05 Mar Learn How To Protect Your Ecommerce Store
Tips On How To Protect Your
Ecommerce Store From Payment Fraud
Almost half of small businesses fall victim to payment fraud at some point in their business
cycle. These frauds have cost such businesses an average of $110,000+ per occurrence.
Asides from the regulars such as hacking and phishing, accepting a fraudulent payment could
make you responsible in the eyes of the law for any resulting loss. Engaging in a fraudulent deal
coupled with the charge-back process and the potential harm it could do to the reputation of your
business, is something that you want to avoid.
Fortunately, there is an outline of steps you can take that will massively help minimize risk and
offer protection to you and your customers from digital fraud practices.
Types Of Online Store Fraud
Before we delve right into how you can minimize risk and protect your ecommerce store from
fraud, it’s vital to grasp some tactics used by these digital scammers.
Several types/kinds of online frauds exist in the online space. However, they can be categorized
into the following groups:
Account Takeover: Majority of eCommerce stores provide customers with
accounts that help store personal information, purchase history and financial data. The
perpetrators of this kind of act usually hack into these accounts through phishing
schemes. One of the most commonly used tactics be these hackers is to send emails to
trick customers into giving up their usernames and passwords. They then proceed to log
into the customer’s account, change the password and then carry out unauthorized
purchases. Bots have been rampantly used in recent times to obtain confidential
information from customers.
Identity Theft: Although most businesses take a proactive approach when it
comes to securing customer data, fraudsters still somehow find a way to hack into
databases and then steal confidential information.
Hackers usually sell credit card numbers to scammers, who then open merchant accounts with
eCommerce businesses and use the stolen numbers to complete purchases.
This type of fraud is usually hard to discover because a whole lot of people don’t monitor their
credit card statements thoroughly, and also because the victims usually have no idea that an
online account has been opened in their name.
Your Commerce Store and PCI Compliance
As businesses work to protect themselves and also their customers from digital fraud, the
Payment Card Industry Security Standards Council (PCI SSC)- a forum of global brands such as
Visa- has developed a set of universal best practices to ensure the maximization of security.
PCI Compliance is not optional for any online business. It follows a strict enforcement.
Managing Your Risk
Though the possibility of occurrence of online fraud is high, you don’t have to give in and
consider it as a cost just yet.
By utilizing the correct tools and processes, you can drastically reduce the chances of an attack
(especially when accepting concurrency payments), ensure both your customers and business
are safe, and slice down your chances of losing revenue and getting caught up in large charge
Constantly Monitor Transactions and Reconcile Bank Accounts Daily
The person who really knows your business totally is you. You know your biggest spending
customers as well as their spending patterns. Monitor your accounts as well as transactions for
various red flags such as the physical location of your customers, inconsistent billing, etc. Use
tools that track IP addresses and be on the lookout for IP addresses coming from countries with
high base of fraudsters.
You should also check to see if your customers are using free email addresses such as yahoo, as
there is a higher chance of fraud being committed with these free services rather than paid ones.
Spending Limits Should Be Considered
Based on your revenue trends and order history, you might need to set limits on the amount of
purchases and total dollar value you are willing to accept from an individual account in a single
day. This helps to keep exposure to the barest minimum should fraud occur.
Address Verification Systems (AVS) Should Be Used
These systems help to compare the numeric parts of the billing address stored on the credit card
to the address on file at the credit card company. AVS is usually included in most online payment processors.
Request For The Card Verification Value
It’s most likely that you are familiar with three to four digit security code inscribed at the back
sides of credit cards. What you might not be aware of however is that PCI rules prevent you from
storing the CVV along with credit card number and the owner’s name. That’s what makes the
CVV so unique and effective. Fraudsters can only have access to it if they have the physical
credit card. You should use a payment processing tool that requires the CVV before checkout.
Take Password Requirements More Seriously
Hackers have access to powerful tools that can run all permutations of a password. It doesn’t take
them long to crack simple passwords. Standard practice these days is to request for an eight-
character alphanumeric password that requires at least one special character and one
capitalization. Customers might complain at first, but they'll eventually realize that it's for their
own good at the long run.
You customers should be made aware as to exactly why you require better passwords and you
may even gain loyalty points for being so customer- focused.
Platforms and Software Should Be Constantly Updated
You should ensure that you’re running the latest version of the operating system, as updates are
usually made by providers concerning security patches in order to prevent fraud and shield you
from newly discovered vulnerabilities, as well as the latest viruses.
Furthermore, you need to install and regularly make updates to business- grade anti- malware
and anti – spyware software in order to prevent digital attacks that exploit outdated software.
Free consumer – strength and limited- feature antivirus programs are grossly insufficient.
If you would like to learn more about the tools we use to helps business’s with online fraud.
Contact us to learn more.