What is a Fraudulent Transaction?

These unauthorized purchases hit merchants hard from multiple angles at once. You lose the merchandise that you’ve already shipped out, and then the payment processor comes along and slaps you with a chargeback fee right on top of that loss.

Behind this problem, the numbers are just brutal. Fraudulent transactions drive most of the chargebacks in the payment industry and merchants lose billions of dollars every year because of it. Every fraudulent order that slips through your defenses costs you the wholesale price of the product and on top of that a chargeback fee that can run anywhere from twenty to a hundred dollars. Wind up with too many chargebacks and payment processors might even shut down your merchant account permanently.

Modern fraud has become sophisticated enough to slip past most of the basic security measures and the massive rise of online shopping has made it much easier for crooks to hide behind fake names. Card-not-present sales are especially vulnerable because there’s just no way for you to physically check who the buyer is.

Merchants almost always lose chargeback disputes over fraudulent purchases – and that’s the real kick in the teeth. Even if you follow all the right steps and ship to the correct address, you’ll still lose that fight when the cardholder sees the bogus charge and files a complaint. I see businesses deal with this all the time and it’s one of the most frustrating parts of running an online operation.

How It Works

Fraudsters usually get their hands on payment information through a few different methods and none of them are all that hard. Most of them buy stolen card numbers from data breaches that eventually show up on dark web marketplaces and others like to trick cardholders directly with phishing emails that look legit enough that customers fall for them. Some fraudsters even go old school and attach skimming devices to ATMs or gas pump card readers to steal the information when cardholders swipe their cards.

After they get the payment info fraudsters don’t move fast to make big expensive purchases. Most of them are actually pretty careful about their plan. They’ll first test the card with small, subtle purchases to make sure that it’s still active and working. They might buy a single song download for a dollar, make a small charitable donation, or buy something equally small and forgettable. If that transaction goes through without any problems they know that the card is ready to go and they can move on to their big plan.

Real harm comes when they purchase merchandise that they can easily resell for cash. Electronics and gift cards are their absolute favorites because they’re easy to convert back to money fast. Lots of fraudsters ship these items to vacant houses or use package forwarding services to hide their tracks and make it harder to trace back to them. By the time cardholders get their monthly statement and notice something suspicious, the fraudster has already cashed out and disappeared.

That’s when merchants get stuck with the unpleasant shock. Cardholders call their bank to dispute the fraudulent transaction and a few weeks later you receive a chargeback notification in your inbox. At that point you lose the merchandise you shipped and the payment that you thought you received. Fraudsters are long gone with their cash and you have to sort through the paperwork and the headache that comes with it.

How it Affects Chargeback Prevention

Fraudulent transactions almost always cause chargebacks. These fraud chargebacks become a big problem because they count directly against your merchant account limits and can hurt you later on. Most big card networks like Visa and Mastercard usually allow about a one-percent chargeback rate before they start paying attention to your account. Cross that line and watch-list programs kick in or your merchant account gets shut down altogether.

Fraud can be flat-out brutal financially because money gets lost twice. You lose whatever product or service the fraudster managed to grab first. Then comes the chargeback fee and can run anywhere from twenty to a hundred dollars per incident – and those fees pile up fast if you have multiple fraud cases.

Fraud-prevention tools sound like they’ll fix everything. Features like address verification and CVV checks can help catch fraudsters before they finish a transaction. 3D security authentication systems work similarly. These tools sometimes block legitimate customers though and create problems of their own. You don’t want to turn away legit money because the fraud filter was too aggressive.

Once a fraud chargeback hits a merchant account, winning that dispute is nearly impossible. Banks almost always side with cardholders in fraud cases and the win rate on these disputes is zero – it’s just how the system is set up.

Stopping fraudulent transactions before they ever get processed is the only sure way to protect your business. Once that payment moves through the system and ends up as a chargeback, the money and the merchandise are already gone.

Example Scenarios

Most fraudsters start out small when they first get a stolen card number. They’ll make three or four little purchases – maybe seven or eight dollars each – just to see if the card works. These small transactions look completely legitimate on your side and they process without any red flags or problems. Once they see the card is active and working, that’s when they strike. Suddenly a huge five-thousand-dollar order for high-end electronics comes in and they want it shipped overnight to some sketchy freight-forwarding address.

Card testing attacks create a different headache for merchants. Fraudsters set up automated scripts that fire hundreds of stolen card numbers through your checkout system and each script runs these small transactions – maybe two or three dollars – just to see which stolen cards are still active and which ones have been cancelled. Your payment processor can become suspicious about the unusual activity on your account while the scripts run. At the same time, you’re stuck dealing with dozens of chargebacks from these small-dollar test transactions.

Friendly fraud is yet another challenge that honest merchants face on a daily basis. A customer places an order for something expensive – let’s say a three-hundred-dollar pair of designer shoes – and they receive the package without any problems at all. Six weeks later they call their credit card company to dispute the charge and claim they never authorized the order or never received the item. You have the documentation – shipping confirmations, delivery receipts and their IP address – but the banks almost always side with the cardholder anyway. These customers know how the system works and they exploit the fact that credit card companies favor the consumer. You lose the merchandise and you’re also stuck paying chargeback fees on top of it.

Requirements and Timeframes

Customer disputes for fraudulent charges give you very little time to pull together evidence. Most card networks give you only about five to ten days to show that the transaction was legitimate. Miss that deadline and you automatically lose the dispute along with all the money from that sale.

Stricter laws apply if you want to dodge penalties altogether. Visa says merchants have to maintain their fraud rates below 0.9 percent at all times. Go above that threshold and you’ll get stuck in expensive review programs that come with big extra fees – if you let it climb too high and they might actually cut off your ability to process payments at all.

Plenty of other compliance laws will also demand your attention. PCI DSS tells you to protect cardholder data in very exact ways. Accepting chip cards while still swiping with an old magnetic-strip reader makes you liable for any fraud that happens on those transactions – it’s the EMV liability rule change at work. European transactions also call for Strong Customer Authentication and add another verification step to help stop fraud.

Watching out for obvious patterns helps you catch more fraud before it happens. Watch for mismatched billing and shipping address information or brand-new customers who make unusually large purchases on their first order. Multiple failed payment attempts followed by a successful one should absolutely raise some red flags. Orders coming from risky countries deserve extra scrutiny too.

No single red flag proves fraud by itself – that’s the hard part. You need to look at combinations of suspicious indicators together to make the right call.