A new report from 4iQ released a startling statistic, saying there was a 424% increase in new cyber breaches of small businesses in 2018 compared to 2017. What’s even worse, 78% of the small-medium sized businesses participating in these findings indicated they had been a target of cyber attacks, highlighting the importance of eCommerce fraud prevention. It should be a wake-up call to any business owner for a few reasons:
- As e-commerce becomes more profitable and popular, thieves are getting smarter;
- Keeping up with them can take a big chunk of your time;
- There are many types of eCommerce fraud, so being able to spot one is becoming increasingly difficult because it seems like a moving target;
- Your business is keeping you busier than ever before, and you simply don’t have the resources to devote to eCommerce fraud prevention.
Common types of eCommerce fraud
There are two major buckets of eCommerce fraud: account takeover and identity theft.
If you’re like most eCommerce stores, you allow your customers to create an account and store sensitive information in their profile. They’ll store personal information, payment data and purchase history. Because of this, your customers can be preyed upon through:
Phishing schemes: perpetrators will send fraudulent emails claiming to be you, tricking your customers into revealing their usernames or passwords. From there, they can change addresses and make large purchases on stored data.
Bots: these automated systems run from servers and try to simulate human tasks like site-specific interactions and masquerade as legitimate users to get customer information.
You may have taken a lot of precautions to protect your customers’ data, but hackers keep getting smarter and can find ways in. If they do, they’ll steal:
- Credit card and other payment information
- Other identifying personal data
Using this information, they make unauthorised purchases, change passwords and usernames or even sell the information to other scammers who open other accounts using stolen information, leading to other types of fraud.
This is when they buy from you with the stolen card, wait for the customer to cancel their card and then insist you refund them the amount of the fraudulent amount to another account. Once the real customer notices the fraud, you’ll have to repay them too, leaving you on the hook for the whole amount.
The impact of eCommerce fraud on your business
The fraud bill for Australia in 2019 was $455 million, and the category of business most on the rise is eCommerce. Of the total number of fraudulent transactions, cards not present accounted for nearly 85% of the fraudulent activity, and that is always the case when you accept virtual credit card payments.
As an eCommerce business owner, you are unfortunately uniquely poised to be targets of fraud rings and new cyber attacks. As more of your customers fall victim to phishing schemes and other identity theft schemes, you become even more at risk.
eCommerce fraud prevention tactics
So, what can you do about it?
With so many ill-intentioned people trying to scam you out of your hard-earned money, it’s more important than ever to ensure you’ve got the right preventative measures in place. The best place to start is with the Payment Card Industry Security Standards Council (PCI DSS).
PCI DSS is an internationally recognised standard for maintaining both the integrity of merchant payments and customer information security. If you’re not well versed in this, you need to be, or you need to partner with a company like eWAY. This is required of every company that handles credit cards. You’ll have to meet 12 core requirements to be considered compliant.
If you’re found to be non-compliant, and there’s a data breach, you may be fined, and those penalties can range from $5,000 to $100,000 per month per violation. On top of that, your processing of credit cards from certain providers may be suspended.
eWAY has created the MTI program to provide assurance to business owners that they are protecting their businesses against data breaches and also fulfilling their PCI DSS obligations to protect their customer’s card details.
To be sure you’re taking every precaution possible to keep your business and your customers safe, it’s wise to put these tactics into your routines.
Ensure all systems are PCI compliant: Protect yourself from monetary loss and loss of customer confidence and reputation.
Monitor transactions and bank accounts daily: Understand buying patterns for your business and can spot red flag numbers to investigate. Track IP addresses and look for anonymous email addresses which pose the most significant fraud threat.
Set transactional limits: You can restrict the dollar amount in purchases you’ll accept from one account in a 24-hour period.
Require the CVV code: According to PCI rules, you can’t store these codes, so fraudsters are very unlikely to have this when making fraudulent purchases. By requiring this at checkout, you limit the chance the transaction is fraudulent.
Require tougher passwords: The more intricate you require passwords to be, the safer your customer’s data will be. The current standard is eight characters, one uppercase letter, one number and a special character.
Keep your software and OS up-to-date: Security patches are added with almost every update, so staying on top of updates helps keep everyone safe.
As an e-commerce business owner, you’re in a vulnerable position. You’re primed to be a target of fraud, yet you don’t have big corporation resources to help you avoid some potentially devastating losses. Understanding the kind of fraud you may be susceptible to is a good start, but then what?
You can see there’s an ocean of information to sift through, some of it compliance-oriented, some preventative. If you need a partner in navigating the world of e-commerce fraud, eWAY has created eWAY Fraud Protection to provide industry-leadingfraud protection. Contact us today to put the eWAY Fraud Protection to work on your business.
Subscribe to updates
Get the latest news and payment insights from Eway hot off the press.