Remember when your boss needed assistance applying for an SSL certificate? Every time there’s another annual PCI scan, you probably get called in for help. In fact, online payment security is a never-ending journey – with new hacks and scams emerging on a daily basis. While larger organizations typically have dedicated IT and security departments to protect themselves, the majority of smaller businesses go under after a data breach.
If you’re in charge of payment security in your organization, this article outlines some of the most popular types of eCommerce fraud – complete with actionable steps to prevent sensitive data from falling into the wrong hands.
1. Card testing fraud
Online criminals often test stolen credit cards before making big-ticket purchases. These tests are normally just a few pennies at a time. Even tiny instances of fraud can hurt your business’s reputation and negatively impact its merchant account.
Eliminate card testing fraud by setting minimum checkout amounts for all online orders. No one should ever be able to purchase something for 5 cents if the cheapest item in your inventory is $5.
2. Account takeover fraud
Thieves don’t always need direct access to a user’s credit card. Sometimes, they just need that customer’s username and password. Once logged into your online store, for example, a thief can start making unauthorized purchases using whatever stored payment details are on file.
Prevent account takeover fraud by implementing two-factor authentication (2FA) in which online customers must input their high school mascot, nephew’s middle name, or some other “unguessable” piece of information to verify their identities. You can also set up two-factor authentication to send security codes to each user’s email address or mobile device.
3. Overpayment fraud
With this scam, criminals overpay for items (using stolen credit cards) – only to request that the remaining balance be deposited to a different account. Not only do you lose the sale, but you also end up paying money out of pocket.
Fortunately, reducing overpayment fraud is easy. Commit to only issuing credits and refunds to the original funding source.
Speaking of refunds …
4. Chargeback fraud
A refund is when a business voluntarily returns a user’s money. However, that user can instead go through his or her credit card company and have the charges reversed – with or without the merchant’s consent. You would be surprised by how many customers do this deliberately – i.e., ordering something online only to reverse the charges once the item arrives.
Because this scam involves your customers, it often goes by another name – “friendly fraud.”
The best way to reduce this practice is to add tracking and signature requirements to all shipped packages. Doing so allows you to independently verify if and when an item arrives.
From bank vaults to cash tills to login credentials, businesses have always relied on technology to protect themselves. As more payment activity moves online, there are a lot more vulnerabilities to manage – with the above list just scratching the surface.
For a more comprehensive overview of eCommerce fraud prevention steps, be sure to see the accompanying resource.
Infographic created by Fiserv, an omnichannel commerce company