Canadian Security Magazine

Retail security: Defence against fraud

By Matthew Robertson   

Features Expert Advice Opinion fraud fraud prevention loss prevention retail security

With each passing day, more and more consumers are making the switch to online shopping. And why wouldn’t they? It’s quick, reliable and easy. As a consumer, you can have nearly any item you can imagine delivered to your door (in some cases same day) without ever having to leave the house.

It is for that same reason that ecommerce fraud is growing at an exponential rate. Fraudsters are attracted to the same “quick and easy,” as they too can now order goods without ever having to set foot inside a retail store. They can comfortably use stolen credit cards while hiding behind the anonymity of a public computer and a forwarded mailing address, never once having to worry about physical security measures like chip and PIN or being recognized on CCTV. In many cases, the fraudsters can have the goods in their hands before the victim even knows their card was compromised.

When trying to prevent fraud in person, you can typically work with front line sales associates to help recognize warning signs, such as unusual behaviours by the suspect, cards that appear damaged and fall back to swipe, or discrepancies between the cardholder information and the person making the purchase. Chip and PIN technology is also a significant deterrent since it prevents most fraud attempts as criminals seldom have their hands on the true card and the PIN.

When dealing with online fraud, however, you lose the ability to pick up on those abnormal behaviours and also have to deal with the risk of accepting the order as a “card not present” transaction as there is no chip/PIN involved. Because of this, a well-built fraud prevention strategy for your ecommerce business is crucial to preventing chargebacks.

The first line of defence is your checkout process. If you can prevent the order from ever happening, you are already one step ahead. When putting together a strong fraud mitigation plan, try to find ways to build in “human” verification elements such as CAPTCHA. This helps prevent fraudsters from creating bots that can automatically place orders in bulk. Verified by Visa and MasterCard SecureCode are two solutions that can be easily implemented into the checkout process for additional validation. It is also crucial to capture as much meta-data as possible about the computer/user making the purchase. Such elements as IP address or Device Fingerprint are extremely beneficial as they can act as important data points that can be used to identify patterns and trends.
The second line of defence involves the order passing through a series of business rules and fraud validation checks to decide on whether you should accept or reject an order. These rules can be as simple as ensuring the billing and shipping addresses match or that the CVV number matches what is on file with the bank. Alternatively, the rules can be as complex as validating the total number of orders placed by a specific IP address within a certain time frame or looking at orders over certain dollar amounts utilizing foreign currency credit cards. The more rules you can put in place, and the more you can layer rules on top of one another to help make your decisions,  the more this will ultimately lead to a successful fraud prevention strategy.


Despite your best efforts, not every order will be caught through the fraud review process. Therefore, the final step is always a thorough review on any fraud chargebacks received for your online orders. This can give you insight on how that particular fraud order could have been prevented and will allow you to tweak your rules to catch orders like it in the future. The more often this takes place, the better chance you have at stopping the orders at the source. As an ecommerce retailer, without any proactive measures to detect and prevent fraud, you are opening yourself up to a fraud chargeback on every order. While this is certainly a risk of doing business in today’s fast paced ecommerce environment, it is certainly a risk you can control.

Matthew Robertson is acting DVP, retail operations, and director of loss prevention for Sears Canada.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *