Federal Reserve e-Commerce Fraud Study

Fraud Threats in the e-Commerce Channel Vex Merchants

Minneapolis, June 18, 2018 According to a new survey of 166 U.S. merchants with an e-commerce presence, card-not-present (CNP) fraud is the top payment threat to retailers. The survey also found that retailers worry about their ability to handle increased e-commerce fraud, which many merchants expect to increase over the next six to 12 months, largely as a result of data breaches. The survey, released by the Federal Reserve Bank of Minneapolis, aimed to uncover approaches retailers are using to effectively reduce payments fraud in the e-commerce space. It complements the financial institution fraud mitigation tool effectiveness study published by the Bank in the first quarter of 2018.

The report provides information about the use of payments fraud detection and prevention methods used in the e-commerce channel and how merchant respondents rated the methods. When asked where merchants devoted the most resources toward fraud mitigation, they indicated CNP in the online channel. Merchants largely rely on older mitigation tools such as security code and address verification, but some new tools are emerging. The emerging CNP fraud tools that merchants find most promising include artificial intelligence, facial and voice recognition, and multi-merchant purchase velocity checks.

“This study provides great insights into what merchants find effective for mitigating card-not-present fraud today and which emerging mitigation technologies they are beginning to use.  Retailers could use the information from the report to assess and enhance their current fraud mitigation strategies,” said Guy Berg, vice president of the Payments, Standards, and Outreach Group at the Minneapolis Fed.

The report also analyzes usage and effectiveness ratings of information-sharing partnerships that help merchants identify fraud attacks and exchange threat information.

Access the full 2018 Fighting Fraud in the e-Commerce Channel: A Merchant Study.


The Federal Reserve Bank of Minneapolis is one of 12 regional Reserve Banks that, with the Board of Governors in Washington, D.C., make up the Federal Reserve System, the nation’s central bank. The Federal Reserve Bank of Minneapolis is responsible for the Ninth Federal Reserve District, which includes Montana, North and South Dakota, Minnesota, northwestern Wisconsin and the Upper Peninsula of Michigan. The Federal Reserve Bank of Minneapolis participates in setting national monetary policy, supervises numerous banking organizations, and provides a variety of payments services to financial institutions and the U.S. government.

 

###

Blog author note: CenPOS cloud commerce solutions are part of a layered security approach that help reduce manual order reviews and mitigate risk of bot automated orders which can rack up authorization fees. Tools include 3-D Secure, including Verified by Visa and other card brand solutions, among others. Headquartered in Miami, Florida, CenPOS is reshaping the future of commerce through technology innovation and the secure, flexible and simple solutions this enables. Christine Speedy, CenPOS Global Sales, 954-942-0483 has extensive ecommerce experience to help businesses mitigate fraud risk while maximizing profits.

3dcart and CenPOS Payment Gateway Partner To Grow B2B Vertical

Miami, FL April 23, 2018. The business-to-business (B2B) e-commerce sales channel presents new opportunities and challenges, particularly with increasingly complex credit card processing requirements. 3dcart, a leading e-commerce platform, has partnered with CenPOS, an integrated technology commerce platform. The CenPOS ‘Super Payment Gateway’ maximizes profits while mitigating the higher dollar value transaction risk in the B2B vertical.

Payment gateways directly impact the cost of credit card acceptance, including interchange fees, the bulk of merchant fees. The CenPOS 3dcart integration offers all the required elements to qualify B2B transactions for the lowest rates possible, including:

  •  Level 3 data for purchasing, corporate and business cards
  • Resolve authorization and settlement amount mismatch
  • Visa unscheduled, recurring, and installment stored credential mandate compliance
  • 3-D Secure – Verified by Visa, MasterCard SecureCode, American Express Safekey and Discover ProtectBuy

“Our first mutual customer reduced fees over 30% just by changing their payment gateway,” commented Christine Speedy, CenPOS sales expert for 3dcart users. “Both our customers can expand into new markets while maximizing profits, security and compliance.”

“With the CenPOS integration, we expand the payment solutions offered by 3dcart to provide existing and prospective customers globally an additional alternative to how they process credit cards today, with any acquirer they choose,” stated Gonzalo Gil, 3dcart CEO.

The 3dcart CenPOS integration currently supports credit card, EFT/echeck with and without guarantee, Paypal and alternative payment methods. CenPOS POS and mobile and are available standalone now and will be integrated in the future to provide 3-D Cart customers a validated point to point encryption (P2PE) option. A validated P2PE solution significantly reduces merchant scope for PCI Compliance. CenPOS also includes to all 3dcart customers their electronic bill presentment and payment (EBPP) solution, supporting wire payments, text messaging, and other key B2B items of interest.

cenpos logoAbout CenPOS

CenPOS (https://www.CenPOS.com is a merchant-centric, end-to-end payments engine that drives enterprise-classsolutions for businesses, saving them time and money, while enabling merchants to create deeper lasting relationships with their customers. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.  PCI Level 1 Service provider, QIR Certified, P2PE Validated, HIPAA compliant. https://www.cenpos.com/ CenPOS 877-630-7960, Christine Speedy direct 954-942-0483.

logo 3dcartAbout 3dcart

3dcart (https://www.3dcart.com) is the most SEO-friendly eCommerce platform for retailers and internet marketers to grow their online stores’ traffic and sales. 3dcart includes 24×7 Technical Support, 100+ Mobile-Ready Themes, order management software, built-in blog, email marketing tools and more. Since 1997, the company has been a leader in the eCommerce market, building online stores for businesses of all sizes. Today, 3dcart is Visa PCI Certified and a Google Partner. Sales 800-828-6650

MAGENTO VULNERABILITIES IMPACT PCI COMPLIANCE

Magento, a popular e-commerce platform, released multiple security patches this year, several addressing critical and high credit card data breach vulnerabilities. Merchants that haven’t deployed security patches, as required by PCI standards, are vulnerable to remote exploits that can compromise customer account and credit card data.

One cross-site scripting (XSS) flaw potentially allows an attacker to add malicious JavaScript code to a comment via the PayFlow Pro payment module. The JavaScript code is executed server-side when the targeted site’s administrator views the attacker’s order.

PCI Compliance Requirement 6: Develop and maintain secure systems and applications. All critical systems must have the most recently released software patches to prevent exploitation. The average merchant relies upon third party developers for web site maintenance, but unless specifically contracted to update the e-commerce software and add-on modules, don’t count on it.

Only 16.4% of organizations that had suffered a data breach were compliant with Requirement 6, compared to an average of 64% of organizations assessed by our QSAs in 2014- Verizon 2015 PCI Compliance Report.

Payment gateway implementation requirements have changed over time as a result of cross-site scripting and cross-site request forgery (CSRF) to meet current PCI Compliance standards. Merchants should verify all components of their ecommerce ecosystem are current, and have a system for ongoing monitoring and updating.

RESOURCES

  • Magento Security Center
  • VISA MAGENTO SECURITY ALERT, July 2016
  • Christine Speedy, 3D Merchant Services, offers Magento payment gateway module for merchants to improve their omnichannel customer experience and mitigate risk. B2B customer benefits include friction-less payments across all sales channels; text and email Express Checkout, customer invoice portal for 24/7 ACH, credit card, wire and more payment types, and US EMV with level 3 processing. Magento and ERP modules combine to provide a powerful array of solutions to improve cash flow and profits while maximizing security. 954-942-0483.

 

 

Visa revises Merchant Location rules effective October 15, 2016

Visa rules for how merchants must identify their name, type of business, and location are changing to keep up with the growing number of ways merchants interact and conduct transactions with their customers. Visa cites these rules are necessary to help prevent unnecessary cardholder disputes and reduce additional risk to the Visa system. Conversely, failure to comply with the rules could increase merchant risk to lose customer disputes.

“If you are an eCommerce merchant, your website must contain the merchant location on either the checkout screen used to present the final transaction amount or within the sequence of web pages that the cardholder accesses during the checkout process. It must not be a link to a separate page.” Visa Bulletin VBS 02.AUG.16

What is the proper location? It must be the country of your principal place of
business, where your executive officers direct, control, and coordinate your activities — generally, your company’s headquarters. I’d venture that 99% of ecommerce site are not compliant with this rule today, including Amazon.

For complete details, download PDF Official Bulletin by Visa Providing the Proper Location
of Your Merchant Business

Volusion for B2B? No way!

Volusion for B2B ecommerce shopping cart is unacceptable. B2B companies are going omnichannel, yet Volusion lacks critical tools distribution companies need to maximize profits, security, and efficiency.

  1. Payment gateways and level III data– Wholesalers average 30% premium in merchant fees because NO Volusion payment gateways help businesses properly qualify for level 3 interchange rates across ALL sales channels, from ecommerce to retail. They have continually ignored requests to support, instead adding dozens and dozens of ‘me too’  gateways that are pretty much all alike.
  2. Retail – B2B retailers need US EMV options that support their needs. Whether it’s signature capture terminals like the Verifone MX915, or mobile terminals. None of their gateways has ever supported level 3 processing for retail, and is there even an US EMV terminal with P2P encryption certified for any processor today that works with Volusion?
  3. Omnichannel flexibility and PCI Compliance – How many business to business companies have a sales force taking phone orders? What is Volusion doing to help secure that transaction and help prevent fraud? Not nearly enough.

Over the decade that I owned a Volusion B2B ecommerce store, I recommended them over and over again. So much that their product development reached out to me to ask if there was anything I needed. It’s been seven years and the one thing I wanted, a modern payment gateway that meets business to business needs, they still haven’t done, even though the work is minimal. Why not? Well I’m tired of waiting and if someone finds my positive reviews online, I want everyone to know, there are many compelling reasons why I do not recommend Volusion for B2B ecommerce.