Contact us


Merchant Guide to Holiday Fraud Schemes: Tis the season to earn money

As with previous years, holiday shopping season started as early as September, reaching its peak throughout November and December. It is a great opportunity for merchants to add extra revenue to their stream at the end of the year. However, this year's holiday shopping frenzy comes with a new set of circumstances; the inflation will potentially put a break on consumer spending, and consumers are becoming more and more cautious about their online shopping habits. And for good reasons!

However, customers are not the only target. Holiday season fraud resulting in post-holiday chargebacks can do some serious damage to online merchants as well. Find out how you can protect your revenue during the busiest eCommerce time of the year.

Beware of these 5 holiday fraud schemes

Holiday fraud is masked with many faces. Ranging from honest customers filing for chargeback due to legitimate fraud to experienced chargeback exploiters – holiday fraud is hard to detect and, at times, tricky to handle. Irregular patterns caused by increased online shopping during the holiday season can result in fraud detection tools to overlook malicious instances. To better understand the complexity of handling holiday fraud, let's go through today's most common holiday fraud schemes.

1. Card not present fraud (CNP) holiday fraud

For online merchants, every transaction is a CNP transaction. This makes it hard to validate the rightful owner of the credit card if appropriate online payments security measures are not in place. Also, with hacking forums leaking credit card information, it's becoming fairly easy for inexperienced fraudsters to participate in holiday fraud schemes. A single instance of a credit card numbers leak revealed 1.2 million stolen credit cards for free.

To combat CNP fraud all year round, make sure to implement an online payments security solution with automated fraud protection. Participating in the 3D Secure scheme enables you to shift the liability to the issuing institution in case of proven fraud. Also, the advanced authentication methods, as well as the SCA requirement, make it hard for the fraudster to finalize a purchase using only the stolen credit card information available on the dark web.

2. Friendly fraud

Friendly fraud comes in two particular scenarios. The first scenario, a very popular one during the holiday season, involves an experienced fraudster demanding chargeback under the claim that they never made an order or the order never arrived. Of course, the fraudster's main goal is to receive both their money back as well as keeping the received goods.

The second variant of friendly fraud happens due to poor communication, usually between family members and cardholders sharing the same credit card. Upon going through their bank statement, a cardholder might file a chargeback for an order they don't recognize – while the other family member is waiting for their package to arrive.

Although not all friendly fraud is directed at hurting your business, costs related to shipping, packaging, and incoming chargebacks are affecting your bottom line. Make sure that the name of your business is recognizable on the bank's credit card statements. Also, be clear about your refund policies and make sure that they're easily available on your online store. The last piece of advice is to have great customer service in place, familiar with this type of fraud, as it can be easily resolved through clear communication.

3. BNPL (Buy-Now-Pay-Later) Holiday fraud

The Buy-Now-Pay-Later option allows customers to purchase orders that are outside their budget by prolonging their payment to the following month or payment term. It is a convenient way for shoppers to manage increased spending during the holidays. However, as BNPL option requires users to sign to a third-party BNPL provider, fraudsters are leveraging account takeover fraud to gain access to BNPL accounts.

The most common signs to look out for are multiple transactions happening in a suspiciously short amount of time, logging in from a different device/location, and shipping address changes. That being said, make sure to give context to all of the signals listed above. Declining a false negative can also hurt your business; as 20% of customers state that they would never repeat a purchase after a merchant declined their credit card.

4. Chargeback fraud

Chargeback fraud is the malicious version of friendly fraud – the one where the customer keeps the received goods while demanding a refund. The cost of chargeback fraud does not only include the cost of stolen goods and a refund. You're looking at shipping and packaging costs, as well as chergeback fees related to disputing the chargeback. To make things even more complex, if credit card processors decide that you, as a merchant, are dealing with too many chargebacks, they're allowed to raise your transaction fees.

The solution to chargeback fraud is investing in a reliable chargeback solution that provides you both with automated fraud protection as well as a liability shift guarantee in case of a chargeback.

5. Account Takeover Fraud (ATO) during the holiday season

Last but not least, account takeover fraud. As an online merchant, you know that setting up user accounts for your online store brings numerous benefits. One of them being a free marketing channel that reminds your customers of your business. However, fraudsters see those accounts as pools of saved credit card information ready to be exploited.

Same as credit card number leaks, we have user credentials leaks available on hacking sites and the dark web. With a long list of stolen usernames and passwords, fraudsters can easily create automated scripts and simply wait for the right hit on the right online service. Upon accessing an account, what usually follows is the change of the account's personal information, primarily email and address. The one thing that would definitely stay intact is the saved credit card information. And the rest of their process is obvious – making illicit purchases from the victim's account or stealing the credit card information to commit further fraud.

Some of the best practices to battle account takeover fraud are the following:

  • Be wary of accounts that logged in from a different location or with a different device.
  • Limit the number of login attempts and lock the account if the number is exceeded.
  • Educate your staff about phishing scams and other schemes hacker use to compromise accounts.
  • Detect and block IP addresses connected to supporting automated hacking bots.
  • Have a password change policy in place.
  • Invest in a fraud protection solution that safeguards your business and your customers' accounts.

Signs of holiday fraud to look out for

In addition to investing in a reliable fraud monitoring solution, today's online merchant needs to be aware of the most common fraud indicators. Having the ability to detect fraud early on enables you to take immediate action, thus preventing the incoming chargebacks. Although manual review ends up being time-consuming, it can reveal fraud that is not registered among known patterns. This can improve your overall fraud monitoring solution.

Multiple small orders using different credit cards

These tend to get under the radar, but they're usually a sign of card testing. When an inexperienced fraudster gains access to a list of stolen credit card numbers, they usually make the mistake of testing them from a single account.

Repetitive CVV errors

The stolen credit card lists can also come without some key information, such as the CVV code. This results in multiple guessing attempts, revealing clear evidence that the purchase is not being made by the rightful cardholder.

Not responding to confirmation emails

If a confirmation email for an order is left unread or the shopper fails to respond; make sure that friendly fraud is not the case.

Multiple profile settings changes

Keep an eye on profile changes, especially the email address and shipping address. In case you notice that both are changed at the same time, take immediate action to confirm that the account takeover is eliminated.

How 3DS Mobile SDK helps?

3DS Mobile SDK is a component within the TriDES2 portfolio, aiming to aid mobile merchants in their 3D Secure journey. The SDK enables smooth UX on mobile devices during online shopping and addresses the inability of 3DS v1 to offer a unified UI for mobile payments. The previous version of the protocol, 3DS v1, demanded the handling of multiple browsers and redirections between applications, only to process a single payment.

3DS SDK native integration with iOS and Android mobile applications, enables seamless authentication flow embedded in your mobile application. Your customers will be able to process payments without maneuvering between browsers and switching between mobile banking apps. This approach addresses both payment fraud and cart abandonment.

eCommerce Apps Guide: Striking a Balance Between Security and User Experience

As a dedicated guide for eCommerce app owners and merchants this eBook covers m-commerce security best practices and provides turnkey solution for in-app payments security. 

To find out more about Trides2 portfolio, contact us or visit our blog section.  

Want to learn more about cybersecurity trends and industry news?



chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram