Protecting Your Site Against Ecommerce Fraud

Online scams to trick people out of their hard-earned money have been around as long as the Internet itself.  Most people are familiar with the infamous 419 scam, which involves emails sent from supposed royalty (usually Nigerian princes) asking people to help them access funds that they have allegedly inherited.

Even more insidious, and dangerous to ecommerce store owners are the scams and tricks that cyber criminals use to commit ecommerce fraud. When transaction fraud is committed, whether it involves using stolen or illegally-obtained credit card information, or through another method, the online merchant is responsible for making sure that proper financial compensation is given.

Additionally, chargebacks that come about as a result of fraud are not only expensive and time-consuming to deal with, they can also result in an online merchant ‘s loss of a merchant account, and tarnish their reputation as a trustworthy, safe business.

We all want the online transactions that take place in our virtual marketplaces to be as secure and verifiable and possible. Luckily, there are several ways to help protect against ecommerce fraud.

Antique Purchase

Securing Your Shopping Cart

John Hammond from Authorize.Net, a secure credit card payment gateway company that many Miva Merchant storeowners are familiar with, recently spoke with Practical Ecommerce about ways that online store owners can prevent fraud.

“Any website that does not properly secure their payment form or access to their shopping cart information can be easily compromised,” says Hammond.

Hammond goes on to stress the importance of monitoring site transaction activity and employing address and card code verification as part of your checkout process.

Making sure that your SSL (secure socket layer encryption) on your website is valid and up-to-date is also crucial.  Secure Socket layer encryption helps to protect and safeguard sensitive customer information, such as phone numbers, credit card numbers, addresses, and stored passwords during the checkout process.

Of course, choosing a secure shopping cart in the first place is essential, but it is crucial for store owners to keep in mind that even the most secure shopping carts are not automatically immune to fraud.

Understanding PCI Compliance

PCI stands for Payment Card Industry’s Data Security Standard, and was developed by the PCI Security Standards Council, which is made up of representatives of the major credit and payment companies, including Visa, Inc, Discover Financial Services, MasterCard Worldwide, and American Express.  These guidelines were developed with the goal of protecting the security of ecommerce transactions.

While PCI compliance is required for all ecommerce sites, there are four different classifications, or levels of requirements that merchants can be required to comply with, depending on their annual transaction volume. It goes without saying the merchants with a higher annual sales volume must meet a more stringent set of requirements, but all merchants, regardless of sales volume, must, at minimum, complete an Annual Report On Compliance by a Qualified Security Assessor, have a quarterly network scan by an Approved Scan Vendor, and comply with other basic requirements as well.

The penalties for non-compliance can be severe, particularly if a merchant’s failure to comply results in a cardholder’s information being stolen.  Individual credit card companies have their own sets of penalties, from fines to the loss of the right to accept credit cards from a particular company that they can impose on non PCI DSS-compliant online merchants.

Money Closeup

Manual Vs. Automated Fraud Monitoring

Monitoring all ecommerce transactions that take place on a particular site on a daily basis can be a time-consuming process. On the other hand, relying solely on automated fraud detection systems to catch fraudulent transaction attempts is a recipe for disaster.  This is especially true when you consider that manual fraud detection systems will flag orders for manual review if they appear suspicious, so it isn’t a good idea for merchants to assume that they can adopt a “set it and forget it” approach to fraud prevention just because they have a secure shopping cart and the right fraud monitoring tools.

Calling a customer to verify an especially large transaction amount, using Google or calling their bank to verify their address or identity, and keeping accurate and up-to-date customer records are all good methods of manual order management and fraud prevention.

The solution is not an either-or, but rather a best-of-both-worlds approach. In other words, a secure, PCI-DSS shopping cart, built-in address and credit card code verification systems, and a plan in place to make sure that someone is actively monitoring, or at the very least reviewing transactions that look suspicious or are flagged by the system is a must for any online merchant who wants to be viewed as trustworthy and safe.

Remember,  when it comes to fraud prevention, your online reputation, and the success of your ecommerce store are both at stake. Protect your customers, and yourself from cyber crime.