Nothing stings as deeply as fraud.
The ease with which your ecommerce business can scale and the enormous potential market make it a soft target.
Unlike customers, as a merchant account holder, you are not protected by any financial institution and you will be held accountable for not preventing the fraud. Trust me.
cgk.ink has a strong partner, Stripe, which primarily processes our transactions but does so much more. They have a robust and effective fraud detection tool that prevents attempted fraud and gives you the detailed information you’ll need to avoid that mess in the future.
Stripe has published a very detailed report: “The State of Online Fraud” (.pdf). It’s an important read for ecommerce businesses of any size. Some highlights:
A marked increase in fraud
During the first year of the pandemic, we saw a 40% spike in the proportion of businesses experiencing attempted card testing attacks.
COVID-19 ushered in a historic wave of ecommerce growth. Businesses on Stripe processed more than $640 billion in payments in 2021, up 60% from the prior year. These payments came from a rapidly growing group of businesses: 1,400 new companies joined Stripe each day last year. This growth—especially in new businesses—created more opportunities for fraudulent actors.
At the same time, fraudulent actors continue to become more sophisticated. They find new ways to target businesses, often organizing into groups and connecting with other fraudulent actors to share “best practices.”
All online businesses have to manage fraud; however, our Stripe analysis showed that businesses in Latin America were particularly susceptible to increasing fraud rates.
Our data showed that Latin America had the highest card fraud rates in the world during our studied timeframe: 97% higher than North America and 222% higher than the Asia-Pacific region. Locally run payments infrastructure and less frequent credit card usage mean that fraud models used by banks can be weaker than in other regions. Rules also tend to favor cardholders in the dispute process, causing businesses to be especially vulnerable to fraud. In addition to these local factors, the market is increasingly moving online (we saw a 518% increase in new businesses started on Stripe in Latin America in 2021), creating even more opportunities for fraudulent actors to attack.
Fraud varies by culture
Businesses in Europe, the Middle East, and Africa had substantially lower fraud rates compared to North America, which likely reflects the impact of Strong Customer Authentication (SCA) regulations mandating that businesses add two-factor authentication to their checkout flow.
Best practices for preventing fraud
- Optimize your integration with your payments provider. Many payments providers will apply different controls to mitigate a card testing attack, but the success of those controls depends
on the quality of your integration and the signals you send to the provider. In general, the more data your integration provides, the more successful card testing prevention can be.
- Keep your API keys safe. Your secret API key can be used to make any API call on behalf of your account, such as creating charges or performing refunds. Treat your secret API key as you would any other password and only grant access to those who need it.
- Enable CAPTCHA in your checkout flow to differentiate between legitimate customers and card testing bots.
- Set rate limits to control the amount of incoming and outgoing traffic. For example, if card testers validate cards by attaching them to new customers, you could limit the number of new customers that come from a single IP address in one day.
- Consider requiring customers to log in to their account to make a payment.