As an eCommerce store, you want to do all you can to reduce fraud. Whether you are a small business or a big corporation, you want to try and reduce fraud at each of the risk exposure points. Fraudsters are intelligent, trying to come up with new ways to get around security and controls.
For small businesses especially, fighting fraud can be a real struggle. It can be difficult to keep up with the necessary time and resources to get fraud detection and prevention controls in place. As a business owner, though, you can do a lot with minimal resources to fight eCommerce fraud.
Use PCI Compliance As a Guide
The best thing you can do as an eCommerce store is to ensure you are PCI compliant. The Payment Card Industry has a Data Security Standard known as PCI DSS. The set of standards is the best practice for online merchants to put in place to help to prevent fraud, as well as breaches of data.
There is a PCI Compliance Guide and making sure that you are compliant in each of the steps is paramount. Once you are compliant, it is important to ensure you maintain compliance to avoid fines. Being a vendor that is PCI compliant can help to deter fraudsters, as they know it will be a much harder road to achieve their goals.
Put Controls Around Your Payment Gateway
Your payment gateway is the one place where you can put in some simple controls that can go a long way. As an eCommerce store, you want to require Address Verification or AVS, as well as Card Code Verification or CVV.
The Address Verification or AVS process will check the billing address the individual enters against the billing address with the credit card company. The Card Code Verification or CVV method also requires a security code, to help to prevent card-not-present fraud.
These are a good starting point but may not go far enough to prevent fraud. Reverse e-mail look-up is another great tool to help fight fraud. With reverse e-mail look-up, you can analyze an e-mail address against public databases, blacklists, SMTP checks and social media profiles to ensure legitimacy before processing a transaction.
Perform Regular Reviews of Activity
You can do a lot by looking at the activity that goes through your eCommerce store. Most of the time, fraudulent activity is something that will quickly stick out to you, if you know what to look for. There can be some things that you can look out for including fake phone numbers, e-mail addresses that do not look real, as well as addresses that are out of place, such as a zip code not lining up with a state.
You may also look at your order or transaction history for things such as large orders, or excessive orders of high-priced SKU’s.
Other things that may look out of place are differences in the billing and shipping address, coinciding with requests for expedited shipping. Being on the lookout through regular reviews can help keep your eCommerce store secure.
Reviewing the Billing Address Against the IP Address
Where is the customer located in terms of their billing address against their IP address? You can use tools to help to match the two of them up. If you have an IP address that is in a different country in comparison to the billing address, it could be a sign of a fraudulent order.
Strong Password Requirements
Hackers use automated programs that will quickly run all password permutations until they get into an account. One of the best ways to combat fraud as an eCommerce store is to require strong passwords for customers. While it may not be convenient to have strong passwords, it can help a lot as it is less likely they’re stolen. This includes having a high minimum number of characters, requiring a combination of symbols, numbers, as well as capital letters. This type of control can make passwords that much harder to crack.
Block Users After Declined Transactions
Fraudsters may try to guess, or using software to do the guessing for them, when it comes to credit card numbers. They are hoping they hit a match so that they can continue on with their transaction. You want to set limits on how many times a transaction can be declined.
When they get multiple declined transactions, there are two steps you need to take to ensure they don’t continue. First you want to keep a log of profiles who have tried multiple declined transactions for future analysis. Next you want to block that profile once the declined transaction count has reached a per-determined threshold.
Locking out the shopping cart and directing the individual to a phone call with customer service is the best course of action. If they are a legitimate customer who was having trouble typing in the information will contact the business to get it resolved.
As an eCommerce store, you always need to be thinking about different ways that fraud can take place. Fraudsters are smart and are always trying to think outside the box to get around controls. Security controls need to not only detect fraud but also work to prevent it in the first place.
As a small business or big corporation, take the time to ensure you are doing your part in fighting eCommerce fraud. Taking it one risk exposure, one control at a time can net positive gains in the long run.
Image Credit: Andrea Piacquadio; Pexels