As EMV has tightened up on retail fraud, fraudsters are turning their efforts toward ecommerce. It’s estimated that online fraud will cost retailers $71 billion globally over the next five years. Small merchants are a common target for fraudulent transactions and data thieves, but there’s actually quite a lot they can do to fight back.
1. Start Wisely
Choosing a secure e-commerce platform is a crucial first step for small merchants. There are dozens of hosting providers out there, and it can be hard to determine what bells and whistles are really necessary. The most essential factor is PCI compliance, which protects and encrypts cardholder data. If there is any question about a host’s status, merchants can check with this PCI list.
2. Gain Trust
Merchants can make sure their sites are secure AND build trust with consumers by enrolling in trust seal services. Well-known companies like Norton and Thawte issue TLS 1.2 certificates and provide site seals to let customers know a merchant offers secure transactions. Other trust seals such as Verified by PayPal and TrustE verify that sites are run responsibly, providing peace of mind for both merchants and their customers.
3. Use Multi Factor Authorization
Merchants can go far to protect themselves by setting up order pages with multi factor authorization. Requiring a CVN is one obvious step, but it’s just the starting point. MFA goes beyond CVNs, or even codes sent to your cellphone. Today’s MFA can use a variety of unique indicators such as biometrics and security tokens, and it’s a very effective way to prevent fraud. After all, a hacker may sell your card number, but they can’t match your fingerprint. What’s more, with a mobile-first audience, MFA is usually frictionless, so there’s no hit to conversions.
4. Check Your Orders
Nothing replaces due diligence. Merchants can incorporate rules or machine learning tools into their e-commerce site, or even just assign an employee to verify data and flag questionable transactions. For instance, merchants can make sure the IP address of the originating device matches the cardholder’s city and state. Merchants can also require data fields such as a telephone number, and verify that it matches the right area code. These low-tech steps can stop many fraudulent orders.
5. Offer Checkout Buttons
One simple way for small business owners to avoid fraud is to funnel transactions through online checkout buttons. Checkout buttons are digital acceptance marks that allow customers to check out using third party processors such as PayPal, Visa Checkout or Amazon Pay. By using a third party for checkout, the fraud risk falls on the processor, not the merchant. It may cost a little more per transaction, but for many small business owners, the security can be priceless.
6. Get Outside Help
All payment service providers provide some degree of fraud prevention services, but for some small merchants, this may not be enough. Merchants may choose to enroll in a dedicated fraud prevention service that leverages machine learning to assess transaction risk, such as Sift Science. Many payment service providers can recommend an ASV service (PCI-approved scanning vendor) which essentially runs as an anti-virus program to check for data vulnerabilities.
The most robust fraud prevention protocol is 3-D Secure, which is marketed as Verified by Visa, Mastercard SecureCode and American Express SafeKey. 3DS is very effective, but it is not seamless. Because it requires users to enter additional passwords, it adds friction to checkout, a deal breaker for most small merchants. Keep an eye out, however, as version 2.0 is set to roll out in 2018, promising an entirely different, behind-the-scenes approach. Soon, 3DS should be an excellent option for merchants of all sizes.
7. Keep Up to Date
To prevent fraud in all its insidious forms, securing the e-commerce site is only one half of the battle. Malware infections remain another serious concern: stealing sensitive customer data, even extending to outright account theft. It’s crucial for business owners to keep all their software programs up to date and all their computers secured behind rigorous firewalls. As we move toward an IoT world, merchants shouldn’t forget the vulnerability of internet-linked devices, such as thermostats, security cameras, and more. These items can serve as a backdoor for hackers unless proper updates are maintained.
It’s the truth: an ounce of prevention is worth a pound of cure, and nowhere is this more evident than online fraud prevention. Fraud results in lost revenue, angry customers and damaged reputations. Fortunately, small business owners have a number of effective tools to fight back and protect their businesses.