Your online shop is like a Beverly Hills mansion: you should never even leave one window open. Its appeal to thieves is very high, but in the eCommerce world these thieves are known by a different name: digital scammers.
This crime, as opposed to being an isolated incident, actually affects up to 50% of companies at some point in their life. The likelihood is too high to prevent it from happening, and even more so if we consider that in 2016, online scams increased by 25%, according to American Express. In the next big events for your online shop, such as Black Friday, Cyber Monday and Christmas, this risk will increase more than ever.
If you still haven't taken anti-fraud security measures for your online shop or if you think that the ones you've implemented up to now have been sufficient, let us steal a bit of your time... before anybody else tries to pull off a serious scam.
Fraud in eCommerce concerns fraudulent payments, for which the shop has to be held responsible, as well as the financial losses and damaged reputation that inevitably follows. A scammer might steal data from your user base, which they would use in their shop or other shops, or they might obtain the passwords of your customers, change them, and make purchases under their name. This causes a terrible blow to your reputation, and it's essential to be prepared for the next Black Friday and Cyber Monday, as one of the main goals of fraud in online shopping are luxury goods and digital products.
Let's see what the experts in this domain have to say. What are the typical cases of online fraud according to the FBI?
- Business E-Mail Compromise (BEC): Legitimate business email addresses are attacked in order to carry out unauthorised transactions.
- E-Mail Account Compromise (EAC): The same as the previous case, but attacking customer accounts instead of those of businesses.
- Data Breach: An attack revealing data from a secure server, which could be about your company or your customers.
- Denial of Service: Access to a network or service is interrupted in order to maliciously get access to your data.
- Malware/Scareware: Malicious software that brings harm to computer units, equipment or networks.
- Phishing/Spoofing: Emails that contain false documents which are sent under the name of so-called legitimate businesses, in order to obtain personal information from the user.
- Ransomware: Another kind of malware that exploits security gaps in organizations or in individual networks in order to steal personal data and demand ransoms in return.
Depending on whether your eCommerce is bigger or smaller, the kind of online fraud you're likely to be subjected to may differ, but the likelihood of them happening to you is the same. Unless you take the necessary precautions so that your online shop is an impenetrable stronghold.
Let's take a look at the anti-fraud measures that we believe you should apply to your online shop, and which should be compulsory for any eCommerce business that takes responsibility for its customers:
First of all, keep your company software up to date by always installing the latest versions of all management programs and any equipment that you use in your company, both for staff and management. For example, keeping your catalogue organized by using a PIM tool (product information management) and ensuring that you always have the most recent version will give you greater control over your business. The ideal solution would be to buy good anti-spyware and anti-malware and to stop bothering with free 30-day trials. Some credit card companies such as Visa or MasterCard have their own anti-fraud tools, which you can also apply if you allow these payment methods in your online shop.
This includes tools for tracking the IP addresses from which purchases are made in your online shop in order to check that they don't correspond with blacklists of identified scammers. Always compare the IP address and the email address with which the purchase has been made in order to find inconsistencies between the country that the customer is in and the country where the purchase has been made. At times when enormous sales are made such as Black Friday and Cyber Monday, scammers make the most of the general sense of mayhem so that this kind of behaviour goes unnoticed.
Always apply Address Verification Systems to your online shop payment procedure. Always ask the client for the CVV security code, the three-digit number printed on the back of bank cards. It is practically impossible to get this code if you don't have the actual card at hand.
Even though your shop is at stake, the biggest threat affects the customer. However, it's surprising how the majority of users don't think about their online security and often choose weak passwords. Get out the customer record and ask them to enter better passwords that are longer and that contain special characters. Many digital scammers exploit the option of creating guest accounts during the events of Black Friday and Cyber Monday in order to avoid being tracked.
You can use the tracking number in every order and ask the customer to sign when receiving the package, in order to verify where they've been sent to and which delivery addresses are potentially fraudulent. This means that you have to pay more for the delivery service; run it by the courier company that you normally use, or activate it for all orders during high-risk periods, such as the weekend of Black Friday and Cyber Monday.
Customer Conduct Control
As an extra measure, you can establish maximum daily expenditure limits per customer, just like an ATM would. If you think that this might do more damage or if your online shop is based on expensive products or large purchases, take a look to see if there's a link between the customer's average expenditure level and the amount of a new purchase.
Keep a record of all transactions and email correspondences with customers, and review anything that seems suspicious, especially if it has come from an unfamiliar country. Teach your employees and managers about anti-fraud measures. Don't be afraid to directly get in touch with customers in order to clear up any doubts: you can avoid fraud this way and, even if that's not the case, you'll still be getting across a professional, cautious and reliable image.
Honesty and Transparency
Always let your users know if there has been a case of fraud or a breach in your online shop. It is better to be honest than to hide information that will be found out sooner or later anyway, especially on social networks, which would do you even more harm.
Don't know where to start? The first step is to keep the place organized, and by using PIM you can automate your eCommerce catalogue and organize your online sales structure, freeing yourself of repetitive chores and strengthening your security system. Try out our free demo at Sales Layer with no obligation, in order to check out the benefits and to see which plan best suits the size of your company.