• United States




CNP fraud spikes during the holiday shopping season. Here are 3 things you can do now to protect your holiday sales

May 10, 20185 mins
CybercrimeE-commerce SoftwareFraud

CNP fraud spikes during every holiday season, and 2018 will be no exception. Before it’s too late, online retailers need to get prepared in their fraud prevention efforts. Here are three steps that online sellers can take right now to ensure that they are ready and able to protect themselves when sales spike during the holidays.

whyhpcmatters frauddetection 1000
Credit: DELL EMC

The 2018 holiday sales season is going to present real challenges for online retailers, based on last year’s fraud data. E-commerce fraud rose by 22% during the 2017 holiday season, with thieves taking advantage of higher order volumes and tight shipping deadlines to get past merchants’ fraud-screening measures. Here are three steps online sellers can take now to improve their fraud prevention practices for the 2018 holiday season.

1. Know your holiday-season CNP fraud benchmarks

Look at your holiday season transaction data from years past to find your typical holiday season chargeback ratio and false decline rate. Bear in mind that some chargeback requests on holiday sales may have come weeks after the start of the New Year. If your business isn’t tracking false declines, you could be losing sales and alienating customers—false declines are more costly for merchants than completed fraud. Your historical holiday season chargeback ratio and false decline rates can show whether your business sees an increase in completed fraud during the holidays, turns away good customers due to overly rigid screening, or finds the right balance.

2. Audit your in-house fraud prevention practices

Ask these questions to identify areas where your business can improve its anti-fraud processes.

Does your business follow the best practices recommended by your payment processor and the major card companies, such as collecting IP addresses as well as address and CVV data? The more data you have for each transaction, the more likely you are to detect fraud and head off chargebacks.

Does your checkout process give fraudsters too much freedom to test stolen card data? If your customers get unlimited chances to try again after entering card data incorrectly, fraudsters will use those chances to match stolen card numbers to expiration dates. To prevent this, limit the number of times customers can enter incorrect payment data before they’re locked out of your checkout system.

Does your fraud prevention program cause false declines? Many indicators of possible fraud are far more common during the holidays because customers often change their typical behavior to buy gifts and have them delivered quickly. For example, ordering from one address and shipping to a new address, ordering multiples of the same item, and rush shipping requests are all more frequent among legitimate orders during the holidays. If your screening program is kicking them all out, your business is losing revenue and customers to the competition.

Is your fraud prevention program tailored properly for each channel? By analyzing attempted and completed fraud rates in your mobile and desktop channels, you’ll be able to tailor your anti-fraud practices for each one—a critical step as mobile shopping booms and mobile fraudsters follow the money.

What’s your shipping protocol? It’s wise to be efficient with order fulfillment, especially during the holidays when there’s an ever-shrinking window for deliveries. But it’s wiser to wait to ship goods until the order has been approved and the payment processed. For expensive orders, you may want to institute a 48-hour hold policy before shipping to avoid losing costly merchandise to fraud. To avoid friendly fraud, ship all orders with tracking and signature requirements. It’s also smart to put processes in place with your customer service department and shipping carriers to raise a flag when there’s a post-purchase rerouting request by the customer (more below).

How’s your fraud data management? Do you keep a negative file with names, addresses, IP addresses, and other data for declined and charged back orders? This data can help you screen out attempted fraud.  Just keep in mind that as more consumer data leaks into the hands of organized criminals, your business will need to keep that negative file up to date and revise it as needed for accuracy.

Fraudsters are always looking for new ways to beat prevention efforts, and these are some of the attack types we’re seeing more of lately. Package rerouting lets thieves use a valid (stolen) shipping address to get through transaction screening. After the transaction is approved, they call customer service or the shipping company to redirect the package to a new address, so they can claim the stolen goods.

Account takeover fraud against online retailers is also on the rise. According to the ThreatMetrix Q4 2017 Cybercrime Report, retail account takeover attacks rose by 17% in the last three months of 2017, an “all-time high.” The report also found an increase in fraudsters going after mobile users’ data at the account creation stage.

Now is the time to study your data to benchmark and improve your store’s transaction-data collection practices, shipping protocols, internal negative file maintenance, and customer service training. It’s also the time to talk with your carriers about how to handle rerouting requests from customers. And by keeping your good customers happy, you can maintain a fraud-fighting advantage through the holiday sales season. That’s because during any sales peak driven by good customer activity—including holiday gift purchases—the spike in fraud attempts tends to be smaller than the increase in good orders, which means the fraud-rate ratio of bad to good orders may decline. By putting the effort into fine-tuning your store’s fraud prevention strategy now, you can experience lower than average fraud rates in the holiday season ahead.


As ClearSale’s Executive Vice President, Rafael combines the company’s innovation-driven culture and emphasis on communication with a deep understanding of the statistical tools that underpin excellent fraud protection.

Rafael represents one of the world’s most experienced and largest firms of its kind, with more than a decade of e-commerce fraud detection and prevention services in major international markets. From his base in Miami, he oversees ClearSale’s U.S. anti-fraud operation by leading its commercial, statistical intelligence and IT teams and providing technical and executive management for all the operation’s employees, both in the U.S. and in Brazil.

Throughout the nearly decade he has been with the company, Rafael has also planned and executed ClearSale’s international business unit, directed ClearSale’s statistical intelligence area, and helped manage the company’s growth from 25 to more than 700 employees, including more than 500 highly trained fraud analysts.

Rafael is multilingual (Portuguese, English, and Italian) and has a distinguished academic background. He earned his master’s degree in economics and finance at FGV-SP (Fundação Getúlio Vargas-São Paulo), one of the world’s leading policy and economic think tanks. Rafael holds a bachelor’s degree with great distinction in statistics from UNICAMP (Universidade Estadual de Campinas), internationally recognized as one of the top universities in Brazil and in the world.

The opinions expressed in this blog are those of Rafael Lourenco and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.