Electronic commerce (eCommerce) fraud is a real threat in the online world, costing businesses an estimated $3.30 for every $1 in direct fraudulent losses. Although we tend to hear about the big-profile cyberattacks that affect large, multinational eCommerce businesses, smaller online merchants are often at an even greater risk. That’s because they typically lack the in-house IT and security resources to protect themselves.
In fact, six out of 10 small businesses close shop within six months of being hit by fraud. These closures often stem from out-of-pocket losses – coupled with diminished consumer confidence. If banks, regulators, or victims can demonstrate you didn’t implement the proper security steps to safeguard payment data, you may be liable for penalties – ranging from $5,000 to $100,000 per month (until the security holes are patched).
The following article outlines common types of eCommerce fraud – and steps you can take to help minimize the frequency and severity of these attacks for your startup or small business.
- Stolen credit card fraud
As the name implies, stolen credit card fraud is when criminals make unauthorized purchases using stolen or cloned plastic. This is arguably the most familiar type of fraud – since it exists in the offline world, too. The use of EMV chip-enabled cards has made in-person fraud more difficult for criminals.. As a result, many have moved their attacks to the online world, where anonymity grants them greater cover.
Fortunately, there are ways to reduce stolen credit card fraud, including:
- Asking for more details during checkout. A criminal might have a user’s card number, CVV code, and expiration date. The chances he or she will also have the victim’s billing address is much lower. With Address Verification Service (AVS), you can match the ZIP code with what the cardholder’s bank has on file.
- Using velocity filters to flag suspicious, back-to-back transactions. Criminals often test numerous cards in quick succession. With this filter in place, you can block these attempts until you’ve had a chance to investigate.
- Chargeback fraud
Chargeback fraud happens when a customer orders something online before claiming he or she never ordered the item or that it didn’t arrive. Either way, these users initiate a chargeback through their credit card bank instead of going through you – the merchant – for a refund. They end up keeping the item and making money on top of that
Also known as “friendly fraud,” you can limit these types of thefts by implementing simple strategies, such as:
- Adding tracking to all shipped items – preferably with signature authorization on the receiving end.
- Publishing a clear refund policy that makes it as easy as possible for “dissatisfied” users to get their money back. This won’t prevent all abuses, but it can help reduce the number of chargebacks.
- Disallowing guest checkout. If users can only buy while signed in, this makes it much harder to claim that any given purchase was “unauthorized.”
- Account takeover fraud
With this type of fraud, criminals gain access to accounts by stealing usernames and passwords. Email phishing is a popular way thieves gain entry. If you’re using outdated IT infrastructure, they can also steal login credentials simply by hacking stored details or by intercepting sensitive information in transit.
Protecting your business and users from account takeover fraud involves:
- Mandating secure passwords for all of the software, hardware, and servers used to run your business. This includes any smart devices given to team members.
- Requiring two-factor authentication (2FA) for all logins. Criminals might be able to get their hands on a user’s password. Though they’re less likely to know that user’s high school mascot or mother’s maiden name.
- Using PCI-compliant payment processing that leverages advanced fraud prevention tools such as encryption (for data sent) and tokenization (for data stored). Even if login credentials and payment data fall into the wrong hands, this information remains unreadable – and thus – unusable.
Although online shopping offers unprecedented speed and convenience, these benefits are precisely what criminals try to exploit when they attack eCommerce platforms – big and small. The fraud risks outlined above are just scratching the surface. To learn about other online risks and what steps you can take to protect yourself, your business, and your customers – check out the free accompanying infographic.
Infographic created by First Data, a credit card processing
Dori Bright is the senior vice president of Marketing Intelligence and Small Business Market Development at Fiserv, a leading global provider of ecommerce payments and financial technology solutions, helping businesses connect with customers through physical, digital, and mobile payment experiences that drive commerce.
With more than 15 years of experience working with the industry’s leaders in digital marketing, Dori has a distinguished track record of success, driving best-in-class customer experiences.