Congratulations on deciding to enter the exciting and potentially lucrative world of e-commerce. Like any undertaking, it can be fun and interesting while simultaneously presenting the potential for risk. Learn how to spot the signs of online fraud before it happens, and you can maximize your chances of success.
Monitor Billing and Shipping Addresses
When a customer purchases one of your items online, they may have perfectly legitimate reasons for shipping the product to a different address than the one where the bill is delivered. For instance, it might be a gift that is being sent directly to the recipient.
The real red flag that you need to watch for happens when the customer insists on having expedited shipping. This is particularly the case if the order is large. If you suspect that fraud is a possibility, contact the customer by phone to verify the order.
Verify the Customer’s Physical Address
If your gut tells you that something is not right about the transaction, one of the easiest ways to test it is to find out if the person’s address is legitimate. Start with a simple Google search of the address and the customer name; that might be all you need to prove that they are who they claim to be. Services such as Zabasearch can also let you know if the person lives at the specified address.
Keep Your Eye on IP Locations
While the vast majority of customers from overseas are on the level, one red flag that points toward fraud happens if the IP address is from abroad and does not match the one for the customer’s physical address.
When in doubt, research the IP address on a website such as IP-lookup.net. If you do not offer shipping to a certain country, your safest option is to restrict all IP addresses originating in that nation. Once you do, visitors from these places will be blocked from checking out.
Pay Attention to Customer Email Addresses
Believe it or not, you can learn a great deal about whether a transaction is on the up and up just by looking at the customer’s email address. If it looks unusual, chances are good that someone is trying to defraud you.
Record Credit Card Numbers
When criminals are attempting to make fraudulent transactions, they often try to enter a large amount of numbers several times in hopes of hitting the scamming jackpot. If a potential customer attempts to input five or more different credit card numbers in a short period of time, chances are excellent that the person is up to no good.
The easiest solution is to restrict the amount of times a customer can enter an incorrect credit card number. Simply decide what number they cannot exceed and ban them if they reach it. By reviewing your daily batch of transactions, you can remain on top of this information. Most merchant account providers enable you to take advantage of this feature.
Bring in the Big Guns!
If you think you need a more robust way to protect your e-commerce business against criminal activity, think about using a profiling service that cross-references names, previous purchases, IP addresses and more to better enable you to identify a high-risk purchase. While these services will cost you, the expense might well pay for itself.
Always Require the Security Code
In the case of Visa and MasterCard, this is a 3-digit number on the back of the customer’s card; for American Express, it is a 4-digit number on the front. Because this number does not appear embossed on the card or on its magnetic strip, thieves will have a much more difficult time retrieving it unless they have actually stolen the physical card. If the buyer does not accurately input the 3- or 4-digit number, do not allow their transaction to go through.
Protect Your Internal Systems
Small businesses are increasingly becoming the victims of cyber-crime, mainly because their security systems are often much more permeable than those of larger companies. To strengthen the security fortress around your company, take steps to ensure that all of your systems meet the card payment industry’s standards for e-commerce transactions.
Reputable web merchant services providers will have information prominently displayed on their websites indicating that they are PCI compliant. In many cases, your e-commerce software provider may contain a host of integrated security measures that constantly monitor all incoming traffic for malware and potentially fraudulent behaviors.
Remember, even the best software is compromised if you fail to update it regularly. As quickly as scammers come up with a hack, software companies can plug the hole, only to have the cycle repeat itself. Your best defense is to always remain abreast of the latest security patches and to install them as soon as they become available.
To minimize the chances of becoming the victim of cyber-criminals, you need to execute a multi-pronged defense. This involves careful monitoring of all aspects of incoming transactions, even those that do not go through, as well as obtaining reliable, dynamic and robust software that can help to automate some of these processes.
Think of your integrated security system as a combination electric fence and burglar alarm around your precious business. While it can never fully guarantee that you will never be taken advantage of, it might provide enough deterrence to convince a fraudster or hacker to seek an easier target.