eCommerce fraud is more prevalent than ever as online sales continue to set historic numbers. And, dealing with fraud is costly to merchants — it has the potential to cost you more than 7.5% of your current revenue!
Unfortunately, dealing with evolving fraud tactics is frustrating and time-consuming. And, protecting yourself against potential risks can backfire. Sometimes merchants end up declining real orders and lose customers as a result.
Nonetheless, any online seller needs the right processes and technology in place to safeguard their data. Otherwise, fraud can quickly drain your profits and ruin your brand reputation.
Follow these 7 easy steps to protect your online store today, keeping your bottom line healthy and your customers happy.
How eCommerce Fraud Happens
Here’s common tactics by online attackers and scammers:
- Hijack customer’s account and make unauthorized purchases
- Use stolen credit card information to make fraudulent purchases
- Abuse return policies
- Make fraudulent chargeback claims like never receiving an item
- Some chargebacks are friendly and unintentional
Once a fraudulent purchase happens, the buyer can open a dispute or request a chargeback on their credit or debit card. As the eCommerce seller, you’re on the hook to pay back the customer and their bank can impose a chargeback fee on you, which can range from $20 to $100 per chargeback. This doesn’t even include the lost money on the transaction fee, loss of inventory, time spent preparing the order, and more.
Check out this helpful post from Chargeback Gurus of an in-depth look at what a chargeback actually costs you.
You can see that the best prevention of fraud and chargebacks is to stop them from happening at all.
7 Easy Steps to Reduce eCommerce Fraud
Attackers are constantly evolving their methods, so it’s important for merchants to stay on top of best practices to prevent all of it.
1. Choose the Best eCommerce Software (and Keep It Up to Date)
Look for features like these to know if a shopping cart has basic security covered:
- SSL Certificate: All pages, content, credit card, and transaction information is protected by the same level of security as banks.
- Payment Gateway Integration: Popular payment gateways will also have built-in fraud protection.
- PCI Compliance: Level-1 PCI compliant is the highest level
- Automatic Security Updates: Gaps in security can also occur when you’re operating on out-of-date software, automatic updates ensure you always have their latest security patches.
If you’re using open source software like Magento or WooCommerce, be aware that you (or your tech partner) are totally responsible for many of the areas mentioned above. So, you’ll need to keep vigilant watch that your bases are always covered.
Overall though, these built-in tools cover on the basics, there’s still more to do to protect your online store and customers.
2. Stay PCI Compliant
It’s mandatory for anyone selling online to be PCI compliant. This means that you meet the comprehensive standards for processing, storing, and transmitting credit card information in a secure environment. It includes any cardholder data that is personally identifiable like your card’s account number, expiration date, name, address, social security number, and more.
If you aren’t PCI Compliant, you can face monthly fines from $5,000 to $100,000 and are putting your customer data at serious risk.
As mentioned above, your eCommerce provider might already take care of PCI compliance for you. This is a huge relief as there are many steps to achieving it. If you use open source software like Magento though, then you (or your tech partner) are totally responsible for it.
Still on Magento 1? Users on Magento 1 are no longer considered PCI compliant. See what your options are now to keep your store secure.
3. Use Credit Card Verification
As mentioned above, common eCommerce fraud is when a hacker uses stolen credit card information, which then can lead to a chargeback by the cardholder. The best way to protect against this is putting measures in place to verify credit card information before an order can be processed.
Address Verification System (AVS)
This ensures that the billing address used for the credit card matches the address on file at the credit card company. Hackers don’t always have matching addresses.
Card Verification Value (CVV)
PCI Compliance rules prevent anyone from storing the CVV security code on credit cards along with its credit card number or owner’s name. This means that an non-matching CVV number with a credit card number is a great indicator of fraud. The hacker won’t have the CVV number unless he/she has the physical card in front of them. While this can still happen, it’s way less likely than an attacker working off card numbers he skimmed online.
Most payment processing solutions should have features to require both AVS and CVV verification. Be sure to check yours today to see if it’s supported and turned on for your store.
4. Ask Customers to Use Strong Passwords
All users, including your customers, are accustomed to using strong passwords that are long and include capitalization and special characters. However, your customers won’t always follow best practices unless you force them too.
If you don’t already, update your policies to require strong passwords for your customer accounts. While it may be a tad annoying, you can remind them that you’re only prioritizing their security.
Follow these guidelines for setting up your own password security and standards.
6. Prevent Chargebacks
While real order disputes will happen, sometimes scammers can find loopholes in your policies and store information to initiate a fraudulent chargeback or just take advantage of you. To protect yourself from disputes and chargebacks, consider updating the following:
- Online tracking to prove a customer received an order if they try to say otherwise
- Clear return policies and require proof of item before issuing refund
- Accurate product photos and descriptions to reduce “item not as described”
- Trained customer service to handle individual cases properly
These are easy ways to minimize chargebacks or disputes and their costs.
7. Get Fraud Prevention Software
To help merchants combat daily fraud issues, there’s a handful of industry-leading software solutions that help you monitor your orders daily for any issues or suspected fraud.
Since your eCommerce store is always “open” for business, these solutions can save you a lot of time and detect fraud before your team processes the order. And, new tech innovations with machine learning and AI are making these solutions even more sophisticated at spotting trends and patterns for you.
If you have the order volume to justify it, these solutions can be worth the investment.
Monitor Your Online Orders Daily
Unfortunately, online fraud isn’t going away. So, it’s something you need to take seriously and monitor your orders daily for. If you put these best practices in place though, you’re putting your company one step ahead of scammers and hackers.