Around half of e-commerce business owners are defrauded at some point. The Association of Certified Fraud Examiners reports that the average loss is $114,000 per incident.
If you unwittingly process a fraudulent payment, you might be held liable. Not only that, but your online reputation will suffer.
Prevention is the best cure even in e-commerce. Are you doing all you can to protect your bottom line and loyal customers from cyberattack?
Scams get more sophisticated all the time, and dozens of new ones seem to crop up every year. However, most are some version of identity theft or account takeover.
If hackers can breach the protections you have in place, all your sensitive customer data is up for grabs. That includes personal information such as addresses, phone numbers, account numbers, credit card numbers and passwords. If you do something nice for clients’ birthdays, the scammers will have dates of birth too.
Identity theft is a gold mine for cyberthieves. They can either sell the data to other hackers, go on extended shopping sprees, or digitally “kidnap” the information until the business owner pays a ransom.
In account takeovers, thieves get access to login credentials. Most use automated bots. If they have email addresses, they might send fake communications — supposedly from your business — to trick unwitting customers into revealing their user IDs.
From there, a thief can simply log into an account, reset the password and start spending. With any luck, the customer uses the same name, password and stored payment information across multiple e-commerce businesses.
There’s great demand for such data on the darknet. Buyers of stolen account numbers and credentials can wreak havoc before victims have time to look over their billing statements.
Don’t dismiss fraud as just another cost of doing business. Take these proactive steps to minimize risk of charge-backs and to stay compliant with industry regulations:
• Perform updates promptly.
Cybercrime thrives on outdated operating systems and software. Considering that technology evolves with each newly discovered hack, business owners needn’t be sitting ducks.
No one denies that updates are inconvenient, but they often contain improved security patches. Perform them as soon as they’re available.
• Install quality anti-malware designed for businesses.
It’s tempting to use the free stuff, but consumer-strength software with limited features just doesn’t offer enough protection. It’s certainly no match for the latest malware or spyware.
Invest in cutting-edge security software or a managed solution. You’ll save a fortune in charge-backs and earn your customers’ trust.
• Monitor transactions daily.
A husband or wife who suspects the other of cheating obsessively monitors bank transactions, credit card activity and phone records. Think of yourself as a suspicious spouse.
Over time, you get to know your customers’ locations, preferences and spending patterns. An unexpected shipping address or inconsistent payment information should strike you as fishy. Verify transactions associated with free email providers like Yahoo or Gmail; scammers are more likely to use those.
Also, take advantage of software that tracks customer IP addresses. It will alert you to addresses in countries where fraud is prevalent.
• Require the card verification value.
You can’t store the three- or four-digit CVV code with customers’ other payment information, but that doesn’t mean you can’t require it in every transaction. The CVV is one of your best weapons against scammers.
• Use the Address Verification Service.
Make sure that your payment processing system supports the AVS. It verifies in real time that the billing address stored on a credit card matches up with the issuer’s records.
• Require customers to use stronger passwords.
Hackers get better all the time at cracking passwords. All the experts agree that the most secure passwords contain at least eight characters and a combination of numbers, lowercase letters, uppercase letters, and special characters.
Disgruntled shoppers will get over it if you explain that ensuring their safety and privacy is your top priority.
• Set daily limits.
This one may be harder to swallow, but more and more e-retailers are considering it. Most customers are already used to daily limits in online banking and trading.
Based on your normal order and revenue trends, set per-day, per-account limits on spending and the number of transactions allowed.
Trust us. It’s easier to beef up security than to recover financially and regain customers’ trust after a breach.
Main Office: 200 E. Robinson St. Suite #250, Orlando, Florida 32801. Attorney Jeffrey Kaufman, Licensed in Florida Disclaimer: the purpose of this site is to provide information about legal options, not to provide legal or professional advice. You should not assume that the information on this site applies to your case without consulting with an attorney first. Requesting an initial consultation does not create an attorney client relationship. The hiring of a lawyer is an important decision that should not be solely based on advertisement.
© Kaufman and Lynd PLLC.