Unfortunately, dealing with fraud is part of any online business. This article will cover the common types of Fraud and how to combat them.
Common Types of Fraud
There are two main types of fraud techniques that we have observed in membership websites.
Individual Purchases with Stolen Credit Card Details:
Fraudsters use stolen or cloned credit card information to make individual purchases online.
This type of fraud can lead to disputes and chargebacks, resulting in revenue loss for your business.
Bulk Test of Misappropriated Credit Cards:
Fraudsters attempt to test multiple stolen credit cards on a site to verify their validity before making fraudulent payments on other websites.
Card testers usually target sites with editable amount fields, such as gift card and donation features.
Security Standards
While we maintain the confidentiality of our internal security systems as per our Privacy Policy, we adhere to certain security standards:
During the checkout process, our integration with Stripe supports 3DS verification for European end-users and zip/postal code verification for the US, Canada, and the UK.
We do not store sensitive payment method details, except for the last four digits of the credit card number.
Before we request the payment provider to perform any charge, we ask them to store the payment method upon verification (when required).
As part of this verification, end-users in Europe may see a charge authorization request with a value of $0,00 (or your site's currency).
NOTE: Due to the nature of subscriptions, storing the credit card is crucial for the payment provider to support recurring charges in the future.
Mitigating Fraud: Recommendations
To minimize the impact of fraud and protect your business, follow these recommendations:
Customer Service and Refunds
Make your customer service contact information easily accessible.
Respond to customer inquiries promptly and process refunds in a timely manner to reduce disputes.
Stripe's Radar for Fraud
Implement Stripe's Radar for Fraud and set rules to block payments from countries with high fraud activity.
Consider setting limits on specific types of cards, such as pre-paid credit cards, based on your customers' reported fraud activity.
Use the highest security level during aggressive card testing periods and adjust it as needed.
Enable ZIP Code and CVC Checks
Require ZIP code and CVC checks on Stripe to add an extra layer of verification.
Note that businesses are not allowed to store CVC numbers, making it less likely for fraudsters to obtain this information.
Bulk Deletion of Spam Accounts
If your site experiences card testing attacks, open a support ticket to request a bulk deletion of spam accounts created during these attacks.
Best Practices for Handling Chargebacks/Disputes
Dealing with disputes can be challenging, whether they arise from fraudulent charges with stolen credit cards or from dissatisfied customers. Occasionally, buyers may resort to disputes due to buyer's remorse. To effectively handle disputes, consider the following recommendations:
Prompt Response: Address Stripe disputes promptly upon receiving a notification to demonstrate your commitment to resolving the issue.
Clear Communication: Engage in transparent and courteous communication with the customer to understand their concerns and provide helpful information.
Solid Documentation: Offer compelling evidence, such as order details and communication records, to support your case effectively.
Fair Resolution: Consider providing a refund, replacement, or a mutually satisfactory solution to resolve the dispute amicably and retain customer loyalty.
Learn and Improve: Analyze the root causes of disputes and use each case as an opportunity to improve your offerings and billing practices.
Stay Informed: Stay updated on Stripe's dispute process and guidelines to navigate the resolution process efficiently. Learn more from Stripe.