10 Strategies to Reduce the Risk of eCommerce Fraud
eCommerce can be a tremendous boon for small businesses, but with it comes the growing risk of eCommerce fraud. Small businesses are at particular risk, as fraudsters know that small merchants often lack the time and resources to implement the most sophisticated and comprehensive fraud detection protocols. But, there are steps you can take right now to help keep your business from becoming an easy target for eCommerce fraud.
1) Achieve and maintain PCI Compliance.
The Payment Card Industry’s Data Security Standard (PCI DSS) is a set of standards and requirements to help ensure that all online merchants and their customers are protected from fraud and data breaches. Achieving and maintaining your compliance via the PCI Compliance Guide is a critical first step to protecting your eCommerce business. In fact, failing to maintain compliance could result in hefty fines — and could ultimately result in loss of services from reputable eCommerce vendors.
2) Keep your shopping cart software updated.
Most small businesses partner with a third-party eCommerce shopping cart vendor to help ensure a great online shopping experience. These eCommerce specialists also work to protect their software from fraudsters, whose evolving tactics require constant software updates. Make the most of your vendor partnership by making sure you consistently update your shopping cart software. In some cases, it may be necessary to purchase additional features or upgrades to ensure maximal fraud protection.
3) Always require Address Verification (AVS) Card Code Verification (CVV) in your payment gateway.
AVS is standard in most eCommerce platforms, and checks the entered billing address with the billing address currently on file with the credit card company. CVV is an additional security feature aimed at reducing card-not-present (CNP) fraud, and goes by several names:
- Visa – CVV2
- MasterCard – CVC 2
- Discover – CID
- American Express – 4 digits above card number – CID
4) Recognize signs of suspicious activity.
- Unusually large orders or high-priced orders
- Expedited shipping on large quantities or high-priced orders
- Expedited shipping when billing and shipping addresses differ
- Orders where the purchaser asks to pick up the order at your location
- Fake phone numbers (e.g. 555-987-6543)
- Suspect email addresses (e.g. 1234XYZ@gmail.com, or addresses that seem like randomly generated combinations of numbers and letters)
- Inconsistent address information (e.g. zip code doesn’t match state or city)
5) Make sure the billing address matches the IP location.
Keep an eye out for IP addresses from overseas that don’t match the billing address. Sites like IP-Lookup.net allow you to manually research an IP address. One common strategy is to simply prevent online transactions from IP addresses, which originate in countries to which you do not ship. Many eCommerce platforms offer security functionality which will automatically recognize suspicious IP addresses or discrepancies.
6) Limit the number of declined transactions.
One easy way to spot fraud attempts are repeated declined transactions, where the fraudster is guessing (or using a malicious software script to generate) credit card numbers and hoping for a match. Beyond preventing fraud, you will likely incur a small fee for each declined transaction, so it is in your best interest to create a limit on attempted transactions. When the limit is hit, the customer should be locked out of your shopping cart and directed to contact customer service by phone for assistance placing an order.
7) Keep a list of confirmed fraudulent attempts.
If a fraudulent order has been linked to an email address, a shipping location, a phone number or any other customer information, make sure you keep that information on file. Any future order attempts relating to the same customer information is a major red flag.
8) Require strong passwords from your customers.
If your eCommerce platform requires or allows customers to create an online customer profile with saved information, make sure you require strong passwords that meet best practices for fraud prevention:
- Minimum number of characters
- Combination of capital letters, numbers and symbols
- Many eCommerce vendors offer their own automatic password strength checkers — take advantage of these
9) Know your customer.
For many small businesses, the vast majority of orders come from a very specific customer demographic and follow a recognizable pattern. Orders from customers that notably do not fit this profile are easy to spot, and worth checking into. For example, if you sell an item for which most customers only require a single unit, an order for two-dozen units is suspicious. If your product is a regional specialty, and an order comes in from a foreign country, you have reason to investigate further.
10) When in doubt, check it out.
All of these warning signs, unto themselves, are not proof of fraud — and shutting down a transaction based on just one warning sign could be disastrous for customer relations. But, when a red flag goes up, it is always worth giving the order a closer look. One strategy for investigating is to find an excuse to call the customer directly using the given phone number, and ask to speak with the cardholder. You might note that your online store has been experiencing recent issues, and request that the customer confirm a few details of the order. Fraudsters using stolen credit cards rarely provide a real phone number.
For more information, visit www.firstdatacanada.ca/ecommerce/ or contact one of our Business Consultants today at 1-866-228-6184.