Payment fraud remains a threatening issue for eCommerce merchants even today. Although cybersecurity attacks affect the entire economy, the eCommerce sector feels the impact more directly, mostly in terms of rising costs in the form of lost merchandise, fraud prevention measures, and high chargeback fees.
Despite having a host of benefits, online businesses come with a number of risks. It arises out of the fact that eCommerce merchants are generally unable to identify the person at the other end of the transaction.
While things like these are not in your hands, there are some factors that are definitely under your control. Here are some best practices for eCommerce merchants to avoid online fraud.
1. Use Credit Card Security Codes
In every transaction, your customers must be required to show their security codes oriented on their credit cards. It makes your shoppers feel that they have complete control and possession of their payment cards, and their privacy is taken care of.
2. Educate Your Staff
Merchants must take security issues extremely seriously and must work on developing good staff awareness. Create internal education programs to help your employees identify and deal with situations when things seem abnormal, such as in consumer behavioral patterns.
3. Avoid Merchant Errors
A study shows that around 20%-40% of chargebacks happen because of merchant errors that could have been easily avoided. For example, things like confusing return policies and unclear billing descriptors may be frustrating for customers, and hence such cases are subject to a higher number of chargeback cases.
4. Beware of Phishing
Phishing is a popular activity in cybercrime, in which a malicious individual or entity attempting to steal sensitive data contacts a target or targets through call, email, or text message. Such sensitive data include credit card and banking details, personally identifiable information, IDs, and passwords. Some common examples of phishing are phishing emails, fake websites, malware, link manipulation, CEO fraud, spear phishing, session hijacking, content injection, and others.
One way phishing activities may affect your eCommerce portal is when someone contacts you and pretends to be a representative of a credit card institution. Never provide any of your sensitive data, even if they say they need to confirm certain information. Another way to protect your online store is to have clear guidelines for sharing and storing your consumers’ personal information.
Another tip is never to accept a credit card without a valid postal code. Establish a system that automatically denies payments when postal codes don’t match the credit card transaction. You may also try monitoring your customers and their behavior and flag those whose purchases seem odd.
5. Check Whether Shipping and Billing Addresses (and IP and Email Addresses) are Same
Use efficient address verification services to match shipping and billing addresses of a particular order, and ensure the two are not entirely different. There may be good reasons for this, like sending a gift to a family member or a friend. But merchants must make sure nothing’s wrong, and whenever possible, they must contact the buyer to check everything’s fine.
Similarly, also make sure that the consumer’s IP and email addresses are not located in separate states or countries. They should be in the same location.
6. Make a Proper Fraud Prevention Plan
The more your business grows, the higher would be the chances of fraud attacks. So, eCommerce merchants must make a solid plan to scale and monitor their fraud data. Experts believe that merchants selling high-niche products should use their administrative costs, chargeback rate, and the price of lost items as benchmarks to determine when and how to take action.
You can also hire a professional fraud protection solution provider who can help you protect yourself against all fraud liabilities. These solutions generally use machine learning technologies along with human intelligence to identify specific patterns of fraudulent activity by analyzing millions of transactions.
7. Maintain Detailed Records of All Orders
It is possible for merchants to fight and win chargeback claims. However, one should keep all documents and other necessary evidence handy as proof, such as correct receipt and order shipment. Also, make your consumers sign for packages at the time of delivery, especially for high-value items, and document every touchpoint you would have with your buyers. This information will be helpful while fighting a chargeback.
8. Comply with PCI Standards
Being PCI (Payment Card Industry) compliant means following the rules set by the PCI Security Standards Council to safeguard eCommerce customers’ sensitive data. Every online business owner must comply with these PCI security standards to ensure that their buyers are protected.
To become PCI compliant, you must follow these steps –
- Determine your PCI level by measuring the total transactions you process each year. For example, if you process more than 6 million transactions every year, you are at level 1. If you process anywhere between 1-6 million transactions per year, you are designated at level 2. If you process between 20,000 – 1 million per year, you are at level 3. And if your transactions are less than 20,000, you would be at level 4.
- Keep in mind the penalties you might be charged if you fail to comply with these PCI security standards. Penalties may take various forms like fines, sanctions from banks, increased fees, lawsuits, and eviction from the payment processing system.
- Try completing different sets of self-assessment questionnaires, which you can get on the PCI Security Standards Council website. These are simple “Yes”/”No” questions, which makes you determine whether your online store is aligned with the PCI standards. Ensure you are not lagging in terms of vulnerable authentication credentials, outdated security protocols, or incomplete SSL certificate verification.
- Develop a secure network to protect cardholder data, such as by hiring a specialized IT team. PCI compliance basically means using secured systems and technologies to prevent unauthorized access from malicious actors. After your IT contractor has installed your firewall, you must implement a powerful password program along with your employees. Make sure to change the passwords provided by the contractor and change them from time to time. Further, keep your firewall up-to-date and fully functional at all times.
- Fill out a formal AOC (Attestation of Compliance), which is a form for merchants to confirm that their PCI DSS assessment results are successful, as documented in compliance reports or self-assessment questionnaires. In short, keep all paperwork handy to show anyone who asks for a confirmation that you are PCI compliant.
Courtesy of Fiserv
We hope the above tips help you prevent your eCommerce store and keep all online fraud attempts at bay.