Fraud and online shopping — how to keep your ecommerce site safe and protect your profits.
When someone changes their identity by wearing a frightening costume on Halloween, everyone laughs. However, the joke is on you as a business owner if you become the victim of online deception. Fortunately, there are things you can do to protect your site from fraud, thereby safeguarding your brand, and padding your wallet.
What is ecommerce fraud?
The internet has made it possible for even the most micro of businesses to expand their reach to encompass the globe. However, along with that exponential increase in flexibility and potential customers comes a greater likelihood that retailers both large and small can become the next victim of an ecommerce fraudster. In a nutshell, ecommerce fraud can be defined as criminal deception that is conducted during an online payment transaction to enrich the perpetrator. Because of the digital nature of ecommerce, this criminal behavior can occur easily, anonymously, and with a very low risk of being caught.
There are several different types of ecommerce fraud.
- Card-not-present fraud. This involves using a stolen credit or debit card or card information to pay for goods and services.
- Affiliate fraud. The cybercriminal utilizes bogus payment activity to generate or increase the number of affiliate commissions.
- Chargeback fraud. In this scam, a customer purchases products with a credit card, receives them, and then requests a refund from their credit card company. That institution then contacts the bank that issued the credit card, which then requires that the merchant refund the purchase amount.
- Phishing. In this crime, thieves hack into the accounts where merchants have stored customers’ personal, purchase, and financial data. In another form of phishing, emails looking like they came from a legitimate merchant are sent directly to customers, requesting that they reveal personal data and passwords. This information is then used to make unauthorized purchases.
- Interception fraud. An online customer pays for products using a stolen credit card and has their purchases sent to the address on file. The criminal then changes the ship-to address with customer service.
- Triangulation fraud. First, the criminal sets up a fake retail website whose ultimate purpose is to gather names and contact details. A shopper visits that site and buys products. Using the customer’s stolen data, the criminal then makes a purchase at a legitimate online store, buys what the customer thought they had purchased from the first site, and has it shipped to them. At a later date, they use the customer’s account details to make additional purchases. This type of fraud typically takes longer to discover.
No matter what type of ecommerce payment processing you choose, you will eventually experience the unpleasant reality of fraud. However, there are steps you can take to minimize the frequency and severity.
What you can do to shield your business from online criminals.
When it comes to cybercrime, one thing you should never forget is the importance of maintaining constant vigilance. Let your guard down or become lackadaisical, and you may well feel the sting of digital deception. Try to incorporate the following cybersecurity tips into your business operations.
- Practice excellent cyber hygiene. If the safety measures surrounding your website are shoddy, fraudsters will pounce. For optimal security, be sure your software and SSL certificates are updated regularly. Follow the Payment Card Industry Data Security Standard (PCI DSS). Be sure your passwords for all accounts and databases are strong. Scan your site regularly for malware. Encrypt all communications with customers and suppliers. Regularly remove inactive users and plugins.
- Ensure PCI compliance. As mentioned above, these standards are designed to protect the cardholder data you manage, store, and transmit. If you use a software as a service (SaaS) platform for your secure payment processing, the vendor should take steps to always remain in compliance.
- Constantly be on the lookout for fraud. Signals that can be red flags for fraud include inconsistent billing or shipping details, unusually large orders, or the physical location of your customers in countries known for elevated instances of fraud.
- Ask your payment processing company to connect you with an Address Verification Service (AVS). This program checks the billing address that the customer has submitted, comparing it against the one that is on file with the issuing bank. If the two don’t match, the payment is either declined or the transaction is flagged for additional investigation.
- Require that your customers provide Card Verification Value (CVV) numbers for all purchases. Taking this step helps to ensure that the customer has the physical card in their possession when attempting to make a purchase.
- Use Hypertext Transfer Protocol Secure (HTTPS). This more secure version of the HTTP protocol encrypts all data sent from the customer’s web browser to your online store. Hackers are unable to view or steal buyers’ sensitive information once you purchase an SSL certificate and use HTTPS.
- Be a minimalist. Only collect the customer data you need and nothing more.
- Use anti-fraud software to bolster your security. You can choose different options according to your level of technical expertise, the size of your company, and your budget. Types include basic tools attached to your ecommerce shopping cart software to sniff out fraud, verify email, and physical addresses and do device fingerprinting; intermediate tools that fight chargebacks, automatically decline high-risk purchases, and provide account takeover protection; and systems for larger merchants that also provide case management, manual review of suspicious transactions, loyalty fraud management, and policy abuse protection.
- Always be sure that the credit card and IP addresses match. The customer’s IP address can be detected for any order made. This string of digits separated by periods identifies the computer that is using the internet to conduct the purchase. The IP address can give you a good idea of the country or region of the world where the transaction was initiated. If it is different from the address on the credit card, this is a fraud red flag.
- Avoid shipping your merchandise to post office boxes or freight forwarders. Fraudsters prefer these anonymous locations because it is more difficult for law enforcement to detect them.
Whenever you sell products and services to the public, you run the inevitable risk of experiencing fraud. Unfortunately, your specialty as an online vendor makes this possibility even more likely. Shielding your customers and your brand from digital criminals will help to ensure that you don’t experience anyone misrepresenting themselves until next October when a trick-or-treater knocks on your door.