace combines many buyers and merchants, the specifics of the platform-merchant relationship will dictate who is exposed and liable.
There are also situations emerging on these newer online platforms where fraudsters operate as merchants (rather than simply buyers), with the aim of defrauding the platforms and quickly disappearing before the platform realizes what's happened. This leaves the platform on the hook for all fraudulent charges.
What can a platform owner do to gain protection against fraudsters? And when is the time to start doing it? Here are five tips to help prevent the surprise and sting of fraud losses for these platform and marketplace providers.
Fraud and loss come in different forms, such as chargebacks, merchant-identity fraud, buyer-identity fraud and merchant-credit risk. Attacks can also come from fraudsters who masquerade as legitimate buyers and sellers.
For example, collusion fraud is a real threat for crowdfunding platforms. In this case, a fraudster creates a merchant account with a fake identity for a fake campaign, then creates fake customers who donate to the merchant with stolen credit card numbers. The criminal then tries to pull out the money before the legitimate credit card holder ever sees or disputes the charges.
Awareness of these types of payment risks for you and your business is the first step in avoiding them.
Start with simple protections.
For starters, you can leverage traditional, time-tested tools to prevent fraud. For example, you can validate data provided by users with information maintained by large vendors like Experian, Equifax or Lexis-Nexis. These services can also help to check a user’s business credit and history, to further assess his or her legitimacy.
Verify with social data.
While there are many advanced fraud protection tools out there , all tools can be enhanced and complemented by social data verification. With much of the world on social media platforms like Facebook and LinkedIn, there’s a lot of available information that could be mined to validate someone’s identity. It may be easy for a fraudster to set up a new social media profile, but it would be difficult to create one with a long history that also matches the name and email address they wish to fraudulently use.
Trust your instincts.
We’ve seen an old scam re-emerge on online business platforms whereby a fraudster posing as a potential client approaches a small business via email regarding a sizable project. The fraudster suggests a deal in which he (or she) will pay for the project in advance.This includes an extra amount the criminal wants the small business to pay out to a third-party subcontractor (e.g.,you're asked to build the fraudster's website for $10,000; so he seeks to pay you "$15,000" after which you'll pay $5,000 to his “photographer.").
The fraudster will say this approach is needed because he is limited in how many payments he can make. In reality, he's operating with a stolen credit card and trying to get you to send $5,000 to his bank before you realize that original $15,000 is fraudulent. Victims of this scam have often said that the project sounded too good to be true.
When it seems too good to be true, it probably is. It’s safer to meet or speak with a prospective client before agreeing to any work. Be cautious if you find that someone wants to work with you from far away -- when he or she could probably work with many others much closer to that location. And of course, be wary of any outreach that asks for money and/or personal information.
Fraud is highly non-linear, making it inconsistent and unpredictable. Your business may experience zero fraud for weeks and then a sudden spike in fraudulent activity could overwhelm you before you can react. For this reason, you’ll want to consistently monitor activity with the right tools even if the immediate threat isn’t apparent.
The most important takeaway is to avoid the element of surprise when it comes to fraud. If you’re not on top of it, fraudulent activity can take time away from your normal business activities and can negatively affect profits, employee morale and your business’s reputation.
We recommend that all businesses plan for fraud risks. For online platform providers, we believe that it’s even more crucial for them to ensure that their platforms remain a safe place to conduct business.