Protecting your online business from fraud

You’ve likely heard the phrase “the customer is always right.” It’s a mantra for traditional business owners to show that they go above and beyond the call of duty for their clientele. To be fair, it’s a respectable way to go about building your customer base and there’s a reason that philosophy was the norm for the brick-and-mortar world of the last century.

However, new ways of doing business require another set of skills to help you prevent opening the door open for fraudsters, scam-artists and criminals.

Online businesses are becoming savvy to the tactics that cyber-criminals are employing. In this evolutionary arms-race, the criminals continually shift and pivot to even more sophisticated ways of phishing, hacking and outright theft.

Operating a digital storefront or other online venture without an understanding of modern fraud can be like walking through a minefield without protection. You must have strong tools and tactics in place for combating the risks. It’s crucial to prevent fraud and theft, especially when your business could be held financially responsible for any losses incurred.

Once you understand the types of fraud and what to do in case you’re business has been targeted, you be able to react in a swift and professional manner to stop any thieves from getting further with their plan!

Methods to prevent eCommerce fraud

With so many methods of deception for theft, it can seem impossible to stem the tide of online thievery. That said, there are solid strategies to implement that can prevent most, if not all, of online fraud.

The first step, if you’re choosing a third party platform on which to host your business, is to choose one with a solid reputation for best practices in security.

Popular third party sites implement the security protocols necessary to verify customers and protect databases. A handy checklist to help you decide which platform or hosting company to choose should include:

Secure checkout

Implementing a CAPTCHA will stop almost all bot attacks in their tracks. CAPTCHA stands for “completely automated public Turing test to tell computers and humans apart” and is one method to ensure your customer is a human being on the other end of that connection. This method demands that the user type the letters they see on the screen into a field box. Usually these letters and/ or numbers are visually jumbled and forces the customer to focus and assess what they are seeing on the screen. Sometimes controversial since the CAPTCHA can be difficult from a usability standpoint, it still remains as a good tool for preventing automated fraud and data leaks.

Strong Passwords

Help your customers to secure their accounts with added levels of security. Encourage more complex passwords. While it seems quick and easy to create a memorable password from a few letters, use a system that only accepts longer characters with numbers and capitalization included.

It’s very common for individuals to re-use old passwords or take common ideas from a dictionary, birthdates, children’s names, etc. Encourage the use of password generators and such as Last Pass and Passwords Generator to help with this process.

Credit Card Verification & Address Verification

Verifying addresses and credit card value are other standards of compliance that will keep fraudsters at bay. The AVS, address verification system, cross-references the billing address of the customer with the information stored on the credit card system itself.

CCV, credit card value, is the familiar three digit code on the back of all credit cards. In compliance with PCI, the CCV data is never stored with credit card numbers on an online retailer’s database. With this security in place, hackers can’t acquire this information without actually stealing the card in real life.

PCI compliance

Payment Card Industry Security Standard Council, PCI for short, is a grouping of major global credit card brands that developed an industry specific protocol for protecting consumer data. What is now referred to as PCI Compliance, ensures that sellers follow PCI standards across the board when customers pay with their credit cards.

The upside of PCI Compliance being strictly enforced is that an online retailer can rely on their payment processor to handle all of these details. PayPal and others have built this compliance directly into their operations to take the pressure off the seller.

The PCI Security Standards Council’s website provides all the details to help you better understand this globally-used payment protocol.

Ongoing fraud detection

As a business owner, it is your responsibility to monitor all transactions as they come through. If something looks suspicious, it’s wise to put that purchase on hold until you can properly verify the payee’s origin.

Software Updates

Keeping your operating systems and all business related software up-to-date is a must for preventing hackers from exploiting any weaknesses. Running anti-virus software and installing new patches will keep your operation running smoothly.

When Magento’s eCommerce software revealed multiple flaws in their system that came about after fixing and patching previous issues, shop owners were made vulnerable to attack. If the shop owners using Magento did not update their software, they’d be left vulnerable to attack via payment card skimmers. The company publicly urged all clients to immediately update their software regularly to avoid such problems.

If users made a practice of updating their software frequently, they would not have become vulnerable to this type of attack.

Risk Management

An ounce of prevention goes a long way, and so does a solid plan for understanding the traffic in online fraud. Every eCommerce shop owner will encounter an attempt at fraud at some point in the life of their business. Keep a record of all prior attempts at fraud. By tracking these you can see a pattern if there are repeated attempts from one source, or clear methods of attack.

Use this knowledge to prevent them from breaking through your defenses. Establish security protocols and train your employees on what to look for, especially around the holidays. Certain times of the year like Black Friday, Cyber Monday, Christmas, and whenever large purchases are commonly made, are a field day for online criminality. If your eCommerce shop does high volume at this time it might be easy to miss a few scams.

It is wise to have a crisis management plan established in the case of if your business falls prey to an online fraud scheme. Having a set of actions to follow in terms of public relations and statements to customers and dealers will allow you to act swiftly on the public facing front while fixing the problems internally.

In a damage control situation it is vital to counteract the situation that decrease your company’s brand value and trust. Stem the flow of significant loss and customer complaints by being prepared and understanding the conditions in which the fraud took place.

Trends in new ways of shopping will eventually lead to patterns emerging in fraudulent behavior. Credit card payments are still a mainstay of purchasing online, however with the rise of PayPal, new competitors have come out in recent years. Venmo and Zelle are current popular methods of buying online, especially since users are trending toward shopping via their mobile devices. It is vital that an eCommerce business analyze the information coming through when introducing a new payment option. Criminals will always test a new method for vulnerabilities and loopholes in the system.


Protecting your business, and customers, from online fraud is an ongoing job that should be at the top of every retailer’s list of priorities. Cyber crime is not going to go away. It will become more sophisticated and clever, thus it is up to the retailer to keep adjusting strategies as they go.

From following security protocols to hiring outside agencies to monitor and advise, protecting you endeavors from fraud can doesn’t have to be overwhelming. Common sense and an understanding of what tools to use will keep your business safe from most attacks.

Need help? We're always here for you.

× Close