Help protect your business from transaction fraud

COVID-19 has changed the way many businesses operate. Gym owners and personal trainers now livestream exercise classes into the homes of members. Financial advisors and insurance agents are assisting clients virtually through video conferencing tools. And mental health professionals are helping those in need over the phone instead of in person.

But it’s not just the services that have changed. There has also been a shift in the way consumers pay for these services, with new habits potentially here to stay.

In her keynote address at the Morgan Stanley Disruption Evolved Webcast on 3 June, Reserve Bank of Australia Assistant Governor (Financial System) Michele Bullock said COVID-19 caused a major shift in the world of transactions.

“…the health crisis has also disrupted aspects of the retail payments system; payment patterns have seen large, sudden shifts as merchants and consumers have changed both their payment preferences and their mode of interaction.”²

She went on to say, “The anecdotal evidence suggests there has been some behavioural change. It has come from fast-changing consumer and merchant payment preferences, changing purchasing behaviour and responses by payment service providers to facilitate change.”

These behaviours have even changed in instances where people are meeting in person. Commonwealth Bank reported a record number of digital wallet transactions in March 2020 based on analysis of Visa and MasterCard users, with spend totalling $1billion.³

The 36million digital wallet transactions represented a 17% increase from February 2020.⁴ In April, the Australia Payments Network increased the limit for contactless tap and go payments that don’t require PIN entry from $100 to $200⁵ in light of social distancing efforts.

There has also been a widespread rise in fraud⁶ during the COVID-19 pandemic, with scammers adopting different tactics.

“Criminals still use bots to try to automate fraud, but given the automation of fraud protection rules now we’re seeing them manually attempt to get around controls,” says Susan Nicholson, Australia Post’s Head of Business and Government Financial Services.

Merchant initiated fraud or merchant bust-out fraud

Another trend is scammers imitating businesses to defraud customers. This is known as merchant initiated fraud or merchant bust-out fraud. For example, if someone applies for a merchant account without intending to operate a legitimate business, but instead process fraudulent transactions, this is known as merchant ‘bust-out fraud’.⁷

It can present reputational risk if a fraudster appropriates your business name and sends customers statements for payment, and these accounts can stay dormant for some time – waiting for the right time to strike with a high volume of fraudulent transactions.

This can be an issue when transactions traditionally conducted in person move online. New fraud opportunities opened when Australian state governments moved conveyancing online via the PEXA platform. In one instance, hackers accessed a conveyancer’s email login details, established a presence on PEXA and scammed a Melbourne family into sending a $250,000 payment.⁸

“This is why strong KYC processes (Know Your Customer) are an important component of managing your payment gateway. Fraudulent payments made using credit cards will also trigger a trail of chargebacks – which is usually a warning sign,” explains Nicholson.

Chargeback fraud

Chargeback fraud is another major issue for businesses, especially as they shift to more online or ‘card not present’ payments’. It sees a cardholder fraudulently requesting payment returned (or charged back) to their account after receiving goods and services.

You may only realise that you’ve processed a fraudulent transaction when a chargeback fee appears one to three months later.⁹ For example, with ‘refund fraud’, a fraudster uses a stolen card to fund a transaction, then later requests a refund onto a different card. To address this, “Australia Post’s SecurePay¹⁰ only allows refunds onto the same card used in the transaction,” notes Nicholson.

Determining the legitimacy of a chargeback for businesses can be difficult, especially in the wake of the COVID-19 pandemic cancelling thousands of events and travel plans.¹¹

Being able to accurately process a chargeback can hinge on verifying the identity of the person making the request. This verification can not only slow down the process and anger customers, but also potentially see business owners incorrectly deny legitimate requests.

How new 3DS2 technology can help prevent fraud

The Australian Competition and Consumer Commission’s Scamwatch reported 15,455 buying or selling scams in the first five months of 2020.¹²

“There’s no way a business can manage the amount of criminal activity that’s going on in the digital space,” Nicholson says. “That’s why having a strong payment gateway is so important.”

One solution is Australia Post’s SecurePay, winner of the 2019 NORA award for Best Security/Anti-Fraud solution¹³. In 2019, more than 80,000 business customers used SecurePay to manage 359million transactions worth $69billion.¹⁴ SecurePay partners with NAB to provide its merchant accounts.

SecurePay’s fraud-fighting tools include FraudGuard, which allows businesses to set rules to control online transactions – such as maximum purchase amounts – which can be adjusted by the payee’s country of origin.

This can help you control transactions when a customer’s IP location is in a high-risk country, or has a suspicious email domain. The idea is to detect fraud before it happens.

And SecurePay is getting even stronger, with new technology that could make it even harder for scammers to take advantage of businesses and their customers. Nicholson says SecurePay will soon be equipped with 3D Secure 2.0, also known as 3DS2, authentication, which is being rolled out across the industry.

“The only difference for the customer is when you go to the payment gateway, there will be a few different fields to complete.”

Business owners don’t need to do anything on their end to implement 3DS2 other than choose a payment gateway equipped with it, such as SecurePay.

Three ways 3DS2 tech can help your business and your customers:

1. Manual verification. Many customers might be used to putting in passwords or answering security questions to verify identity when making online payments. But these static methods can pose security risks. 3DS2 opts for two-factor authentication methods that help increase online safety and also can provide a smoother experience for customers.¹⁵
2. Data points. With 3DS1, there were only 15 pieces of identity verification data that could be used. 3DS2 can instantly analyse up to 100 pieces of data.¹⁶ This can not only help prevent fraud, but can also help prevent false fraud claims that inconvenience customers and clients.
3. Potential to reduce costs. Fully authenticated payments, such as with 3DS2, have higher approval rates and lower fraud rates. This helps lower customer service costs and can also reduce the risk of lost revenue from fraud and chargebacks.¹⁷

The way your customers and clients are paying for your services is changing. As 3DS2 technology becomes available in Australia, you might want to consider looking for a payment gateway that has this technology built in. It could play a major role in customer satisfaction and help prevent thousands of dollars in losses due to fraud.