Since the onset of the pandemic online fraud has become more prevalent than ever. In fact, according to AusPayNet, ‘card-not-present’ (CNP) fraud now represents almost 85% of all card fraud, costing the e-commerce industry close to half a billion dollars each year.
For business owners who deal with online transactions every day this fact can seem concerning and overwhelming. However, luckily, there are many ways to mitigate the risks associated with e-commerce fraud.
Types of online fraud
While businesses both nationally and globally have reported an increase in fraud since COVID-19, those who’ve implemented fraud prevention strategies experienced a reduction in incidents, response costs and penalties as a result of fraud. So, how can you ensure your e-commerce business does the same?
The first step is gaining an awareness of the common online scams that could pose a threat to your business. Here are a few.
1. Money forwarding fraud or overpayment scam
This type of fraud has become more prevalent since the onset of the pandemic. Money forwarding can leave your business financially exposed, when a scammer overpays for a transaction, using a stolen payment card. The scammer will then ask you to send some or all of the funds to a bank account. The likely outcome is that your business is liable for the full amount of the original transaction as well as any additional chargeback fees. The key lesson here, if you’re questioning the legitimacy of a transaction, never forward money.
2. Credit card fraud
This type of fraud is the most common and occurs when a stolen credit card is used to pay for a transaction. Due to the uptake in online shopping since the pandemic, many e-commerce businesses have encountered an increase in this type of fraud, so it’s important to be more vigilant. Unfortunately, business owners usually only become aware of fraud once the rightful card owner raises a dispute for the transaction. Despite this, there are mitigation strategies and security measures you can put in place to lower your risk as an online business. In addition, most payment providers have fraud detection tools that can help you detect suspected fraud, before the transaction is submitted for processing.
How to protect your e-commerce business
1. Regularly review business accounts for suspicious activity
As an e-commerce business owner, it can be difficult to stay across all the transactions which take place on your platform. However, ensuring you do so could save your business countless hours and dollars.
In particular, look out for purchases that:
- Take place at irregular times for your business
- Cost a lot more than the average transaction value
- Come from a regular customer who requests a different delivery address
- Includes a high number of product items
2. Authenticate your customers with 3D Secure
Check your payment provider has 3D Secure included as part of their offering, as an additional security layer for online card transactions. 3D Secure adds an additional layer of authentication step by automatically redirecting the buyer to their issuing card provider to enter a one-time code, to verify the transaction. Once the card is verified, the buyer is redirected back to the online store to complete the payment.
3. Maintain your security updates
Regularly update your security protocols, processes and software. Look for payment providers who are assessed and certified to the highest level of compliance provided by the PCI Data Security Standards to keep your business protected. Consider regularly updating or changing your business passwords or use tools that enable you to manage your business passwords in a secure manner. Though this might seem like a lot of effort, these measures are in place to protect your data, financial security and business.
4. Filter your customer emails for fraud
Phishing is a cyber criminal activity which uses messages and links to gain access to your computer, device or network. These deceptive messages often appear legitimate to those who aren’t aware of this type of fraud. Your staff should receive training on how to spot phishing messages, as even opening them can result in risks to your business. Phishing messages can be sent via email, SMS, instant messenger or social media. Generally, they contain links to a fake website or encourage you to enter details. Before opening a message look at the address, number or sender it has come from, as they will often contain minor typos in an email address or name which may mimic a customer or staff member. For more information visit the Australia Cyber Security Centre.
At the end of the day, educating your business leaders and staff on the risks associated with fraud and putting the necessary technological defences in place will be your greatest protection.
For more information on the latest online scams through the Australian Government’s Australian Competition and Consumer Commission called Scam Watch.