How to keep fraudsters out of your ecommerce operation

Online fraud is the curse of any ecommerce operation and it seems the scammers will try anything to rip you off, from supplying someone else’s credit card details to claiming refunds on allegedly incomplete deliveries. Chris Barling of ecommerce software provider SellerDeck explains how to combat fraud in your online retail business

It’s easy to prevent online fraud. Just don’t ship any orders. This somewhat silly statement perfectly illustrates the problem with online fraud. The challenge is not simply to reject suspicious orders, it’s to find the right line between fraud prevention and losing good business.

Not all online merchants suffer from fraud, as the incidence varies greatly between different categories. With known-buyer fraud, the buyer tells lies about the product they received in order to get free goods by charging back the cost or demanding a full or partial refund. With straight fraud, you are dealing with an unknown person who is using stolen card details.

Measures to combat online fraud

The big change in the past few years has been that banks have started to take online fraud seriously. There are now a range of services such as address verification service (AVS),  CV2 (the code on the back of the card) and 3D Secure (also known as Verified by Visa and Mastercard SecureCode) . Banks have also introduced the payment card industry data security standard (PCI DSS) which tries to make it more difficult for scammers to acquire big treasure troves of card details.

Alongside this we have seen the rise of anti-fraud services like DataCash, which now checks more than a billion online payments a year, claiming to prevent £1 million of attempted fraud a day.

How can small firms prevent online fraud?

The approach adopted by a merchant really needs to combine the technical weapons in the armoury with some sensible internal policies.

With a policy-based approach, you should be defining what to do when fraud is suspected, which in turn may be flagged by technical indicators or orders over a certain value. Contacting the buyer by phone or email can be very effective, as can asking for details of “the order”. If the fraudster has placed multiple orders, they won’t recall a particular one very easily and they don’t want to talk to the merchant anyway.

A second line of defence can be adopted if the merchant is still uncertain of the genuineness of the order. Simply ask for payment by an alternative means, such as cheque or even a different card, which would need to have the same billing address.

In order to implement these checks, you need a payment service provider that supports them. So make sure that your payment provider supports 3D Secure, AVS, CV2, preferably one of the independent fraud checking services and of course is PCI DSS compliant. When you have these services up and running, mention them on your website as they boost trust.

It’s a fact that you can gain a competitive advantage by controlling online fraud. When we are all struggling to increase sales by small margins, getting the fraud percentage down while rejecting few good orders can provide a small but genuine edge.

For more information on securing your ecommerce systems, see Secure your online shop.