Shopify Steps Up Fraud-Prevention For Its Merchants

Shopify now offers its merchants an app to help curb card-not-present fraud. We go over how this application works, and why it's important now more than ever.

Shopify, one of the largest e-commerce platforms and online credit card processors, announced that it has added Lumen app by XOR ID theft for their merchants. The app seeks to curb online fraud, by helping online merchants identify whether their customers' credentials might have been stolen. For merchants on the platform, the introduction of this extra security measure adds a layer of protection against potential chargebacks, which can significantly increase the cost of credit card processing and in extreme cases lead to a losing the right to accept card payments altogether. The app is available now for free for Shopify's 400,000 online merchants.

Through XOR, Lumen is able to access information on data breaches that exposed consumer credentials. Whenever a customer goes to make a purchase online, Lumen provides the business owner with the risk that their customer's login credentials were stolen or otherwise compromised. If a customer has a high-enough risk level, it's possible someone else is using their credit card details for that transaction. Lumen allows merchants to stop the purchase, and obtain additional verification from high-risk customers. Factors that determine a customer's risk level include:

  • Number of data breaches associated with customer email address
  • Account takeover risk level associated with customer (high/moderate/low)
  • Days passed since most recent exposure
  • Format of exposed passwords (plaintext/hashed)

Once a consumer realizes they weren't the ones to authorize a purchase, they will let their bank know and that transaction will be reversed — this leads to a so-called chargeback. If a business collects enough chargebacks, Visa may suspend their ability to accept card payments. That's why any new technology or software that serves to prevent fraud, such as Lumen, is generally a good thing.

According to Mike Cook, founder and CEO of XOR, "studies show that 75 percent of consumers are using the same or similar username and password combinations across multiple websites,” a fact that is contributing to greater fraud levels. "If one company has a data breach and those credentials are compromised, fraudsters can easily gain access to bank accounts or digital storefronts where credit card or payment information has been saved."

According to data by the Identity Theft Resource Center (ITRC), the frequency of data breaches that exposed credit card/debit card numbers peaked in 2009 and dropped to a low in 2012. Since that time it has more than doubled. Cook told ValuePenguin that "use and sophistication of malware and improvements in phishing techniques by fraudsters has created a burgeoning marketplace for stolen credit card accounts and online credentials."

A graph showing the trend of credit card fraud in the US.

The introduction of EMV chips on credit cards in late 2015 helped curb fraud offline, and has put pressure on fraudsters to increase their CNP fraud efforts. EMV chips make it harder for thieves to create counterfeit copies of cards, since the chips are much more sophisticated than the old magstripes. In the United States, as in other countries.

Robert Harrow

Robert is the head of the Credit Card vertical at ValuePenguin and has been covering the card industry since 2014. His work has been featured in Reuters, Marketwatch, the New York Times and more.

Comments and Questions