2020 was a challenging year. And while many businesses saw some relief in the surge in online shopping, this came with a dark side: increased online activity also led to increased fraud, and research suggests that losses due to fraud will top $20 billion in 2021, up from $17.5 billion in 2020.
As more businesses embrace ecommerce as a way to boost market share and retain customers, and as more card-not-present (CNP) transactions are processed, this isn’t likely to change any time soon. In fact, the 2020 Verizon Data Breach Investigations Report shows that in retail, nearly all breaches were financially-motivated, and most stolen data was personal (49%) and payment (47%). But it’s not all bad news: businesses with an ecommerce presence can put systems and checks in place to prevent fraud and enhance security for their customers. Here’s some information to get you started.
What is ecommerce fraud?
The most typical form of ecommerce fraud happens when someone makes a transaction using a fraudulent payment method. Here are some of the most common:
Chargeback fraud: A customer makes a purchase and receives the product or service. They then initiate a chargeback, claiming that they didn’t make the purchase themselves or that they never received the product.
Identity theft: A criminal makes a purchase using stolen cardholder information. Because the card number and the customer data match, the transaction doesn’t seem suspicious at first. It only gets discovered when it shows up in the cardholder’s account. In addition to the cost of the merchandise, the business is also on the hook for the chargeback to the cardholder.
Email phishing: A customer receives an email that looks like an order or delivery confirmation, but when they click on the link to track their package, their computer is infected with viruses or malware.
Pagejacking: A customer goes to your ecommerce site to place an order, but they never receive the delivery. What happened? There’s a good chance that they visited a fake website, built by hackers to collect their personal information and payment card data.
Common signs that a transaction might be fraudulent
Here are some of the common signs that a transaction might be fraudulent. As a business owner, you’ll need to be careful here: on their own, all of these occur in legitimate transactions. So, what makes a transaction fraudulent? If you see several of these in a single transaction, you’ll want to do some careful checks:
Customers from countries you don’t regularly do business with
Unusually large orders
Multiple transactions using the same payment card in a short time
Orders with different billing and shipping addresses
A mismatch between the IP address and the billing or shipping addresses
Multiple payment cards from the same IP address
How can ecommerce businesses prevent fraud? Here are three important steps that ecommerce businesses can take to prevent fraud.
Use a reputable organization to process your payments. When you’re choosing your payment processor, look for PCI DSS compliance – this is the gold standard for keeping cardholder data and payment card information secure and protected.
Ensure that fraud tools are enabled and offered on your website. Card security codes (the three- or four-digit code on the back of the card) are a good first step. Address Verification Service (AVS) is another useful tool – it matches the billing address on file for the card with the billing address entered by the customer. And to keep your ecommerce website secure, always have secure firewalls in place and use Secure Server Layer (SSL) Certificates to encrypt customer data.
For CNP transactions that are picked up in store, check customer ID to ensure that it matches the cardholder name.
In a world where nearly every business is online, simply having an ecommerce site isn’t enough. Now, you need to take steps to keep your business secure, and you need to let your customers know that you’re keeping their data safe and protected. Want to learn more about online security for your ecommerce business? Call us at 1-800-957-0534 or email us at firstname.lastname@example.org.