Risk Management for eCommerce Merchants

online shopping-credit card-ecommerce-online

Protecting your business from potential threats is an important part of eCommerce. There are a variety of protocols that should be implemented to mitigate the risk of fraud and other hazards. Here, we’ve put together a guide to help businesses navigate and understand risk management for eCommerce merchants.

  1. Fraud Prevention Tools

Due to the nature of online business and cyber threats, there are plenty of tools available for merchants to implement. Regardless if your business offers general retail items or utilizes high-risk payment processing services, fraud is still a problem. Many companies specialize in the development of new fraud detection tools to help merchants protect themselves. Here are some of the tools available to businesses.

  1. Fraud Screening

Fraud screening tools help identify patterns in the purchasing habits of your customers. They can detect when a purchase is unusual or high-risk. A good screening tool can also detect other patterns that are tell-tale signs of fraud. Here are some of the things that could be red flags for fraudulent activity:

  • Larger than usual orders – If an order is placed on your site that is larger than the average customer spends on your site, it could be a fraud. Similarly, if an order has multiple units of the same SKU number, that could be a sign, as well.
  • Several orders in a short time period – Another red flag for criminal activity is when multiple orders are placed in a short period of time. This is not typical behavior for online shoppers and should be investigated promptly.
  • Multiple shipping addresses – Even more obvious than multiple orders is multiple shipping addresses! If a buyer places multiple orders with the same billing address but sends them to various shipping addresses, that is a huge red flag. It is likely that the cybercriminal is dispersing their stolen goods to make them harder to recover.
  • International IP addresses – This is not always a sign of fraud, but should definitely be monitored. It can be difficult for American payment processing systems to verify international transactions, so these purchases should be treated as high-risk.

When you have a fraud detection tool in place, it can help identify and stop fraudulent activity while it’s happening. The important thing is that you’re monitoring it. Your fraud screening tool should be set up with alerts that send you, or a designated employee, a message that something is wrong so it can be addressed quickly.

  1. Identity Verification

The nature of online business is anonymous, which makes it a huge target for cybercriminals. They appreciate businesses that don’t take the necessary steps to ask for additional ID. Don’t be one of those businesses! Here are some of the ID verification tools available:

  • Address Verification System (AVS) – This is a tool that will ask the customer to input their billing address on the payment screen, along with the card information. During the payment processing operation, the card-issuing bank will decline the transaction if the addresses don’t match.
  • Personal Identification Number (PIN) – Some payment processing systems have a feature that will ask the customer for their PIN number when using a debit card or certain types of purchasing cards. This is another great way to verify the identity of the person inputting the card information.
  • Card Verification Code or Value (CVC/CVV) – This is the security code on the front or back of a credit card. It’s typically a 3-digit code on the back of a Visa or MasterCard or a 4-digit code on the front of an American Express card. Requiring the customer to put in this code at the time of purchase is another layer of security that helps identify the cardholder.
  • Reverse Directory Services – Another tool that can be implemented is a reverse directory service. This type of service uses a third party to verify all of the information that was entered by a customer, including name, phone number, and physical address. This is an increasingly popular tool for eCommerce businesses to use.
  1. PCI Compliance

Following all PCI-DSS standards is a non-negotiable part of being an eCommerce merchant. Implementing these protocols into your daily business practices is essential to protecting your customers and building trust. Here are some of the things that PCI compliance will require of your business.

  • Secure network – Following PCI compliance standards will help you maintain a secure network that will protect cardholder information from potential cybercriminals
  • Anti-virus software – Installing and activating anti-virus software will help protect against potential hackers who could get into your network and steal your customers’ data.
  • Internal controls – Use some internal controls within your company to restrict access to certain information. Your entire workforce doesn’t need access to consumer data. Instead choose a select few people who will be able to access this data and monitor the activity closely.
  1. Monitor and Avoid Chargebacks

Another risk for online businesses is the dreaded chargeback. This happens when a customer purchases a product or service from you and then asks their bank to give them their money back. In this scenario, the bank can actually take the money back and/or cancel the transaction even if you’ve already provided the goods or services to the cardholder.

Avoiding and reducing the number of chargebacks you receive will help save money and protect your business from additional risks. This process starts with excellent customer service. Here are some things you can do to reduce chargebacks.

  • Promptly address customer disputes. If a customer is upset about a purchase for any reason, respond to them as quickly as possible. Your best bet is to resolve the issue between you and the customer before they go to their bank to report the charge on their card and ask for a chargeback.
  • Be easy to get in touch with. This seems so simple, but many small business owners miss the mark in this area. Make it easy to get a hold of you by providing a phone number and/or email address on your website. If customers and their card-issuing banks see that you’re making an effort to provide great service, they are less likely to hit you with surprise chargebacks.
  • Clearly communicate with your customers. You should include the return/exchange policy on confirmation emails that customers receive upon making a purchase from you. They should also be included on the payment screen before the customer completes the purchase. An additional measure is to have a checkbox for them to check prior to completing the sale, that indicates they read and accept the terms.
  • Promptly mail the products that are purchased or provide the services requested. If your customers are purchasing from you online, they expect prompt service. Respond to sales quickly and make sure they are aware of the shipping process and/or the process through which they will receive your services.
  • Track chargebacks by reason codes. Keeping track of chargebacks and the reasons for them will help you identify areas where you need to improve. If multiple customers say the same thing, like “shipping time”, it is likely that your operation is deficient in this area. You can then take the necessary steps to improve that part of your business.
  • Track which payment methods result in the highest number of chargebacks. If the majority of your chargebacks come from a similar type of payment method (i.e. credit/debit card, virtual wallet, crypto, etc.), you should take steps to correct that, as well. Perhaps there is a payment method that you decide to stop accepting based on the amount of chargebacks resulting from that payment type.
  1. Final Thoughts

Risk management for eCommerce merchants is one of the most important parts of an online business. Being able to understand the sources of fraud and implementing processes and procedures to protect your business will contribute to a higher level of success.

Do some research on your current payment providers and other partners to see what they have to offer for risk management services. Implement what you can with them and utilize third-party vendors for other services. The bottom line is to protect your business and your customers to the best of your ability.