Protecting Against Small Business E-Commerce Fraud

As e-commerce grows for companies of all sizes, the risk of fraudulent transactions is expanding at least as quickly. Fortunately, small business owners can take a number of preventative steps to protect their companies against e-commerce fraud.

The risk of e-commerce fraud is especially acute for small businesses, which often lack the sophisticated defenses deployed by the largest online retailers. Understanding the risk and choosing reputable e-commerce platforms from leading software suppliers can go a long way to help small business owners mitigate online commerce risks.

Common Exposures

While the nature of e-commerce theft evolves quickly, most fraudulent transactions fall into one of several types:

• Card testing fraud: Probably the most common type of fraud. Someone buys a batch of stolen payment card numbers, and uses automated tools to make a series of small-value purchases at a variety of ecommerce sites. If the small transactions are approved, the fraudsters make larger purchases.
• Friendly fraud involves a customer making a purchase and immediately requesting a chargeback from the payment processor, often claiming the item was not delivered or they have returned the item to the merchant.
• Interception fraud: A criminal makes a purchase using stolen card data, then asks the merchant or shipping carrier to deliver the item to a different address.
• Triangulation fraud: Criminals set up storefronts on popular online shopping platforms and offer popular items at bargain basement prices. If a customer purchases an item, the fraudster uses a stolen credit card to purchase a legitimate item from an honest retailer and requests delivery to the unsuspecting customer.

Potential warning signals that a transaction may not be legitimate include:

• First-time customers. Most stolen payment cards don’t work more than once or twice.
• Large orders, either of expensive items or in unusual quantities.
• Dividing orders among several shipping addresses.
• Paying for expedited shipping.
• Multiple orders from the same IP address. This typically suggests someone racing to make purchases before an account is closed.

Reducing the Risk

Small business owners can take a number of proactive steps to help reduce the risk of being victimized by e-commerce fraud:

• Choose reliable partners for your e-commerce software and payment processing needs. There’s no need to invest in customized solutions because cloud-based platforms offer powerful e-commerce and fraud reduction features at a reasonable cost.
• Ensure you comply with the appropriate security requirements. The Payment Card Industry Data Security Standard mandates a number of measures, such as having firewalls and not storing card data longer than necessary. Most of these will be handled by your payment processor, but it’s important to ask about their PCI compliance practices.
• Look for Address Verification Service features. AVS verifies the billing address for each purchase and flags suspicious shipping addresses.
• Add package tracking to every outbound order. It’s the best defense against customers claiming they haven’t received an item, and helps reduce refund fraud significantly.
• Make sure your website software is up to date. Software providers typically issue updates in response to emerging security risks and fraud trends.
• Require the use of strong passwords to access your website and e-commerce platform. Hackers often target weak or frequently reused passwords.

Beyond these features, it’s also a good idea to pay attention to your e-commerce orders to get a general sense of the typical sales pattern. This experience will help alert you to unusual transactions that may be fraudulent.