Act now to prevent a spike in fraud. 

It’s the most wonderful time of the year — time for holiday parties and end-of-year gatherings with family and friends. Unfortunately, it’s also the time when arts and culture organizations can expect unwanted interest from fraud actors looking to take advantage of this busy season. 

The risk of payment fraud increases every year. Arts and culture teams across the sector typically see the highest number of chargebacks in November thanks to holiday event purchases. This is true regardless of organization type: Museums and attractions, performing arts centers and classical music venues all experienced peak fraudulent activity this time last year. We anticipate another peak again before the end of 2024. Now is the time for extra vigilance. 

Tessitura Merchant Services processes hundreds of thousands of transactions every week. The fraud analysts on Tessitura’s security team keep a watchful eye on our community and the overall landscape, with a bird’s eye view to the changing behavior of fraud actors.

Here are trends we see so you can better prepare: 

• Ticketing fraud is almost always driven by product. Fraud actors try to use stolen credit cards to buy the tickets they can most easily resell. They target events and experiences in high demand. If your organization is heading into its busiest sales period, now is a good time to check that your fraud controls are set at the right level. You can always relax your controls in the new year.
  
  
• Fraud actors aren’t constraining themselves to e-commerce transactions. As organizations get better at blocking fraudulent transactions online, fraud actors are calling box offices to buy tickets using stolen card numbers. After successfully transacting with one organization, they may even call another organization 30 minutes later to buy more tickets using the same stolen card.
  
  
• The Address Verification Service (AVS) is less and less effective. Fraud actors pay a premium to buy stolen card details that include the cardholder’s full name, street address and ZIP code. AVS is still a useful tool to reduce your organization’s fraud risk. But it works best in combination with other controls such as 3D Secure, which can reduce the chance of AVS accidentally blocking a legitimate customer using the wrong address.  

If your organization has a low tolerance for chargebacks and payment fraud — and is about to enter its busiest time — here are three steps you can take to reduce your risk:

1. Implement 3D Secure

You might know it as Visa Secure (formerly Verified by Visa), American Express SafeKey or Mastercard Identity Check. 3D Secure is like smart multifactor authentication for cardholders. Transactions that go down the 3D Secure path shift the fraud liability from your organization back to the card issuer.

Over the last year, we’ve seen support for 3D Secure increase to over 70% of cards used by ticket buyers in the United States and over 80% of cards used by ticket buyers in Canada.   

Members who use Tessitura Merchant Services already have 3D Secure enabled, but it affects less than 2% of e-commerce transactions by default. Open a support ticket with Tessitura’s fraud team to learn how to shift fraud liability for more than 70% of e-commerce transactions. 

If you use another payment processor, contact your provider to ask about enabling 3D Secure. 

2. Choose the right risk profile

Members who use Tessitura Merchant Services typically choose from two different risk profiles: one for members at low risk of fraud and one for members at higher risk (or with a low tolerance for chargebacks). 

If your organization is using a risk profile designed for members at low fraud risk, consider whether that’s still the right fit. Member organizations can change between these standard risk profiles by opening a support ticket. Custom risk profiles and other advanced options also are available for additional fees. 

Members who use other payment processors can also set up rules to mitigate the risk of fraud. Different payment processors have different fraud prevention capabilities. Contact your provider to learn what risk rules they offer.

3. Create a daily process to review purchases and identify suspicious transactions

Humans are better than machines at spotting some fraud patterns. Reviewing newly created constituents for obviously fake email addresses and checking for constituents who have made identical same-day transactions can both pay dividends.  

Regular checks for suspicious transactions are especially important in the context of fraud actors who brazenly call box offices because many risk rules only affect e-commerce transactions.  

There is no one-size-fits-all model for addressing fraud and chargebacks. A combination of technology solutions and business processes can counteract these bad actors.  

Tessitura is here to help. Review this list for additional recommendations. For more information or for any questions on our fraud prevention and detection recommendations, please open a support ticket.