By Heather Randall, PhD, CCEP
Organizations rely on the ability to take online payments. However, online fraudulent activity and scams have been on the rise causing significant hardship to businesses. According to Juniper Research, merchant losses to online payment fraud will exceed $206 billion cumulatively between 2021 and 2025. That means that companies relying on electronic payments must be aware of these scams and the ways to avoid it. Between use of stolen card numbers and using fraudulent banking information to make payments online, businesses can challenged to stay ahead of these trends. However, there are tools that businesses can use to help mitigate fraud.
Adhere to Nacha’s Web Debit Account Validation Rule to Reduce ACH Fraud
Nacha has implemented a rule change, which requires all ACH transactions initiated over the web use a “commercially reasonable fraudulent transaction detection system,” including ensuring ‘account validation’ as part of the process.
TrustCommerce has introduced a new tool to help merchants meet this requirement. Here is an overview of the ACH Web Validation add-on service:
- The service will work seamlessly with any of our ACH processors and integrations
- When enabled, this service will validate the checking or savings account and routing numbers (DDA/ABA) to determine if it is a ‘valid account’
- If the account is valid, the payment request will be processed normally
- If the account is invalid, the payment request will return a ‘declined’ response
While the ACH Web Validation service does not verify if funds are available or provide any assurances the payment will be settled, it does validate that the account is active and in good standing with the bank.
Implement Tools to Prevent “Card Testing” Attacks on Online Payment Pages
Often, once payment card data is obtained by criminals, the scammers look for ways to test their stolen card information. One way they do that is to find portals or e-commerce sites that have payment forms and use those forms to “test” cards. This is done by running hundreds or thousands of small transactions to see if they will be authorized. If these small transactions are authorized, the criminals assume the card is “good.” Meanwhile, the merchant may not know that this has happened until an expensive invoice is received for those “auths.”
It is imperative that merchants employ solutions to combat these types of scams proactively. Here are ways merchants can mitigate their risk:
CAPTCHA is an easy test that users take on web-based forms to prove that they are not a “bot.” These may include simple math questions or identifying pictures from an array. This simple step allows merchants to filter out bad actors and helps to ensure that their payment site is not being misused.
Use TC CrediGuard
TC CrediGuard is a product offered by Sphere that allows merchants to set parameters for certain transaction patterns. Merchants can set TC CrediGuard to deny transactions based on a set of predetermined criteria. For example, a merchant may set parameters to deny transactions after five attempts from the same IP address within 7 minutes. Or, if the IP address of a bad actor is known, a merchant may block that specific IP address.
Add a Log-in Screen
Payment forms that reside in front of a log-in page may be more convenient for your customers, patients, or donors, but it can also make it easier for criminals to use that payment screen as a tool for testing card numbers. By adding a log in screen, you create a barrier that may protect your business from becoming a target for these types of schemes.
By implementing these recommendations, merchants can take significant steps towards mitigating the likelihood of a Primary Account Number (PAN) or Card Testing event.
To learn more about secure online payment solutions and fraud reduction tools, please contact a Solutions Consultant at 800.915.1680, option 2 or firstname.lastname@example.org.