Data breaches compromise nearly half a billion files every year, and eCommerce businesses are among the most common targets. Hackers and frauds prey on sensitive credit card data that’s transmitted online, which they then sell to other malicious parties or use to make illegal purchases.
As a business owner, this is only one type of eCommerce fraud you have to be wary of. There’s also friendly fraud in the form of chargebacks (which we’ll discuss in-depth), and other forms of deception that can hurt your bottom line. But as long as you’re proactive about your security and you understand what to look out for, you can protect your revenue, your customers, and your reputation.
Preventing Data Breaches
A customer data breach can have serious consequences, even if you catch it early on. For starters, your customers will lose trust in your brand and you may face exorbitant fines and penalties for failure to be in PCI compliance. Your business may also be placed on the TMF/MATCH list, making it extremely difficult for your organization to obtain merchant services. And then there’s the possibility of lawsuits.
The best way to prevent data breaches is to ensure that your business and your payment processor are PCI-compliant at all times. The PCI Security Standards Council oversees online payment security and requires that all eCommerce businesses adhere to certain standards. Some business owners assume that it’s enough to just use a PCI-compliant payment processor and gateway. While this is essential, your own website still needs to be PCI-compliant as well. For example:
- Your eCommerce website must be encrypted with a valid SSL certificate
- The back end of your website must be secured so that only necessary users have access to sensitive customer information
- You must have an up-to-date firewall and virus software
- All passwords must be unique and strong (more than 8 characters with a combination of uppercase and lowercase letters, numbers, and special characters)
- Your website should be audited and tested regularly for security vulnerabilities
Even if your payment processor is PCI-compliant, you may still be held responsible for any data breaches if your customer data is compromised due to a vulnerability originating on your website. So make sure you familiarize yourself with the 12 PCI standards and proactively incorporate them on a regular basis.
Preventing Friendly Fraud
Chargebacks represent one of the biggest threats to your merchant account. If you receive too many chargebacks (usually more than 1% of total transactions), your merchant account may be suspended or altogether terminated. But the majority of chargebacks are actually the result of friendly fraud.
For a bit of background, a chargeback occurs when your customer demands a refund—not from you, but from the bank directly. The customer might claim that the charge is invalid or that they never received the items purchased. The purpose of chargebacks is to protect consumers, and too many chargebacks can suggest to merchant providers and banks that your business is disreputable.
Friendly fraud is a type of chargeback that occurs when a customer knowingly misleads the bank to get a refund. They might fraudulently claim that the item was never received or that it was damaged; in fact, the customer is trying to back out of a purchase or get something for nothing. These chargebacks are a nuisance because they come with fees and penalties and can place your professional reputation in jeopardy, but there are ways to reduce them:
- Work with a merchant provider that offers chargeback prevention tools. Some payment processors have tools that can assess a customer’s likelihood of fraud based on their purchase history or IP address.
- Focus on delivering exemplary customer service. Dissatisfied customers will sometimes initiate a chargeback as an act of revenge after a negative buying experience. Go the extra mile to ensure that each customer’s needs are met, make yourself available for questions and concerns, and offer perks like discounts or e-gift cards if you do make a mistake or cause undue inconvenience.
- Offer a generous return policy, and make sure customers are aware of it. Sometimes customers will demand a refund from the bank out of laziness or because they think the retailer won’t be flexible.
- Blacklist customers who have previously initiated friendly-fraud chargebacks with your business. Believe it or not, some consumers will target the same business multiple times if they think they can get away with it.
- Keep detailed records of every transaction, and dispute every chargeback that you feel is fraudulent. If the chargeback is overturned in your favor, your chargeback threshold won’t be negatively affected.
Unfair chargebacks can be frustrating for any business, but if you make it a priority to fight them, you’ll protect both your revenue and your good standing.
Understanding Your Risk for eCommerce Fraud
eCommerce fraud can happen to any business, but certain businesses are at a greater risk than others. For instance, if your website isn’t PCI-compliant (e.g. if your passwords are weak or you haven’t updated WordPress since 2018), the hackers will find you. So make sure to make web security a priority.
Aside from that, the businesses most likely to be targeted for fraud are those that operate in high-risk industries. Examples of high-risk industries include kratom, CBD, online dating, adult services, tech support, multi-level marketing, online gambling, and MOTO (mail order/telephone order). Basically, an industry is deemed high-risk by credit card companies if it:
- Has a questionable or inconsistent legal status
- Involves card-not-present transactions, such as phone ordering
- Operates in a country where fraud is rampant
- Is associated with higher-than-average chargebacks or fraud
If you operate in a high-risk industry, you’ll need to be especially diligent about maintaining PCI compliance and taking steps to prevent fraud. You may need to work with a high-risk credit card processor like High Risk Merchant Pay that understands the challenges and has safeguards in place to mitigate risk. They should offer fraud scrubbing tools and enhanced chargeback protection.
Make Fraud Prevention a Priority
When you’re proactive about fraud prevention, your business benefits in numerous ways:
- More satisfied customers
- More revenue
- Fewer abandoned carts
- Access to the best payment processors and gateways
- Fewer headaches
Even if you dedicate just a few minutes a week to improving your web security and monitoring your transactions, it can make a world of difference.