How to Protect Your Business from eCommerce Credit Card Fraud
Ecommerce is growing at an alarming rate. While there is nothing new to the concept of names like Amazon.com and Jet.com wiping out retail locations around the world and killing ‘mom and pop’ businesses, it should be noted that it’s not all bad for businesses owners. Instead of succumbing to the big name giants that dominated the world of ecommerce today, it’s actually become quite the level playing field and opportunity for anyone looking to create an online business of their own — especially with ecommerce and through the power of dropshipping.
However, there are many things an entrepreneur or marketer might need to consider when starting up their first online store. It’s not just about choosing the right products and knowing how to target to your audience, it’s also about using the right platform and always being sure your customer data is safe. Just as important, is making sure you know how to handle online payments and make sure credit card fraud isn’t a disaster lurking around the corner.
Just like most of us are already aware of how affiliate networks can get wiped out if one big advertiser doesn’t make a payment or goes belly up on payments owed, the same can be said of a credit disaster for an online store. It’s sad to say, but one good run of chargebacks against your ecommerce store could put you out of business. This is why preventing e-commerce credit card fraud is of paramount importance.
Adhering to the policies below will help you protect your business.
1. Maintain PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is designed to ensure the safest possible environment for credit card data. The standard includes precautions such as changing factory default passwords on all network equipment and establishing a firewall between your Internet connection and any system that stores credit card numbers.
2. Implement Transaction Velocity Limits
Yes, this means you’ll be limiting your customers to a set dollar amount in purchases each day. (What merchant in their right mind would want to do that—right?) On the other hand, you’ll also minimize the potential take, should a fraudulent transaction make it past your safeguards. (What merchant in their right mind wouldn’t want to do that—right?)
3. Require Two-Factor Authentication
In most cases, when a thief gets a customer’s credit card information, they do not have the Card Verification Value (CVV) data. This three- or four-digit number, printed on the back of credit cards, is a secondary authentication method to prove a customer has the card in their possession. The PCI DSS prohibits storing this information alongside the credit card number and cardholder’s name. In fact, best practices recommend not storing it at all, but rather asking the customer to provide it with each transaction.
4. Monitor Transactions and Reconcile Them Every Day
The fastest way to spot fraud is to know what a typical day’s transactions look like. Reconciling your accounts on a daily basis trains you to spot anomalies. The sooner you notice something is amiss and take steps to do something about it, the better chance you have of apprehending the culprit. You’re looking for red flags such as mismatched billing and shipping information. Pay attention to the physical location of customers to ensure it matches the information provided too. Some online store hosting can help you in this regard by tracking orders automatically.
5. Use Tracking Numbers on All Shipments
You will occasionally run into less than scrupulous customers who will try to claim a chargeback on the grounds their products were never delivered. Tracking all packages and requiring signature confirmation on orders above a certain dollar amount will thwart these perpetrators.
6. Keep Software and Platforms up to Date
Make it a point to install software updates as soon as they become available. In most cases, they’re issued in response to an incident, or the discovery of a potential threat. Similarly, always keep your anti-malware and anti-spyware up to date. Given the nature of what you’re up against, only business-grade products will do for these tasks. The consumer stuff isn’t robust enough to adequately protect financial data.
7. Force Customers to Use Strong Passwords
Set requirements including numbers, letters (both lower- and upper-case), and special symbols for repeat customers who want to establish accounts. Do not permit the inclusion of any of their generally available information as part of the password.
8. Instill Employee Security Consciousnesses
Employee passwords should be just as strict (if not more so) as customers’ login information. Train them to spot potential fraud and empower them to stop a transaction if something feels amiss. Do everything possible to help them understand how fraud can cost them their livelihoods and how important their vigilance is for the health of the business.
9. Maintain a Gallery of Rogue Attacks
Keep a file of all attempted (and successful) breaches. Use these incidents as teachable moments, so your people can avoid falling victim to the same scam twice.
Preventing e-commerce credit card fraud is essential to protecting your business. There will always be people out there willing to work harder to steal than they would at a regular job. These tips will help you force them to move on to easier pickings.
It’s Not Just About Protecting Your Customers… It’s Also Your Business
As you can see, there are plenty of ways to put precautions in place to make sure your customers and eCommerce transactions are safe, but at the end of the day, you also need to remember this is your business and its reputation is on the line. The last thing you want is to lose the trust of your customers, and let word start to spread online about possible attacks or customer loss of data. These can be some of the most detrimental issues when trying to grow an eCommerce site on the internet today.
One of the best ways to get around many of these issues is to simply go with a trusted eCommerce platform that already has a payment platform, third-party security and customer management already in place.
Wait... before you leave, consider these top resources: