Part 2: Online Transactions
Credit card scammers and online fraudsters get more clever every year. Any business can be susceptible to fraud, but haunted attractions are being increasingly targeted by scammers, making them vulnerable to fraud and transaction disputes which can create huge (and expensive) headaches for haunt owners.
Ticketing fraud can happen online or in person, and each comes with its own sinister threats to your business. This is the second installment in our three-part series all about reducing fraud at your haunted attraction. We previously covered how to prevent ticketing fraud in person (click here to read that blog post).
Today, let’s talk about preventing fraud online.
1. Secure your website
This is one of the simplest things you can do to protect your business against scammers.
Whenever you visit a website, it’s a good idea to look for that little lock icon next to the URL and an “https” instead of “http” in the web address. That indicates the site has an SSL (secure sockets layer) certificate which encrypts the data passing between your site and visitors. And you want to make sure that your site has one, too.
Not securing your site with an SSL is like leaving your front door wide open. Your data is unprotected. It not only leaves you vulnerable to payments fraud, but your site could crash or hackers could steal your data.
Many hosting providers and website builders will include an SSL or at least the option to add one onto your monthly plan. You can also install one yourself through a free program like Let’s Encrypt.
More ways to secure your website
An SSL isn’t the only way to keep your website secure.
- Keep your site up to date. Plugins, apps, and widgets require regular maintenance. If you’re using WordPress or a similar platform, be sure to check for available updates regularly and take care of them in a timely manner. While you’re at it, run regular backups of your site so you have a safety net if you need to relaunch your site for any reason.
- Use strong passwords. You probably hear this all the time, but it’s important enough to repeat. A password breach is one of the most common ways hackers gain access to your data, so make sure your passcodes are uncrackable. A password keeper can be useful if you have a lot of different logins to keep track of (who doesn’t, these days?).
2. Set a ticket limit
Most fraudsters aren’t looking to purchase just two or three tickets. They want to buy hundreds. Why? A small transaction just isn’t worth the risk.
Make your haunt unattractive to them by limiting the number of tickets that can be purchased in a single transaction. A ticket limit will prevent resellers and scammers from purchasing large numbers of tickets (sometimes with stolen card information) and reselling them at a markup.
You can always make an exception for larger groups who contact you about a large ticket purchase (you can even send them a link to a private time slot just for their group).
We suggest a limit of 20 tickets before the customer must call in to complete their purchase. Chances are you’ll want to talk directly to a group bigger than that anyways! Setting this limit low will help limit fraud attempts AND make sure your exposure to any automated fraud attempt is minimal (a maximum of a few hundred dollars instead of a few thousand if they were ordering hundreds of tickets).
3. Set a transaction limit
Maybe a scammer is smart enough to know that buying 50 or 100 tickets to your haunt in one transaction will look suspicious. So they try to be sneaky. They buy 10 tickets, then 10 more, then 10 more, and on and on until they’ve hit the credit limit of the stolen card they’re scamming.
Don’t let them get away with that! Set a transaction limit that blocks a user after a certain number of purchases.
By limiting the number of total transactions, not just the number of tickets, you can make sure someone isn’t trying to quickly run the same stolen card number many times in a row or use multiple stolen card numbers.
We suggest a limit of 5 separate purchases from any single user to be safe.
HauntPay makes it scary simple to set ticket and transaction limits. Schedule a demo to see how it works!
4. Collect Zip code and CVV information
Typically, this is something your payment processor or ticketing provider should do for you. But you definitely want to make sure that you’re working with a partner who collects zip code and CVV and verifies that they are correct. If they don’t match, the transaction should be rejected.
A CVV (Card Verification Value) code is the three- or four-digit code on the back of a credit/debit card.
Collecting this information adds an extra layer of security to your transactions. It helps ensure that the person completing the purchase (1) has possession of the physical card and (2) knows the location/address of the cardholder. This not only helps to prevent fraudulent transactions before they happen, but it also protects you in case a charge is disputed – you can provide that information to the credit card company to verify that the transaction was valid.
(p.s. Did you know HauntPay automatically fights disputes and chargebacks for you! Schedule a demo to learn more about how we fight ticketing fraud so you don’t have to.)
5. Enforce a secure code online
For extra fraud protection, you can use a tool like VISA’s 3D Secure that requires customers to complete an additional verification step with the card issuer when checking out.
Typically, you direct the customer to an authentication page on their bank’s website, and they enter a password associated with the card or a code sent to their phone. It’s an extra step for the user, but adds an extra layer of security to the transaction.
If you’re in a high-risk area or have had trouble with fraud in the past, this might be something to consider because it shifts the liability from the merchant (you) to the cardholder. That means you’re not at risk of losing money if that transaction is later disputed.
6. Use HauntPay
We do everything we can to keep fraudsters away from your haunted attraction. Online, we use a combination of state-of-the-art Artificial Intelligence (AI) and Machine Learning systems to rank the risk level of every transaction in real-time, in combination with human review to catch fraudulent transactions and stop them in their tracks. And we make it simple for you to set ticket & transaction limits that make sense for your haunt.
In person, there’s no better system for lightning-fast scanning to secure access to your haunt. You can control employee access and accept secure payment methods like chipped cards and tap-to-pay. Plus, we automatically fight any disputed transactions for you. So you don’t have to worry about gathering all the paperwork and records on your own.
Did we mention we do all this at ZERO cost to your haunt?
Learn more about how HauntPay can work for your haunted attraction by scheduling a demo today!