Methods to prevent eCommerce fraud
With so many methods of deception for theft, it can seem impossible to stem the tide of online thievery. That said, there are solid strategies to implement that can prevent most, if not all, of online fraud.
The first step, if you’re choosing a third party platform on which to host your business, is to choose one with a solid reputation for best practices in security.
Popular third party sites implement the security protocols necessary to verify customers and protect databases. A handy checklist to help you decide which platform or hosting company to choose should include:
Implementing a CAPTCHA will stop almost all bot attacks in their tracks. CAPTCHA stands for “completely automated public Turing test to tell computers and humans apart” and is one method to ensure your customer is a human being on the other end of that connection. This method demands that the user type the letters they see on the screen into a field box. Usually these letters and/ or numbers are visually jumbled and forces the customer to focus and assess what they are seeing on the screen. Sometimes controversial since the CAPTCHA can be difficult from a usability standpoint, it still remains as a good tool for preventing automated fraud and data leaks.
Help your customers to secure their accounts with added levels of security. Encourage more complex passwords. While it seems quick and easy to create a memorable password from a few letters, use a system that only accepts longer characters with numbers and capitalization included.
It’s very common for individuals to re-use old passwords or take common ideas from a dictionary, birthdates, children’s names, etc. Encourage the use of password generators and such as Last Pass and Passwords Generator to help with this process.
Credit Card Verification & Address Verification
Verifying addresses and credit card value are other standards of compliance that will keep fraudsters at bay. The AVS, address verification system, cross-references the billing address of the customer with the information stored on the credit card system itself.
CCV, credit card value, is the familiar three digit code on the back of all credit cards. In compliance with PCI, the CCV data is never stored with credit card numbers on an online retailer’s database. With this security in place, hackers can’t acquire this information without actually stealing the card in real life.
Payment Card Industry Security Standard Council, PCI for short, is a grouping of major global credit card brands that developed an industry specific protocol for protecting consumer data. What is now referred to as PCI Compliance, ensures that sellers follow PCI standards across the board when customers pay with their credit cards.
The upside of PCI Compliance being strictly enforced is that an online retailer can rely on their payment processor to handle all of these details. PayPal and others have built this compliance directly into their operations to take the pressure off the seller.
The PCI Security Standards Council’s website provides all the details to help you better understand this globally-used payment protocol.
Ongoing fraud detection
As a business owner, it is your responsibility to monitor all transactions as they come through. If something looks suspicious, it’s wise to put that purchase on hold until you can properly verify the payee’s origin.
Keeping your operating systems and all business related software up-to-date is a must for preventing hackers from exploiting any weaknesses. Running anti-virus software and installing new patches will keep your operation running smoothly.
When Magento’s eCommerce software revealed multiple flaws in their system that came about after fixing and patching previous issues, shop owners were made vulnerable to attack. If the shop owners using Magento did not update their software, they’d be left vulnerable to attack via payment card skimmers. The company publicly urged all clients to immediately update their software regularly to avoid such problems.
If users made a practice of updating their software frequently, they would not have become vulnerable to this type of attack.