Online businesses and their customers are encountering online fraud on an increasing basis. Fraudsters use stolen card details to target online payments.
Before you begin selling online, understand that your business will be held responsible for all fraudulent transactions it processes.
The responsibility of determining whether a customer is genuine rests on you. Failing to do this will render you liable for reimbursement for unauthorized card use.
There is some good news. E-Next offers fraud-battling tools that help your business reduce its fraud-related losses.
However, you must also take individual measures to prevent fraud. New online companies that do not do this may find themselves out of business within just six months.
In addition, you must ensure that stored card payment information is protected from fraudsters and hackers who may try to steal credit card details. This compliance is necessary to meet card scheme requirements (referred to as the Payment Card Industry Data Security Standard, abbreviated PCI DSS) pertaining to the protection of cardholder data.
Data breaches or non-compliance can result in large fines. Therefore, before your business begins accepting payments, you must understand your obligations. For more information, refer to our PCI DSS page.
Why fraudsters target e-business
Since you do not physically interact with the cardholder or the card, you cannot:
- physically check the security features of the card to verify that the card is genuine
- require a PIN or signature to verify that the consumer is the legitimate cardholder
- guarantee that the legitimate cardholder has provided payment information
Some retailers doing business online do not understand the associated risks so they do not make any effort to prevent fraud. As a result, they become easy targets.
Is my business at risk?
All kinds of e-businesses experience fraud but certain types of products and businesses are particularly attractive. If you offer any of the services or products below, we recommend reviewing your fraud tools, controls, and relevant company policy to ensure that your business is protected:
- Financial services
- Electrical or computer goods including gadgets, videogames, and electronic toys
- Telecommunications (particularly Voice-over-IP) and technology
- Web hosting and domain name registration
- Furniture, particularly contemporary and modern
- Clothing, jewellery, accessories (sunglasses, handbags, etc.) and other fashion items
- Charities (often susceptible to card testing that involves making small payments to verify that the card is authorized and then using the card to purchase costly services or goods)
- Goods that can be downloaded
- Other items that are in demand and can be re-sold quickly and easily
Whether or not your business is at high risk, focus on protecting it from fraud. The following information will help you identify fraudulent activity and take action before it can harm your customers and your business:
In addition to using the fraud detection tools provide by E-Next, you should be alert to other indications of suspicious payments.
A payment that is potentially fraudulent is not in line with the average purchase or customer.
Many fraudulent payments share these attributes:
- high-value orders
- high-quantity orders
- late night orders
- orders placed from high-risk countries (our Support site offers more details)
- guest house, hotel, or P.O. box addresses
- different billing and shipping addresses or different billing/card issue country and IP country
- email addresses through free or anonymous services
- mobile number vs. landline
- inconsistent customer details with multiple purchases (ex: different address or name but same email address)
- frequent purchases
- indiscriminate purchases
- express delivery
- frequent contact made by nervous customer
- suspicious customer behaviour
It is good sense to verify these transactions so we recommend doing it.
We have created three ways to identify transactions that are potentially fraudulent:
- Traditional detective work
- No time to check
- Honey Trap
Traditional Detective Work
If an order seems too good to be true, it most likely is. We contact the customer to make him/her aware of a possible payment issue. At that time, we request three additional pieces of information:
- work telephone number
- home landline number (if only a mobile number was provided)
- work email address (if only a free/anonymous address was provided)
We use online resources to verify this information and we call the provided telephone numbers. Taking just a few extra minutes before processing the transaction saves hours creating and distributing items for which payment may never be received. Though you may encounter an honest customer who is upset by the enquiry, this individual will probably feel appreciative that his or her card security was taken so seriously.
No Time to Check
Fraudsters often try to place orders at the last minute, hoping that these will proceed through a system unnoticed and they will not be contacted. We are suspicious of any large orders placed during the final minutes of availability.
Say a suspicious customer orders a birthday cake. We then offer several additional related products including a party pack that is drastically overpriced and includes only cups, plates, candles, and banners. Past experience has revealed that individuals using stolen credit cards are not concerned about the value they are receiving for their money.
They will take advantage of all the “extras,” even those that are not good values, because they are not going to be paying for their orders.