By Erica Houskeeper on February 7, 2020
In today’s fast-growing and competitive online shopping environment, merchants must be extra vigilant to protect themselves against eCommerce fraud. Projections for eCommerce sales are estimated to reach about $632 billion. While card-present fraud losses have decreased in recent years, card-not-present fraud continues to grow. In fact, retailers are expected to lose about $130 billion in revenue between 2019 and 2013 on fraudulent transactions for CNP.
Online fraud can occur when a fraudster retrieves the personal details of someone by hacking into their device and using their details to purchase products or services. Online fraud most commonly takes place when a credit card is lost, or credit card information is not stored securely. Even as security measures become more sophisticated, eCommerce fraud is increasingly organized and committed by skilled hackers who are finding new and creative ways to steal information.
In 2018, almost three-quarters of businesses cited fraud as a growing concern, Nearly two-thirds reported the same or higher levels of fraudulent losses, according to Experian’s 2018 Global Fraud and Identity Report.
In many cases, a fraudulent transaction can result in a chargeback, which can cause merchants to lose money. There are built-in protections for online retailers, such as Shopify's fraud analysis. The Shopify fraud protection tool uses algorithms to help bring suspicious orders to a merchant’s attention.
Even so, business owners need to stay on their toes as eCommerce fraud management requires a strategic commitment to prevention.
7 Tips to Avoid eCommerce Fraud
Here are 7 steps that businesses can take to protect themselves and their customers from eCommerce fraud.
1. Monitor Transactions and Reconcile Bank Accounts Daily
Look for red flags such as inconsistent billing and shipping information, as well as the physical location of customers. Merchants can use tools to track customer IP addresses and send alerts for any addresses from countries known as a base for online scams.
It’s also a good idea to check to see if customers are using free or anonymous email addresses—such as Gmail or Yahoo—as there’s a much higher incidence of fraud coming from free email service providers than from paid ones.
Examples of suspicious online behaviors indicating potential fraud include:
- The shipping address and billing address differ
- Multiple orders of the same item
- Unusually large orders
- Multiple orders to the same address with different cards
- Unexpected international orders
2. Set Limits on Purchases
Based on order and revenue trends, merchants can set limits for the number of purchases and total dollar value they will accept from one account in a single day. Setting limits can help keep a business’s exposure to a minimum should fraud occur.
3. Use the Address Verification System (AVS)
An Address Verification System (AVS) compares the numeric parts of the billing address stored on a credit card to the address on file at the credit card company. AVS is a fraud tool included in most payment processing solutions. Merchants should check with their payment processor to be sure AVS is activated.
4. Require the Card Verification Value (CVV)
The Card Verification Value is a three- or four-digit security code printed on the back of credit cards. PCI rules prevent merchants from storing the CVV as well as the credit card number and card owner’s name. The CVV makes it nearly impossible for eCommerce fraudsters to get it unless they’ve stolen the physical credit card. Most processors include a tool to require CVV as part of their checkout templates, which is good news.
5. Get Tougher with Password Requirements
Best practices these days call for at least an eight-character, alphanumeric password that requires at least one capitalization and one special character (for example, “V1$A8!!”). While customers might not like it, the alternative is much worse.
6. Maintain PCI Compliance
It should go without saying that PCI Compliance—which is mandatory and strictly enforced—is the first step in eCommerce fraud protection. Ecommerce PCI compliance is vital whether a merchant is running a single brick-and-mortar retail location or a large retail chain selling goods across multiple stores and eCommerce sites.
7. Keep Platforms and Software Up to Date
Merchants need to make sure they are running the latest version of their operating system, as providers continually update their software to prevent fraud and protect businesses from viruses and malware. Also, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software vulnerabilities.
When it comes to preventing eCommerce fraud, merchants must find the right balance between security and making checkout as easy as possible for consumers. One of the leading causes of shopping cart abandonment is a complicated checkout process. Adding security measures helps reduce fraud but can unintentionally frustrate customers and prompt them to go elsewhere.
Still, as eCommerce grows, fraudsters will continue to follow the money and look for vulnerabilities. Merchants need to take the necessary steps to prevent scammers from taking a bite out of their hard-earned profits.
Thankfully, Sekure’s customer support team are ETA-certified payment processing experts and can answer all your questions about how to detect and avoid eCommerce fraud. Contact us today to learn how we can help.