The security of e-commerce has come a long way since its inception, but plenty of risks still abound for businesses selling online.
E-commerce scams, online retail fraud, cybercrime — whatever you want to call it, if you’re an e-commerce small business owner, this stuff probably keeps you up at night. That’s because if you are a victim of fraud, it will cost you a lot more than just the dollar value of the transaction in question — a study found that each dollar of fraud costs retailers $3.13 in terms of fees, interest, merchandise loss, and other expenses.
And that’s to say nothing about the loss of a customer and the damage to your brand.
If you want to prevent cyberattacks and online fraud, you must understand them first. This guide breaks down what e-commerce fraud is, how to spot it, and what to do to prevent it.
Overview: What is e-commerce fraud?
E-commerce fraud is any illegal or fake transaction made on a website, typically using forged or stolen billing information. Hackers and cybercriminals have a number of approaches to fraud — some common e-commerce fraud examples include identity theft and stolen ATM and credit cards.
As the popularity of e-commerce has exploded in recent years, so has the prevalence of online fraud. Cybercrime is expected to cost the world $10.5 trillion annually by 2025, according to one cybercrime research firm.
6 types of e-commerce fraud
While many types of online fraud exist, these six types in particular are the most common.
1. Card cracking
Card cracking is when a thief steals credit or ATM card information and then attempts to use it to purchase items. Typically, they will make small purchases to test the card’s limits, and increase their buys gradually over time. This type of fraud causes losses for both the e-commerce site and for customers.
Chargebacks refer to when a customer contacts their credit card company to reverse the charges. The fraudster may use a service that accepts credit card payments and then wait to receive their merchandise before doing the chargeback.
Sometimes, these chargebacks are legitimate when a customer didn’t receive an item and the company refuses to make it right. But there are bad actors out there who attempt to use this tactic to get free merchandise. Vendors can use software applications to limit their risk here.
3. Account acquisition
One of the biggest forms of e-commerce fraud has to do with poor security in account management. In an account acquisition scam, a fraudster gains access to an e-commerce site as the owner through hacking or purchasing passwords and logins. Once inside, they can purchase goods on another site, steal money from the vendor’s account, and do other things that could cause permanent damage to the brand.
4. Fake refunds
One trick scammers will use is to make a charge on a stolen credit card, and then demand a refund to a different account. The used credit card is then closed. While the refund request may seem legitimate at first, in reality, it’s just a ruse for theft. A business should have a policy of only refunding to the original card to avoid this situation.
Cybercriminals often make purchases with a stolen credit card and use the billing and shipping address of that card. But then they change the delivery address either online or through a live customer service rep, sending the purchased product to a location where the thief can easily intercept it.
If they live near the initial delivery address, they may even intercept the delivery person and get the package before it ends up in a location they can’t access.
6. Triangulation fraud
Triangulation fraud refers to when a customer unknowingly makes a purchase on a fraudulent website (that doesn’t actually have the product in question), and the fraudster then takes that customer’s payment information and places an order on a legitimate website that does have the product, using the customer’s shipping information to get it to the customer.
When the customer disputes the second charge with the genuine retailer, the fraudster escapes the chargeback, leaving the genuine retailer on the hook for charges.
How to protect yourself from e-commerce fraud
As you can see, there are quite a few ways to be victimized by clever online tricksters. Here are some practical steps you can take to protect your business and your customers.
1. Invest in good security
Don’t be cheap when it comes to security. Spend the money necessary to get quality security software that will protect you and your customers. Regularly update the software and ensure it can be customized to fit your needs. Consult with industry peers on what the best solutions for your industry are.
2. Audit security often
E-commerce fraud detection is challenging if you’re not constantly vigilant, so audit your security often to ensure there aren’t any cracks a criminal could exploit.
Are your passwords and logins of significant strength, and do you change them regularly? Do you trust everyone in possession of critical information? Do you have good antivirus software that checks for malware constantly? Is your communication involving sensitive customer or business information encrypted?
3. Limit purchases
Get to know the general size range of purchases your customers make, and then set an upper limit on the total amount a consumer can buy.
That way, if a fraudster tries to order twice the amount of the top limit of what your customers typically order, you can stop the purchase in its tracks — at least until you’ve had time to review it more closely. This minimizes the risk to the business while also not inconveniencing the majority of your customers.
4. Restrict delivery
Most scams can be stopped by just being stringent when it comes to delivery — after all, if a fraudster can’t access the goods, there’s no point trying to steal them. Prohibit delivery to P.O. boxes or to anonymous locations, and require customers to use physical addresses. Also, don’t let people use freight forwarding services, which is a way around this restriction. Use tracking services to monitor these shipments.
5. Don’t collect too much customer data
A criminal can’t steal what you don’t have, so limit the amount of customer data you keep. Collect only what is necessary to bill your customers, and don’t harvest unnecessary information like social security numbers or birth dates. Whatever data you do harvest, take extraordinary measures to keep it safe.
6. Invest in Hypertext Transfer Protocol Secure (HTTPS)
HTTPS is one of the most fundamental methods of e-commerce fraud protection in today’s online shopping environment. It’s a more secure version of the HTTP protocol, encrypting data and protecting credit card information. HTTPS prohibits third parties from viewing data and can be accessed by purchasing an SSL certificate.
7. Require Card Verification Value (CVV) numbers
Those three or four little numbers on the backs of major credit cards don’t seem like that big of a deal, but they make a big difference in terms of online security. By making it necessary it enter the CVV for all purchases, you make it nearly impossible for scammers with stolen credit card info to complete a sale since they must have the physical card in hand.
E-commerce software can protect you from fraud
One of the best e-commerce strategies you can employ is to ensure your site’s security — after all, if a customer can’t trust that you’ll keep their sensitive personal information safe, they won’t do business with you no matter how good your products are.
Many e-commerce platforms have security functions built in to ensure both you and your customers are safe. For example, many of them — such as Wix eCommerce and Ecwid — use SSL certificates that encrypt customer and payment information. Square Online Store claims to manage the security of all payments and ensure your company is in Payment Card Industry Data Security Standard compliance.
Instead of trying to handle security on your own, use a software platform that can give you peace of mind with none of the headaches.
The post E-Commerce Fraud: What It Is and How to Prevent It appeared first on The blueprint and is written by DP Taylor
Original source: The blueprint