Fraud Prevention Pt. 2: Protect Your E-Commerce Site Against Credit Card Fraud
Credit card fraud is a risk for all businesses, but it is particularly troublesome for online merchants. According to a recent report from CyberSource, North American merchants lost an estimated $3.4 billion to online fraud in 2011.
Don Weary, director of Product Management at Sage Payment Solutions says, “Fraudsters love to be anonymous and fast. Small online businesses are often targeted because they don’t have sophisticated tools in place to repel fraudsters.”
Although there is no foolproof way to prevent losses due to online credit card fraud, small businesses can minimize their risk by implementing these seven best practices:
- Keep your shopping cart software up-to-date.
Action: If you are using an outsourced, hosted shopping cart, this may be done automatically for you, but if you are hosting a shopping cart on your own website, be sure you purchase and install upgrades as they are released.
- Enable both Address Verification (AVS) and Card Code Verification in your payment gateway.
Action: To do this, log into your payment gateway account and look for a section that allows you to configure security settings.
- Use advanced verification and fraud detection features if offered by your payment gateway.
Action: If American Express provides your payment gateway, use its free Enhanced Authorization tool to review order information against a customer’s account history. Other advanced features can help you spot fraudulent foreign orders and orders being shipped to invalid U.S. postal addresses. Call your payment gateway provider to see which features are available.
- Train employees to watch for signs of fraudulent orders. Signs include: unusually large orders, unusual international orders, fake phone numbers such as 555-123-4567, rush orders, or any unusual requests.
- If your payment gateway doesn’t validate the ship-to address, look up the address in your own shipping software, recommends Lee Amon, co-owner of Kate’s Caring Gifts in Fremont California. “If the city and state don’t match the ZIP code or there are other anomalies, that’s a red flag,” Amon says. “Call the customer to confirm the order and shipping address.”
- Watch out for names and addresses similar to previous fraudulent orders, multiple orders placed by the same person using different credit cards, and orders where the purchaser asks to pick up the order at your location. These may be fraudsters testing stolen credit card numbers.
- “Know your typical customer profile,” advises Kee Nethery, an e-commerce solution provider from California. “Every product has a typical customer profile. If an order falls outside of that profile, investigate more closely before shipping.” For instance, if you were selling a handheld scanner usually bought to scan old photos or documents into a computer, the typical order would probably be for one product shipped to one residential address. Any order that falls out of that pattern might warrant investigation.
An order that contains just one or two of the warning signs mentioned may be legitimate. However, if you don’t know the customer and the order is unusual in any way, it doesn’t hurt to call the customer or card issuer to verify before shipping.