This agreement brings together Redstage’s extensive web development expertise with Signifyd’s industry leading anti-fraud and business enablement solutions to help eCommerce merchants sell more products and services without the fear of fraud.
Redstage, a Magento Gold Solutions Partner, is best known for its portfolio of over 300 Magento sites, though its capabilities go much deeper than that. As a full service web design and marketing firm, Redstage was able to help its customers increase conversions of web site visitors to eCommerce customers by 45.6% in 2013. Redstage is one of the most advanced and experienced agencies in the industry, and its expertise compliment the Signifyd solution set perfectly.
Signifyd will offer its full line of eCommerce fraud and business enablement tools to Redstage customers, leveraging both Redstage’s and Signifyd’s strong base in the Magento community as a foundation point. Signifyd’s proven analytics and machine learning tools give its customers deep visibility into customer identity, allowing Signifyd customers to reduce fraud, increase the number of orders accepted, and more efficiently manage manual review processes in their businesses.
Signifyd is happy to have Redstage Networks as the newest member of the Signifyd Partner Program.
We create solutions with high sales conversion through elegant technology while promoting brand experience. Our unmatched industry expertise coupled with the Magento ecommerce technology produces more sales from your digital channel. We’re a firm that’s run by accomplished business and marketing professionals and backed by a team of creative and computer science gurus. We’re truly enthusiastic about what we accomplish every day, and we enjoy working with clients that demand excellence and are equally passionate about their business.
At Signifyd, we help e-commerce businesses sell confidently while protecting them from fraud. Access, Automation, and Anonymity make fraud possible at industrial scale, and most businesses simply can’t cope. They don’t have the resources or expertise to fight professional fraudsters — they’ve got a real business to run. And yet, the explosion of Customer Data means the raw materials to fight fraud are more accessible than ever. We simplify fraud prevention with tools and expertise built on our years of experience at PayPal, Fraud Sciences and FedEx. We know how to interpret a user’s digital footprint and bridge the gap between Online and Offline Identity. And we know how to do it without creating friction for legitimate users.
Today, we’re excited to announce that our newest partner, Redstage, featured Signifyd in their blog as part of their ‘Partner of the Month’ series. You can read the full post on Redstage’s blog. Stay tuned for when we reciprocate and feature Redstage in our blog shortly.
Interested in becoming a Signifyd Partner?
Our Partner Program is a network of the top hosting providers, eCommerce solution providers and third party software providers. The program provides quality benefits and services that expand and enhance the functionality of our fraud prevention and chargeback protection platform. For partnership opportunities and more information on how to become a partner, please visit our partners page.
When setting up an online store, it can be an exciting time. You are building your website, uploading images of your items for sale and building out a loyal customer base that will help you increase sales as you lift your brand from nothing to a recognized symbol. Like many customers who have reached out to Signifyd, chargebacks and fraud was never even on their radar, until they got one.
Signifyd often receives phone calls that follow a format similar to this, “Hi, this is Joe from ABC company and I need help right away. I just got an email from my bank telling me that they are reversing the funds on this really expensive order and I don’t know what to do. The guy sounded legit, I looked him up but now he is saying he didn’t place that order but I already shipped the product. I need to prove that he placed the order!!”
Such frantic phone calls are often heartbreaking because more often than not the merchant who called in is ultimately going to lose out on both their cash and their product. Banks frequently side with the cardholders, and re-reversing funds is very difficult. Many merchants don’t take into account that fraudsters will answer the phone and talk to them, or that a fraudster will manipulate his IP address to give the appearance of living at the cardholders residence. Even worse are legitimate cardholders with a history of buyers remorse or are purposely seeking to steal online through the chargeback process.
So when merchants first start selling online and they see an odd order, it’s not unusual to them that if they should be able to get a hold of the customer that they should be able to ‘sort things out’. It is only after they realize that they have been duped do they become fully aware of the risks of selling online. But selling online is the future, and is on pace to replace retail shopping. So learning about chargebacks is very important for merchants looking to avoid them.
To learn fully about chargebacks, check out a previous post that Signifyd wrote up that helps define what is a chargeback. In todays post though, lets get the facts on the table. The fact is, if you have a chargeback there is very little you can do about it. The key is learning how to avoid them, and there is a tool on merchants side. Everyone online leaves a digital footprint. From the devices they use, the social networks they log into or the emails and phone numbers they register online. From the moment they create any kind of a presence, it has a history and that history can be either good or bad but it is never neutral. And that history can be tracked and is by companies like Signifyd.
Currently only about 5% of all shopping is done online, and yet that number poised to explode in the coming years. With that expansion is going to come all sorts of histories that internet users are going to leave behind. Every email, every IP address, ever card used is going to have a history of good transactions or of fraudulent ones. The key is to find and utilize that data in the fight against chargebacks.
Don’t fight chargebacks, avoid them.
Signifyd has an enormous database of knowledge, and plugs into other database providers to fill in the gaps that we currently don’t have to provide a global user database of internet history. Every time a shopper makes a purchase from one of our merchants, we can tell that merchant if the IP, phone number, device, card, email, and address or social media account is a good account or if it has fraud or chargebacks in its past.
Research shows that in the war against online thefts, the trend is going away from one off users making bad purchases online and is going towards cyber gangs who steal online. Therefore, if a Russian gang for example steals an American’s credit card and places a delivery address that Signifyd has registered as a bad address known for fraudulent orders or is associated with chargebacks, Signifyd can alert the merchant and advise them to cancel the order.
Tracking all of these histories by themselves would be an arduous task for any one merchant to tackle by themselves, but with Signifyd merchants get unprecedented analysis into their customers and who is most likely a good customer and who will likely place a chargeback.
So if you are a small but fast growing merchant who has just been hit by a chargeback, we offer our condolences. It’s a brutal growing pain, and likely won’t be the last chargeback you ever go through. But the collective power of the Internet is a tool that’s on your side through Signifyd, and together we can stop those who would seek to steal from you.
If you are a merchant who is suffering from chargebacks, consider signing up for a 2 week free trial with Signifyd and witness for yourself what professional fraud prevention services can do for you company and bottom line. Reach us at email@example.com
In the wake of Target’s disclosure that upwards of 40 million cards were compromised, a tsunami of public outrage and public opinions have been raised in discussions about how this happened and what Target should have done to stop it.
According to the Wall Street Journal. Target has already reported that sales are down as shoppers stay away out of fear. Consumers are still cautious about Target, and they are afraid of making purchases there. But should they be?
Are consumers liable?
On Christmas Eve, Visa took out a full page ad in the Wall Street Journal advertising their Zero Liability policy. A quick check on Visa’s policy advertises three steps. 1. Shop worry-free. 2. Report Suspicious Charges. 3. Get quick resolution and provisional credit. A similar check on Mastercard’s website spells out a similar policy. They in fact also call it the zero-liability policy.
Visa and Mastercard absolutely dominate the credit and debit card market in the U.S. with a combined total of roughly 85% market share. What this means for affected Target shoppers is that for any cards that have been stolen and fraudulently used they will have effectively zero financial liability for bad purchases.
So if the card holder isn’t liable, then who is? The answer often depends on where the criminals use the cards.
Online versus physical stores matter in fraud
For companies with a physical retail location, as long as they followed standard card issuer procedure by asking for ID and collecting a signature during checkout, then most of the time the card issuer will absorb the costs. For online companies though any orders purchased with stolen data will be charged against the online store.
For online companies, this means that for the time being they have to operate under the premise that there are an additional 40 million bad cards circulating in the US market, and that any one of them could be used against them and cost their business if they don’t stop the transaction.
Now for some perspective, according to a recent joint study by the US Census Bureau and Experian among others, there are roughly 1.5 billion active credit cards in circulation in the U.S. This equals out to about 5 cards for every U.S. citizen. This is a double edged sword for online merchants. The good news is that there are a significant amount of legitimate cards ready to make purchases, and credit cards are still the easiest way for online merchants to accept payment. The bad news is that with so many cards in circulation, online merchants have a plethora of potentially bad transactions coming their way. The real card holder may not even be aware their card is being used fraudulently if it is not their primary credit or debit card.
So who is most liable?
So who’s really at risk because of Target’s data breach? It’s not the hackers who stole the data. These stealthy online criminals almost never use their stolen information, instead using online market places to sell off the card numbers to less technical criminals who then use them to make purchases or drain accounts. It also generally is not merchants with physical locations, because criminals realize that their stolen data has a time limit before the real card holder cancels the account and shopping in person takes time and risk. Target and web based merchants are the real victims. In fee’s alone it is estimated that Target will have to pay the card issuers $3.6 billion for exposing consumer data. But it is the online merchants who are primarily at risk, and they are liable for every stolen Target card that they process.
For months or even years now, these web based business will have to take a little extra care to validate each order from their purchases to ensure that they don’t process a transaction from a stolen card until all the stolen Target cards are cancelled or out of circulation. That is until the next breach.
Online shopping has spiked in the last 5 years, crossing the trillion dollar threshold in 2012. Embracing the consumer preference for internet shopping, many new businesses are only available through the web. Yet a surprisingly low number of new merchants are taking measures to protect themselves from internet fraud. While many online business owners are convinced that any fraud activity on a card is largely the domain of banks and credit card issuers, internet retailers are simply unaware that in the world of ‘card not present’ (internet purchases), they are liable for bad purchases run through their stores.
For many people, the word ‘fraud’ can seem complex and overwhelming. ‘What is fraud?’ ‘How does fraud work?’ These are common questions that are actually very simple to answer. If an individual had cash stolen from their wallet, and that cash was then used in a purchase by the thief, that crime would be described as theft. The money doesn’t belong to the thief, it belongs to our victim. In fraud, this crime works exactly the same way. Only this time the thief takes the credit/debit card instead of the cash. The law states that only legal cardholders can use cards issued to them. When a thief steals a card and uses it, the thief is pretending to be that legal cardholder and racks up charges in their name. Every charge the thief makes with the stolen credit card is considered a fraudulent (bad) transaction.
If all merchants had to worry about was physical credit cards being stolen, then this wouldn’t be much of an issue. But with data breaches becoming increasing common, the financial information of tens of millions of consumers are now in the hands of cyber cartels looking to use their newly acquired information as quickly as possible. With the ability to purchase almost anything online, criminal are increasingly using their stolen data for online purchases instead of placing the stolen information on fraudulent cards to make “card present” transactions in retail stores.
With all of this fraudulent information floating around in cyberspace, it can be difficult to know what the best course of action is. Accepting credit cards is a sure fire way to expose a business to theft, but clamping down on card transactions will place a financial chokehold on a business that most likely would be fatal.
The key for businesses is to understand what they are liable for. When a business decides to accept payment from a card issuer or bank, they are accepting the terms and conditions passed down by them. What that entails is also accepting the established industry standards that are almost entirely uniform in the industry. Card issuers and banks have no ability to track if a card (or card data) has been obtained by unauthorized persons. The only way to know that an issue has arisen is when the card/card data is used in a purchase. Because a merchant has the greatest ability to stop a criminal in their tracks, card issues and banks place the financial liability on merchants for any fraudulent orders that they process.
To dig deeper into the issue, merchants need to understand the technical lingo that is written into merchant contracts. Many merchants take the assumption that if a transaction is authorized then it is a legitimate transaction. That is not the case. When a card processor runs a card and authorizes, it is simply verifying that the funds are available, the card is not reported as stolen or declined and the consumer’s credit limit has not been hit. An authorization is not running a report as to likelihood of the card being stolen or not, or if it is a risky transaction or good order. Once a merchants accepts funds, the liability now fully rests on them.
E-Commerce fraud is exploding for multiple reasons, but one simple yet major reason that it is exploding so fast is that many individuals simply do not check their credit card statements every day. While there are always going to be that subset of vigilant consumers who set mobile alerts for any purchases and check their cards daily, many consumers wait for their statement to be released before they look over their purchases. By then many weeks or months could have passed before they recognize the unauthorized transactions used on their cards.
Banks and card issuers do their best to look for irregular card activity by calling their customers to verify transactions they might have made. If someone goes on a road trip and suddenly makes multiple purchases in another state, a card is frequently frozen and the cardholder is typically contacted to verify if they did indeed make those purchases. But card issuers can only look for irregularities in a card holders account, and pending any drastic activity changes are powerless to know if a card is being used in a legal or illegal manner.
All merchants are accountable for and suffer chargebacks
To help account for this, and also to help deal with bad businesses, most card issuers offer card holders a 3 to 6 month chargeback grace period. For those not in the know, chargebacks are every merchant’s worst nightmare. Chargebacks occur when a cardholder contacts the card issuer to request a refund from a merchant. This would occur because the customer would somehow be unable to obtain a refund from the merchant or that the merchant is refusing to offer a refund to the customer. To read more about chargebacks and how to stop them read our series on chargebacks. Once a chargeback is initiated by the cardholder, the card issuer will deduct the funds from the merchants account and debit it to the card holders account.
The merchant can fight this process by providing evidence to the card issuer that the customer did in fact make a purchase, received the product intact, and is in the wrong. But in the case of a fraudulent purchase that causes the real card holder to initiate a chargeback against the merchant, ignorance of the card’s misuse by the merchant won’t stop the funds from being forcibly deducted. Many card issuers will hold a portion of the funds generated by sales through their cards in a reserve account that is held explicitly for the purpose of reimbursing card holders from bad transactions. The card issuers themselves cannot risk the liability that their merchants could run up thousands of bad orders and then not be able to pay the cardholders back. This reserve account is created because the credit card companies and banks only have a limited amount of money available to repay their customers at any given time from their own accounts. So by establishing a safety net between themselves and the merchant, they help prevent a shock withdrawal from the merchants account in the case of a large chargeback while guaranteeing that the card issuer can repay the card holder instantly.
To add insult to injury, merchants who have multiple chargebacks against them risk ever compounding fee’s as well as being placed on a chargeback monitoring program. If merchants are unable to bring the chargeback rate down, they risk be blacklisted by the card issuer either temporarily or permanently, which can drastically cut revenues for that business.
So what is a retailer to do?
No matter what the purchase, or the volume of transactions that merchant may be accepting at any given month, all transactions paid for by credit card need to be vetted.
But verifying transactions can be difficult as tying an online identity to an offline real person can take a significant amount of research. But there are common steps that all merchants can take that will significantly reduce the probability that they will process a fraudulent order or accept business from someone who serially conducts chargebacks.
1. Always, always, always collect and examine CVV2 and AVS and examine them closely
CVV2 is the 3 digit code on the back of a credit card that is separate from the 16 digit number sequence on the front. The code is a secondary backup to ensure that the card is actually in the hands of the cardholder and is never stored on file in a transaction history unlike a credit card number.
AVS stands for Address Verification System. When entering in a billing address, all merchants need to ensure that the billing address entered into the checkout matches that of the address tied to the card. If a customer repeatedly fails AVS, that is a staggering red flag. There is no reason that a real customer would be unable to identify what the billing address is for the card unless the card was being used illegally.
2. Ensuring that billing and shipping match are critical.
Billing and shipping always go together, and if they don’t it is normally an issue. Merchants always need to carefully examine why a customer would not ship to their billing address. Are they shipping to family? Are they shipping to friends? What connection does the purchaser have to the recipient? Many merchants will cancel orders that have a billing/shipping mismatch, while others have a large amount of research that goes into verifying if the customer is the true card holder. In an instance of a billing/shipping mismatch, a merchant always wants to ensure that during the checkout the customer didn’t fail the AVS or CVV2. Additionally, it is recommended to merchants that they call the customer to verify the recipient of the delivery.
3. Always get a signature for delivery
When purchasing online, often times the simplest fraud ideas are the most effective. And nothing is simpler than claiming that you never received your package. For any kind of high value order, ensure that the customer who made the purchase is the one who signs for delivery. By getting a signature, you ensure that the customer can’t later force a chargeback against you and you ensure that fraud isn’t later claimed. A major source of fraud for merchants is reshipping fraud, where a fraudster will purchase a product on the web and have it shipped to a middleman who then mails the product to him. Requiring a signature from the cardholder stops reshipping fraud in its tracks as a fraudster would have no ability to get the real cardholders signature nor would any middleman be able to accurately forge a signature.
4. Always check IP
Internet Protocol, the location of the computer the customer is using, is normally a dead giveaway to the truthfulness of the transaction. Is your customers billing and shipping in Indiana, but the IP is from Egypt? Well, that’s probably a fraudulent transaction. While the IP address can fluctuate a few miles from the address of the customer, it should never be in excess of 50 miles. Any IP address that is far from the address of the customer indicates either three things. 1. The customer is away on business. 2. The customer is on vacation. 3. This is a bad transaction. Many fraudsters attempt to mask their IP location by going through regional proxy servers, but these are easily detected and are simply another indicator of an online criminal.
5. A customer with a bad user name or email is almost always a bad customer
According to surveys over the last couple of years, the vast majority of customers will reuse the same username for most websites, and only maintain 2-3 email addresses at any given time. What this means for merchants is that if you encounter an email that doesn’t contain the name of the customer, red flags should immediately be raised. If an individual consequently gives you a user name that is full of strange characters or numbers that is normally an indication that this customer doesn’t intend to be a returning purchaser. Many merchants require that a customer verify their profile by clicking on a link sent to the customers email address to verify if this indeed is a human and not a bot. If the email address entered in the creation of the profile is different than the email address stored on file by the card holder that additionally is an indicator that something suspicious is going on in the order.
6. Be on the lookout for multiple purchase attempts, and protect your store against attacks
Fraudsters rarely have a complete data set on the individual of whom they are impersonating when making purchases online. They may be able to fill in the card number, name and address but fail the CVV2. They might have stolen the wrong email address, or they could be trying to make a purchase from the other side of the globe. If there are instances of multiple attempts, with repeated failures in a critical field a merchant will want to permanently decline that customer and every data point associated with the transactions.
7. Check the shipping address
If your customer is shipping to a Fedex store, or to a park P.O. box, that might be a red flag that they are trying to hide their location. If the location is a known drop ship address, or has a history of fraud associated with it, why take the risk of shipping to that address?. Using address verificaction services such as Whitepages.com to run the address is a crucial step in every transaction to ensure that a customer who claims the address is their own is not in fact using an illegitimate address to avoid detection while running bad transactions.
Fraud prevention takes time!
Criminals are drawn to online companies like gravity, the larger the business the stronger the pull. Fraud prevention is a difficult, time consuming process that only grows more and more important as a company increases its sales. With liability solely on the internet retailers, Signifyd finds that the vast majority of merchants take a cautious approach and tend to decline any suspicious orders as well as declining most international orders. Without having a data verification service to tell merchants if a customer is using a proxy to mask his IP or to verify his address, merchants can be at a loss to confidently decline or accept an order.
Signifyd provides the tools merchants need to quickly verify their orders.
Looking up 5 orders a day might not be an issue for company, but if your company finds itself suddenly needing to review 75, 100, 200+ orders a day it can quickly become an overwhelming and all day long task. And without a uniform way of doing each search a company can find it is simply approving or declining orders ” based on their gut”. Signifyd provides companies a way to quickly ensure that they don’t rack up huge losses by accepting payment from multiple stolen credit cards or get hit by numerous chargebacks. Signifyd runs reverse IP lookups to detect proxies, verifies a customers address, checks bin to verify the cards origin, looks through social media to double check a customer’s true identity, and gives merchants a customer’s shopping history to highlight any possible fraud or chargebacks that can be associated with them. Signifyd scores transactions at an average of 200 milliseconds and works with merchants from the largest on the web to merchants who have just set up shop. If you run a business and are concerned about chargebacks and fraud and want to learn more please reach out to us at firstname.lastname@example.org to learn more!