Now that you are up and running, and sales are growing, you will probably experience what all online retailers do – fraudulent purchases. And, in many instances, you will have already shipped product out before you are informed that the fraud has occurred. For example, a purchaser comes to your site, buys several items and uses a credit card that “goes through” as valid. You consider the purchase final and ship the product. Then, you are informed that the card was, in fact, used by a crook who has stolen or bought the card information, and the sale is now reversed. Sometimes, law enforcement can assist by using the ship to” address you were given; often, however, the address is bogus as well or is in a foreign country and not able to be tracked. Every year, millions upon millions of dollars are lost through fraudulent online purchases, and you will need to do all that you can to prevent this.
Security from fraud will take vigilance on your part – both in ensuring that credit card data is fully secure for your honest customers and in utilization of accepted methods for protection from stolen cards being used to purchase from your site.
PCI stands for Payment Card Industry – an organization that the major credit card industry has established to adopt standards for online transactions. If you are accepting any major credit card as payment, you must adhere to their DSS, or Data Security Standard). Once you have their standards met, you may accept their credit cards; however, each card company (Visa, MC, Discover, American Express, etc.) has small differentiations, and you will need to meet them in order to accept their cards on your site. In addition, as thieves become more sophisticated, standards evolve as well.
The best advice regarding PCI compliance is to regularly visit the PCI Security Standards Council website. Here you will find everything you need to know about getting set up with any specific card company, changes in compliance standards, and free tutorials regarding detecting fraud and improving your site security. And once you are PCI compliant, you will have an SSL certificate – something that most consumers look fore before purchasing anything from an online retailer.
If you are just setting up your site, visit the Council’s website, and you will be provided all of the information you need to establish PCI compliance. This kind of protection may not prevent every bit of possible fraud, but it will go a long way toward reducing it to a minimum. And your ability to accept all major credit cards will ensure much greater convenience for your customers.
Other Automated Fraud Protection Services
There are many fee-based fraud protection services, such as MaxMind’s minFraud, and you may want to consider contracting with one of them to provide additional protection. Their services generally involve checking a card against IP address and associated email address, the computer or device used, etc. Suspicious purchases are then flagged for you, so that you can move forward with further identification checking before allowing a purchase to go through or denying the purchase altogether. The fee paid can certainly be worth the expenditure if it prevents significant potential losses.
What You Can Do Yourself
Checking shipping addresses and customer identification can also be accomplished by you or an employee, though it may take some time. If an address seems suspicious, use Google Maps to locate it. If, on your order page, you have requested a contact phone number, you can make that call and talk directly with the customer. Often, a quick conversation can alert you to fraud immediately.
It is probably important that you use your “gut feeling” and your common sense when looking at a transaction. If it seems the least bit suspicious, or is unusually large, take the time to check out the information provided – your legitimate customers will understand and will be grateful that you are so diligent. Your fraudulent “customers” will never return to your site!
No matter how careful you are – PCI compliance, contracted fraud detection service, and personal vigilance and checking – you will have to accept that you will fill fraudulent orders once in a while. The goal, however, is to reduce the incidence as much as possible, and you will have accomplished that with these three important steps!