We dealt with PCI compliance and regular site security audits in the previous blog. You can find Part One of this article here. Here are some more steps to protect yourself against online fraud.
Suspicious activity on your site
You can rely on common sense and technology to flag irregular activity on your site. Machine learning and AI have advanced so far that you can rely on software like Signifyd to pick up flags like inconsistent billing and shipping information. You can also use Google analytics to pick up activity in countries known to serve as bases for fraudsters.
AVS (Address Verification Service)
Issuing banks and card companies offer AVS services that detect suspicious credit-card transactions in real-time. The AVS system is part of the merchant’s request to authorise a payment. It compares the cardholder’s billing address that’s held on file by banks against the billing address of the transaction. When these two addresses don’t match the system either declines or flags the transaction for further investigation.
CVV (Card Verification Value) numbers
All credit and debit cards have CVV numbers printed on the back of the card. It is also known as the CSC (Card Security Code). It is a good idea to insist that all transactions require a CVV number before you process the purchase. This measure will ensure that you put an extra level of security in place to protect you against online fraud. Unless the cardholder is in actual possession of the card, they will not find the CVV number.
HTTPS (Hypertext Transfer Protocol Secure)
Browsers use the HTTP protocol to communicate with your store. HTTPS is the secure version of this protocol. The protocol encrypts all sensitive data like the customer’s name, address and credit card number. To get access to HTTPS you need to purchase an SSL (Secure Socket’s Layer) certificate.
Too much data
Like too much information, too much data can also be a problem. Hackers can only steal data that you have. If you don’t have it …. Only collect the essential data you need to complete the transaction and fulfil the order. The kind of data you can easily avoid collecting is birthdays, social security numbers.
Limited purchases
Set limits on the number of purchases a customer can make in a day or week. Also, limit the amount of each transaction by looking at spending trends on your site. If you sell small-ticket items and a customer buys 100 of each in one transaction, a red flag should go off somewhere.
Anti-fraud solutions
Depending on your level of technical know-how, your budget and how much time you want to spend on installation and ongoing maintenance, you can find various levels of anti-fraud solutions.
- Basic-anti-fraud tools perform single, specific functions. They are usually integrated with shopping carts and ecommerce platforms and use machine learning algorithms to identify fraudulent transactions through IP geolocation, validating email addresses, device fingerprinting and address verification.
- Mid-level anti-fraud tools have a broader range of functions. They guarantee chargebacks, handle automatic declines of suspicious transactions, protect you against take-over accounts and combat new account fraud.
- Top-level protection includes all of the above and outsourced case management, knowledge of large volume merchants, loyalty fraud and policy abuse protection, automated decisions and manual reviews of suspicious transactions. The more advanced software used is intelligent enough to distinguish good from irregular orders.
The IP address and the credit card address must match
Every computer that uses the internet has a unique IP address. Every order placed on your ecommerce store also comes from that IP address. If you look at the IP address, you can generally tell where that computer is located in the world. Check if the IP address matches the registered physical address on the credit card that the customer is using. If they don’t, it’s a red flag!
Only ship to physical addresses
Consider it suspicious when customers use PO boxes or anonymous locations as their delivery addresses. If there are any problems down the line, it’s quite hard to prosecute or even find a door to knock on if there isn’t one. Freight forwarders also fall under this category. These addresses are also typically used for fraudulent practices including money laundering.
The last word on fraud is that it’s better to be prepared. Rather safe than sorry can’t be more applicable. If you’re looking for a payments partner you can trust, speak to Truevo. Your store’s safety and security are at the forefront of all the products we develop.