What can a platform do to protect itself from fraudsters? And when should it start doing it? Here are five tips to help prevent the surprise and sting of fraud losses.
Most credit card fraud prevention features are designed for card-present (face-to-face) payment environments. With the shift to EMV chip cards, fraudsters have been turning their attention to card-not-present transactions (card payments made without physically swiping a card, such as for online payments) performed on online platforms or marketplaces.
When a person is a victim to identity or card theft, they can request their credit card provider (aka, the issuing bank) to work on their behalf to reverse the fraudulent charges. In the traditional online commerce model with a buyer and a single seller, the issuing bank would typically hold the seller or merchant liable for any fraudulent charges made on their website.
But in the newer state of ecommerce (e.g., crowdfunding sites, niche marketplaces and particularly business tool providers) in which an online platform or marketplace combines many buyers and merchants, the specifics of the platform-merchant relationship will dictate who is exposed and liable. There are also situations emerging on these newer online platforms where fraudsters operate as merchants (rather than simply as buyers), with the aim of defrauding the platforms and quickly disappearing before the platform realizes what happened, leaving the platform on the hook for all fraudulent charges.
What can a platform do to protect themselves from fraudsters? And when should they start doing it? Here are five tips from WePay to help prevent the surprise and sting of fraud losses for these platform and marketplace providers.
1. Educate yourself
Fraud and loss come in different forms such as chargebacks, merchant identity fraud, buyer identity fraud and merchant credit risk. Attacks can also come from fraudsters masquerading as legitimate buyers and sellers.
For example, collusion fraud is a real threat for crowdfunding platforms. In this case, a fraudster creates a merchant account with a fake identity for a fake campaign, then creates fake customers who donate to the merchant with stolen credit card numbers. The fraudster then tries to pull out the money before legitimate credit card holders ever see or disputes the charges.
Awareness of these types of payment risks for you and your business is the first step in avoiding them.
2. Start with simple protections
For starters, you can leverage traditional, time-tested tools to prevent fraud. For example, you can validate data provided by users with information maintained by large vendors like Experian, Equifax or LexisNexis. These services can also check a user's business credit and history to further assess their legitimacy.
3. Verify with social data
While there are many advanced fraud protection tools out there for one to use, all tools can be enhanced and complemented by social data verification. With much of the world on social media platforms like Facebook and LinkedIn, there's a lot of available information that could be mined to validate someone's identity. It may be easy for a fraudster to set up a new social media profile, but it would be difficult for them to create one with a long history that also matches the name and email address they wish to fraudulently use.
4. Trust your instincts
We've seen an old scam re-emerge on online business platforms whereby a fraudster posing as a potential client approaches a small business via email regarding a sizable project. The fraudster suggests that they want to pay for the project in advance, including an extra amount they want the small business to pay out to a third-party subcontractor (For example, they want you to build their website for $10,000, so they seek to pay you $15,000 and then you pay $5,000 to their "photographer.").
The fraudster will say this approach is needed because they are limited in how many payments they can make. In reality, they are operating with a stolen credit card and trying to get you to send $5,000 to their bank before you realize the original $15,000 is fraudulent. Victims of this have often said that the project seemed too good to be true.
When it seems too good to be true, it probably is. It's safer to meet or speak with a prospective client before agreeing to any work. Be cautious if you find that someone wants to work with you from far away when they could work with many others much closer to their location. And, of course, you should be wary of any outreach that asks for money and/or personal information.
5. Dont wait
Fraud is highly nonlinear, making it inconsistent and unpredictable. Your business may experience zero fraud for weeks and then a sudden spike in fraudulent activity could overwhelm you before you can react. For this reason, you'll want to consistently monitor activity with the right tools even if the immediate threat isn't apparent.
The most important takeaway is to avoid the element of surprise when it comes to fraud. If you're not on top of it, fraudulent activity can take time away from your normal business activities and can negatively affect profits, employee morale, and your business's reputation.
We recommend that all businesses plan for fraud risks. For online platform providers, we believe it's even more crucial for them to ensure that their platforms remain a safe place to conduct business.