Online shopping has become second-nature to many modern consumers, and ecommerce businesses are constantly working to provide their customers with safe, secure and enjoyable online shopping experiences. However, with the constant technological advancements in payments and security, cyber criminals are also advancing their techniques and methods of committing online fraud. In an effort to thwart their evil plans, we offer a number of suggestions for action which, if followed, can help ensure that purchases by your customers are genuine and that your customer’s payment details will remain secure.
'Card Not Present' (CNP) fraud is expected to soar over the next few years as fraudsters push for other avenues to steal money. For example, in the three years after chip-and-PIN technology was introduced to the UK in 2005, CNP fraud soared by some 79%! It is anticipated that CNP fraud in the US will double in the next three years, climbing from an estimated $3.1 billion annually in 2015 to some $6.4 billion in 2018!
But you can fight this scourge in a number of ways.
Perhaps one of the best ways is to work with an internet payment service provider (IPSP) that is PCI DSS Level 1 certified. IPSP’s usually also provide sophisticated risk management technology with the latest algorithms for fraud checks that can cross reference IP addresses, names, and previous purchases, among numerous other checks. The PCI DSS certification requires stringent security procedures, meeting robust, comprehensive standards set by the PCI DSS.
Beyond this solution, there are a number of initiatives that you, the merchant, can begin doing in-house, right now to reduce your business’ chances of becoming a victim of online fraud:
1. Collect CVV numbers (card code verification - the three-digit number on the back on card) for all 'card not present' transactions.
2. Use AVS (Address Verification System) to verify the address of a person claiming to own the credit card.
3. Use a 'trust mark' security service that scans your systems daily to search for malware and vulnerabilities. TRUSTe, Verisgn, or McAfee Secure are examples of services that help avoid or catch problems fast, and they increase customer trust.
4. Be suspicious of orders shipped to a different address than the billing address, and check whether the mailing address is a mailbox or forwarding service.
5. Monitor orders from foreign countries and orders on US cards shipped to foreign countries. Is it a 'high risk' country? These can be checked by going to http://www.onlinefraudguide.com/risk-countries-fraud/ or other similar sites.
6. Request more identification, such as a utility or phone bill, if there is a doubt.
7. Watch out for suspicious email accounts. If it reads something like firstname.lastname@example.org, it’s a warning sign.
8. Restrict the number of declined transactions. Scammers try to make fraudulent transactions via a malicious software script where many credit card numbers are tried in succession. Restrict the number of times a user can incorrectly enter credit card numbers. Ban them once they exceed that number of attempted transactions.
Cyber-attacks on small businesses are increasing, mostly because their websites are perceived as easier targets than larger corporations. Working with a trusted IPSP that is PCI DSS compliant and following the guidelines above can help mitigate such problems and ensure that your business will be prosperous and experience minimal fraud.