As an eCommerce merchant, online fraud isn't a threat you can afford to ignore. That's because for every dollar in direct out-of-pocket losses, you may lose an additional $2 in indirect costs due to:
- Penalties and fees
- Litigation (and more fees)
- Hours spent disputing charges
If customers learn your store has been compromised, decreased customer confidence may also account for lower sales. One study showed an estimated six out of 10 small businesses close within half a year of a cyberattack. Below, we'll outline some of the more common types of eCommerce fraud – plus tips on how to help keep your small business and customers safe.
Stolen credit card fraud
As one of the more common types of online fraud, criminals use stolen credit card information to rack up large purchases and have the goods shipped to third-party addresses that can't easily be traced.
A couple of ways to help prevent this type of fraud include:
- Creating a policy of only shipping big-ticket items to the user's billing address – and never to any other destination
- Using Address Verification Service (AVS) technology to verify each cardholder's “billing” address before letting any online orders go through
Although neither of these security steps will stop other types of fraud, they both help make it much harder for criminals to divert packages to untraceable warehouses or locations.
Card testing fraud
Before making any large charges, some cybercriminals test credit cards by running small transactions – usually of just a few pennies at a time. Although these fraudulent “purchases” might seem insignificant, the authorization fees can add up quickly. This is especially true when criminals test multiple cards back to back.
As an eCommerce merchant, you can help reduce this activity by:
- Using an online velocity filter to prevent back-to-back transactions coming from the same device or location.
- Using minimum threshold filters to automatically flag any purchases that are below the cheapest item in your inventory. If the least expensive product in your online store costs $2.95, there should never be any orders below that amount.
Chargeback fraud
Chargeback fraud involves your “customers,” which is why this scheme often goes by another name – “friendly” fraud.
Below is how chargeback fraud normally works:
- A customer visits your online store and makes a purchase using his or her credit card.
- After receiving the item, the customer claims that it never arrived or that the purchase was fraudulent (i.e., unauthorized).
- That customer keeps the item and then reverses the charges through his or her card-issuing bank instead of requesting a refund from you directly.
- After issuing a “chargeback” to the customer, the card-issuing bank comes to you to collect the amount.
You can (and should) try to dispute each chargeback, although the chances of winning this dispute are relatively low since most credit card companies offer “zero liability” protection to their users. You'll likely lose the sale – not to mention delivery fees. With enough chargebacks on your record, you could be demoted to a more expensive payment processing level. In some cases, your merchant account could even be revoked.
Although disputing chargebacks is difficult, there are steps to take to help make your case much stronger:
- Publish a clear, hassle-free refund policy. This won't discourage bad actors, but it should make it easier for honest customers to resolve issues with you – instead of their credit card issuers.
- Eliminate “guest” checkout. Instead, require that all users log in – preferably with two-factor authentication (2FA). Doing so makes it harder to claim a purchase was truly “unauthorized.”
- Add tracking to all outgoing packages. Even better, consider adding a signature requirement on the receiving end. Both of these tips can help dramatically reduce false claims that items never arrived.
Cybercrime appears in many forms – from merchant identity theft to phishing attacks to overpayment fraud. Each comes with an inherent “defense” strategy – many of which are covered in the accompanying resource. However, it is critical to work with a PCI-compliant payment processor before exploring any specific fraud prevention strategies.
