By Heather Randall, PhD, CCEP
Organizations rely on the ability to take online payments. However, online fraudulent activity and payment scams have been on the rise, causing significant hardship to businesses. According to Juniper Research, merchant losses to online payment fraud will exceed $206 billion cumulatively between 2021 and 2025. That means that companies relying on electronic payments must be aware of these scams and the ways to avoid them. Between use of stolen credit card numbers and using fraudulent banking information to make payments online, businesses are challenged to stay ahead of these rackets. However, there are tools that businesses can use to help mitigate and prevent online payment fraud.
Adhere to Nacha’s Web Debit Account Validation Rule to Prevent ACH Fraud
Nacha has implemented a rule change, which requires all ACH transactions initiated over the web use a “commercially reasonable fraudulent transaction detection system,” including ensuring ‘account validation’ as part of its online payment fraud prevention process.
TrustCommerce has introduced a new tool to help merchants meet this requirement. Here is an overview of the ACH Web Validation add-on service:
- The service will work seamlessly with any of our ACH processors and integrations
- When enabled, this service will validate the checking or savings account and routing numbers (DDA/ABA) to determine if it is a ‘valid account’
- If the account is valid, the payment request will be processed normally
- If the account is invalid, the payment request will return a ‘declined’ response
While the ACH Web Validation service does not verify if funds are available or provide any assurances the payment will be settled, it does validate that the account is active and in good standing with the bank.
Implement Tools to Prevent “Card Testing” Attacks on Online Payment Pages
Often, once payment card data is obtained by criminals, the scammers look for ways to test their stolen card information. One way they do that is to find portals or e-commerce sites that have payment forms and use those forms to “test” cards. This is done by running hundreds or thousands of small transactions to see if they will be authorized. If these small transactions are authorized, the criminals assume the card is “good.” Meanwhile, the merchant may not know that this has happened until an expensive invoice is received for those “auths.”
It is imperative that merchants employ secure payment processing solutions for online payment fraud detection to combat these types of scams proactively. Here are ways merchants can enhance their online payment fraud prevention and mitigate their risk:
CAPTCHA is an easy test that users take on web-based forms to prove that they are not a “bot.” These may include simple math questions or identifying pictures from an array. This simple step allows merchants to filter out bad actors and helps to ensure that their payment site is not being misused.
Use TC CrediGuard
TC CrediGuard is a product offered by TrustCommerce that allows merchants to set parameters for certain transaction patterns. Merchants can set TC CrediGuard to deny transactions based on a set of predetermined criteria. For example, a merchant may set parameters to deny transactions after five attempts from the same IP address within 7 minutes. Or, if the IP address of a bad actor is known, a merchant may block that specific IP address.
Add a Login Screen
Online payment forms that reside in front of a login page may be more convenient for your customers, patients, or donors, but it can also make it easier for criminals to use that payment screen as a tool for testing card numbers. By adding a login screen, you create a barrier that may detect online payment fraud and protect your business from becoming a target for these types of schemes.
By implementing these recommendations, merchants can take significant steps towards mitigating the likelihood of online payment fraud through a Primary Account Number (PAN) or Card Testing event.