Fraud happens; it’s inevitable.
The eCommerce market continues to grow rapidly as web payments become increasingly convenient. Fraud chases the money, and the money is online. Online sales in the U.S are expected to increase to a whopping $392.5 billion by 2016 and $491.5 billion by 2018.
Fraud occurs when the customer does not initiate or has no knowledge of the transaction. This can happen when a consumer’s credit card is stolen or their card information falls into the wrong hands. Online fraud is especially high because these transactions are of the card-not-present variety.
Over the last four years in North America, approximately 0.9% of overall online revenue has been fraud. That percentage might seem minuscule, but keep in mind that the total online revenue is growing each year, thus so are dollars lost to fraud.
In 2012, online fraud loss was 3.5 billion, which actually increased from 3.4 billion the year before. The good news is anti-fraud technology is constantly evolving and adapting, but here’s the not so good news: so are fraudsters.
Fraud is devastating for both customers and businesses. For the latter, it results in chargeback fees, revenue loss, and decreased company image. But before you break out the alcohol, cry, and start wondering why you decided it was a good idea to start a business, there are three steps you can take to make your business less vulnerable to fraud.
1. Equip your site with fraud armour
Imagine your online store as a castle and fraudsters the invaders. To prevent an unwanted siege, you need a solid defense. Without any fraud-prevention tools in place, your site is basically a sitting duck for defrauders.
- Display anti-fraud notices and seals. These will deter the less ambitious scammers.
- Layer your security like it’s winter. Install a basic foundation of protection, like a firewall, and then add additional authentication on top, such as social logins (Facebook) or 3D secure programs (Verified by Visa). The more layers you have, the more hackers have to go through.
- Use solid SSL authentication to encrypt and transmit customer data. It’s like a private code that only you and your payment processor know and fraudsters are not privy to.
- Update frequently. After you’ve put all your barriers in place, don’t forget to always install the latest version. Updates can fix potential glitches or cracks that fraudsters could take advantage of.
- Utilize AVS. The Address Verification Service automatically checks the customer’s billing address with the one on file with the issuing bank.
2. Be vigilant about suspicious order activity
There are many reasons why an order could be deemed suspicious. Granted, not every inconsistency will be fraud, sometimes it’s just a simple typing error – customers are humans too. However, here are specific things to pay attention to or set up system alerts for:
- International addresses or corporations; fraud runs rampant overseas.
- Orders with the same name, address, or IP address but multiple credit cards.
- Emails that don’t link back to a real domain.
- Urgent orders because there is a limited amount of time between when a card is stolen to when it is reported stolen.
- IP addresses that don’t correspond with the country of the billing address on file.
- Larger than normal orders (both quantity and cost).
- Phone numbers with area codes that differ from the address.
3. Implement secure policies from beginning to delivery
There are additional security measures that you can integrate into your business policies to ensure a secure checkout and overall experience for your customers.
- Request strong passwords. When customers create strong passwords for accounts, it ensures their security when shopping on your site. The more complex the password is, the harder it is for scammers to hack.
- Be PCI-compliant. The Payment Card Industry has set restrictions that facilitate safe card processing. Perform regular PCI scans to ensure that your site is adhering to the rules; otherwise, you will be slapped with a hefty fee. Good payment processors can help make sure your practices are PCI-compliant.
- Restrict the number of declined transactions that a customer can try. The higher number of times it declines, the higher chance it is fraud.
- Require that customers provide the credit card security code and expiry date when checking out. If fraudsters somehow obtained the credit card number, this requirement will add another level of protection.
- Ship packages with tracking numbers and ask for signature confirmation upon delivery to ensure shipments are received and reduce chargeback fraud (customers saying they did not receive the package when they did). 86% of chargebacks are fraudulent (CBC News).
- Ship only once the address has been verified and the payment received.
From my experience as a frequent online shopper, the policies above are common practice. I’ve had to sign for every package I’ve received, which sometimes is a hassle if I’m not home and have to pick it up at the post office, but it does prevent strangers from snagging my parcel, which in turn, prevents chargebacks to merchants. I also create accounts on sites I shop at regularly to save the items I want to purchase; the added security is just the cherry on top.
Sadly, you can’t stop scammers from committing fraud with the sheer will of your mind, but you can definitely take preventive measures to reduce fraudulent activity.
Fraud prevention is not a one-time deal; it’s an on-going process. In some cases, what you suspect to be fraud will not actually turn out to be fraud; however, it does no harm to check.