In the world of eCommerce, fraud is a constant threat. This blog discusses some common types of fraud, the potential costs of fraud, and steps you can take to help protect your SMB from fraud.
Fraud types to look out for
eCommerce businesses can experience many types of fraud, including:
- Use of stolen cards. Fraudsters may use stolen card detail—typically obtained through theft or a data breach or purchased on the dark web—to buy from your business.
- First-party misuse (or friendly fraud). This type of fraud typically involves a customer requesting a chargeback even though they received the purchased goods.
- Account-related fraud. This can happen when a fraudster uses customer credentials—generally stolen through an unrelated data breach or phishing scheme—to take control of a customer's account on your website and make fraudulent purchases or perform other fraudulent activity.
Not sure what a chargeback is?
A chargeback (or dispute) is a common outcome of fraud. It occurs when a cardholder disputes a transaction posted to their account—claiming, for example, that the transaction was unauthorized or the purchased item wasn't received.
The cost of fraud to eCommerce businesses
An eCommerce business that experiences fraud can suffer financial and other losses, such as:
- Revenue setbacks. Businesses impacted by fraud may have to fulfil chargebacks and cover other financial costs, including lost inventory.
- Increased fees. If your business frequently deals with chargebacks, your payment processor may increase fees to offset potential risk.
- Reputational damage. Accepting fraudulent transactions could harm your brand image among affected, existing and potential customers, leading to future losses.
6 steps to protect your SMB and your customers
Fraudsters tend to be both savvy and relentless, but there are steps you can take to protect against fraud.
- Be proactive. Check your eCommerce website for potential vulnerabilities and make sure you have the basics in place, such as a firewall with tools for botnet detection, prevention, and removal. Above all, if any of your security tools alert you to suspicious activity, be ready to respond fast.
- Reduce the risk of account takeover. Implement two-factor authentication and encourage customers to choose strong, unique passwords for their accounts.
- Use a secure payment gateway with integrated fraud prevention and detection tools. Fraudulent activity often looks different from normal activity. Choose a payment gateway that actively monitors transactions for suspicious and fraudulent activity and catches problems before they can harm your business. Authorize.net, for example, comes with our Advanced Fraud Detection Suite (AFDS), whose fraud filters help you identify potentially risky or fraudulent transactions so you can review them before authorization, or simply decline them.
- Tackle first-party misuse. Although this fraud can be difficult to identify, you can reduce the risk by:
- Making your return and refund policies easy to access and understand
- Providing clear descriptions for cardholder statements, including customer service contact information
- Implementing tracking tools to confirm the arrival of shipped goods
- Be ready to adapt your fraud strategy. You may need to adapt your fraud strategy in line with evolving fraud patterns, changing customer behaviors, or your own business needs. For instance, when peak season rolls around, you may need to adjust certain rules—such as velocity—to guard against increased fraud risk without adding checkout friction for real customers. Give yourself time to test your amended fraud strategies well ahead of implementation, so you can identify what works and what may need further adjustment.
- Manage sensitive customer data securely. To minimize the security risks of storing sensitive payment card information, choose a payment gateway that securely stores and manages payment information on your behalf. This will also reduce the scope of your PCI DSS compliance.
Not sure what PCI DSS is?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data. The right payment gateway provider can help you address PCI DSS compliance requirements.
Authorize.net: smart fraud prevention that doesn't get in the way
We understand that every eCommerce business wants to defend itself and its customers against fraud. That's why our payment gateway comes with Advanced Fraud Detection Suite (AFDS)—built-in protection that works quietly in the background.
AFDS comes with 13 smart fraud filters that help keep payments clean and easy for fewer false declines and more real customers. The filters cover:
- Transaction settings, to help you identify high-risk transactions through address verification, card code verification (CCV), and upper and lower limits on transaction value
- eCommerce settings, to help prevent common eCommerce fraud scenarios by verifying and comparing billing and shipping addresses and IP address locations to spot geographical inconsistencies that can indicate fraudulent purchasing behavior
- Card testing settings, to help you identify high-volume or high-speed fraud attacks that can signify card testing by fraudsters
- IP address administration, so you can block orders from IP addresses that are known sources of fraud
In addition, we offer Customer Information Management (CIM) to securely store customer and payment card data on your behalf, and reduce your PCI DSS compliance scope. CIM uses tokenization, a security technique that makes it more difficult for fraudsters to steal sensitive payment information.
Stop fraud, not customers
Find out how Authorize.net can help you stop fraud before it starts—without slowing down checkout.
