eCommerce Fraud Prevention
1. eCommerce Fraud. Current Situation.
Once retail went online fraudsters followed suit. Cyberspace opened up some new opportunities not only for honest trade, but for crookery. Both roles the seller and the buyer are threatened by fraudsters these days, and if they are not careful, they get into trouble. This article is for honest business owners, especially those who are just starting their online operations. We find it worthwhile to remind of the dangers of online fraud, because an online store’s success is not only based of neatly designed and speedy shopping cart, appropriate product mix and good service, but also on security.(1) (2) Wherever money is involved there are vultures who wish to free-lunch. For the sake of business safety and positive reputation with customers everyone running or planning to run an online business has to think about safeguarding it from those vultures.
2. Most Common Types Of eCommerce Fraud.
1. Card fraud is the most common type of e-tail scourging scam. The thief gets hold of other person’s credit card details and pays for goods in online stores.
2. The man-in-the-middle attack – this is when the criminal intercepts the cardholder’s data while being submitted to the seller.
3. Hacking – is the worst-case scenario when the cyber-criminal takes control of your web store’s backend, and has access to all pages including the payment gate.
4. Malicious Code – there are some kinds of malware that can be used by fraudsters to capture sensitive data from your online store. Those are keyloggers or spyware, backdoor (gives the hacker remote access to your computer), command and control (looks for and executes commands).
3. Fraud Identification.
As online retail is normally Card Not Present environment, where credit card details are enough for a transaction to happen we will have a look at the most telltale indicators of fraudulent behavior. The most common kinds of goods that crooks favor are: electrical goods, household appliances, jewelry, computers, furniture, any other goods which are easily disposed of for cash. The customer who came to order from your website may be a fraud if they place unusually large orders, sometimes those are orders for multiple quantities of the same item. It is suspicious if a number of orders is placed within a short period of time from multiple credit cards. It is especially alarming if, in case of multiple credit cards, once the first credit card has been declined, another one is immediately offered. Also look out for two or more consecutive credit cards with similar numbers. Expedited shipping to a faraway location, with the purchaser not caring about the costs, might be another sign of scam. It is even more fishy if an order that you are asked to deliver ASAP is from a country, from which you don’t usually get orders, especially if items ordered can easily be purchased locally. No matter what the delivery destination is, it won’t be wrong to become suspicious if the delivery is requested to a Post Office Box, or to a third party. Another possible indication of fraud is when a purchaser who claims to represent a corporate body offers a free e-mail address, or if the only contact information provided by the customer is a mobile phone number. (1)
4. Fraud prevention measures.
BIN country matching and IP address country matching will allow you to know what country an order comes from and what bank issues the credit card. This information may be valuable for further police investigation in case of fraud committed. It is not wrong to become alerted in case the IP address belongs to an area, notorious for its record of online fraud, e.g. Nigeria, Indonesia.
To protect yourself against man-in-the-middle attacks you should use an SSL certificate. All payment service providers will use such protection on their payment gateways and you will also need to obtain one for your website. This should eradicate most attacks.
You can minimize the damage from hacking by allowing your payments provider to host your payments page on their server. From your end you should always ensure that you use the latest version of the CMS, on which your website is built and that your hosting is secure. Regularly change passwords to your website and make sure that any third party software and plugins you use are also secure and trustworthy. Also, encourage your registered customers to use as powerful passwords as possible. Sensitive information must be zealously protected and destroyed once you do not need it for business purposes.
Malware, if well designed, may be an extremely dangerous tool of online fraudsters. The best way to protect yourself from virus attacks is to keep any software on your computer up to date, use an anti-virus program and perform regular scans on your machine. (1) (2) (3)
Has your online business suffered from crooks?
Do you have any fraud prevention ideas to share?
Please, don’t hesitate to strike the comments below!