For software platforms, offering payment processing for your subscribers increases your revenue potential, but it can leave you open to payments risk, too.
There are three unique types of risk that software platforms are exposed to when implementing embedded payments: onboarding new merchants, monitoring merchant activity, and deploying fraud mitigation techniques.
There are a range of risk management techniques and tools software companies should implement on their platforms to address these risks and protect their business. Below you’ll find advice on these three topics so you’re prepared as you dive into the world of Embedded Payments.
Establish effective onboarding processes
How you onboard your customers to process payments is one of the most important ways to mitigate risk. When your customers are new to processing payments with you, they’re generally considered to be more risky since they don’t have any history of payments processing data on your platform. This makes it especially important to proactively identify riskier customers as early as possible.
Every effective onboarding process should:
- Analyze risk: Establish a stringent checklist for your customers to complete during the onboarding phase before granting them access to your platform. As part of onboarding, you will need to gather details about their products and services, refund policies, expected payment volume, and their history of using platforms similar to yours. When you’re assessing larger subscribers, have them complete a more comprehensive evaluation, including a review of their finances and credit checks on the company’s owners and directors.
- Check for duplicate accounts: Merchants with fraudulent intentions may try to set up an account with a different business name but the same financial information, such as bank and tax filing details. Conduct a search during your onboarding process to ensure a fraudulent merchant isn’t trying to set up multiple accounts on your platform.
- Implement temporary controls: Temporarily limiting transaction volume will help you closely monitor new customers as you get more familiar with their activity. Consider limiting transaction volume over set periods (e.g., one day or one month), and if they exceed the limit, pause payouts until the customer can review and verify their transactions.
- Keep cash reserves: It’s prudent for companies to have cash reserves to protect against various risks. In this case, cash reserves serve as a risk management tool that you keep as collateral to counter the risk of fraudulent or non-compliant customers.
Monitor merchant behavior to proactively identify risks
There are several factors that should be monitored regularly to determine if you have a merchant committing fraud on your platform. These include:
- monitoring for increased dispute activity and customer complaints
- looking for quick reductions in payment volume
- negative balances
You can effectively monitor merchant behavior by setting up alerts that will notify you of suspicious activity by your merchants. It’s also important not to rely on the alerts as your only risk management tool. Periodic reviews of your merchant activity, including refund and dispute rates, payment volume trends, and complaints, must be completed regularly.
Keep in might that not every sharp change in payment volume and dispute activity will turn out to be fraud. Unexpected events, such as a natural disasters can dramatically change the business environment in which your customers operate. When these events occur, create and share helpful resources to guide your customers on how to prepare and maintain business continuity.
Implement fraud mitigation techniques
When your merchants are onboarded and processing payments on your platform, you still need to implement risk management tools that monitor payment risk. This will help you identify merchants that may jeopardize the security and stability of your platform. Risk management tools, like 3D Secure will help you mitigate your software payments risk by authenticating card not present payments.
In cases where you suspect a subscriber is behaving fraudulently, you can:
- Delay payouts until their payment volumes and chargeback rates are familiar to your platform. You can also lengthen the payout period for riskier merchants. And for goods and services that take time to deliver, you can halt payouts until the order is delivered to reduce instances of chargebacks and refund requests.
- Monitor decline rates to prevent card testing attacks. When a cybercriminal tests a credit card number, and it declines, the error code will be 402. These attacks can also be prevented by implementing security measures such as CAPTCHA or two-factor authentication.
Protect your payments with Payrix
The revenue potential and wide-ranging business benefits of implementing an embedded payment solution can be a game-changer for your software platform. But with digitized payment processes comes increased fraud risk. Implementing strong systems and processes to proactively protect your platform will ensure your company can reap the benefits of Embedded Payments while reducing fraud risk.
Check out our podcast for more discussions on risk and security.