5. Use an address verification service (AVS)
Credit card processors and issuing banks typically provide an address verification service (AVS) to detect suspicious credit card transactions in real-time and prevent credit card fraud. This service consists of verifying that the billing address communicated by the card user matches the cardholder’s billing address record at the card-issuing bank.
This verification is done as part of the merchant’s request to authorize the credit card transaction to the payment processor to the payment processor. If the addresses do not match, the system rejects the transaction or flags it for further investigation. This method of fraud prevention is most often used in conjunction with a payment processing solution.
6. Require card verification numbers (CVV)
The Card Verification Value (CVV) is a three-digit security code on the back of credit and debit cards (i.e., VISA®, MasterCard®, and Discover®) and the four-digit security code on the back of American Express® credit and debit cards. By requiring all shoppers to provide the CVV code for each transaction, businesses can ensure that customers have the physical credit card in their hands.
In addition, PCI standards advise merchants not to store the CVV with all other information about a user’s credit card (e.g., card number and owner’s name), as it is deemed illegal for merchants to do so. So, in a way, criminals can’t get this code unless they physically have the card, which cuts down on the risk of fraud.
7. Use the secure hypertext transfer protocol (HTTPS)
Using the secure hypertext transfer protocol is also effective to prevent eCommerce fraud. HTTPS is a primary protocol that ensures data exchange between a client’s web browser (such as Google Chrome) and an online eCommerce store. It is a secure version of the HTTP protocol.
The HTTPS protocol enables data encryption to protect critical information, such as customer names, addresses, and credit card numbers, securing critical customer data from hackers. Using HTTPS prevents the online store from displaying its transactions in a way that is easily accessible to hackers, cybercriminals, and fraudsters. An eCommerce business can use HTTPS by purchasing an SSL certificate. HTTPS is considered an effective preventive measure against common online frauds, which are less subtle.
8. Come up with a blocklist
If you use a fraud detection solution, you might discover some customers who have tested credit cards in your eCommerce store. Once you have identified these customers, place them on an internal blocklist. This will prevent these people from making future purchases on your site.
Of course, a blocklist is not a 100% solution, as fraudsters may keep using new stolen customer identities. However, a blocklist can help you identify potentially fraudulent transactions before they occur, based on past behavior.
9. Avoid collecting too much sensitive data
An effective approach to protecting an online store from a data breach or hack is gathering and storing as little customer data as possible. This preventive action follows a basic logic: hackers can’t steal what you don’t possess. Thus, eCommerce stores are only required to collect the data they need to complete a transaction and ship the product.
Some unnecessary information that businesses can do without includes social security numbers, birth dates, and other unnecessary sensitive customer data so that their business and customer data remain secure, even in the event of a data leak.
10. Set limits on purchases to reduce merchant errors
While this may seem counterintuitive since you don’t want to limit your customers’ purchases, it’s still important to set limits on the number of transactions and the total dollar value they will accept from an account in a single day. Such limits can be easily based on order types and sales trends. This helps minimize the merchant’s exposure to fraud.
According to Chargebacks911, 20-40% of chargebacks are due to merchant error. You can avoid chargebacks by refraining from using confusing billing descriptors or unclear return policies, leading to frustration for rightful customers.
3. Some Common Types of eCommerce Fraud
Although online hackers have many schemes at their disposal, it is essential to know some of their common methods to better protect yourself against these attacks to secure your eCommerce site. Knowing a few eCommerce fraud strategies will keep you on your toes. These strategies have been used successfully against eCommerce sites, large and small. Here are a few of them.
Go more in-depth with this post, too: 10 Types of eCommerce Fraud
Card testing fraud, also known as card cracking, is a strategy of gaining access to credit card numbers by stealing or purchasing card data on the dark web. The person who has the cards does not know if the card numbers can be used to complete a transaction or the limit associated with that credit card.
With access to credit card numbers, fraudsters browse through eCommerce sites and make small test purchases, often using scripts or bots to test multiple credit card numbers quickly. The first few purchases are extremely limited; the goal is to determine if a credit card can be used to make transactions. Once they know that a credit card number is usable, they start making much more significant purchases.
Also known as chargeback fraud, friendly fraud occurs when a person purchases an item or service online and then requests a chargeback from the payment processor, claiming the transaction was invalid. The credit card companies or the bank refunds the customer the transaction amount, which the retailer must still clear. The fraudster makes claims that appear honest and credible, and in some instances, that person may be right (hence the term “friendly fraud”).
For example, if you are an online shoe retailer, a consumer may purchase an item from your online store and claim that the item was never delivered. They may notify his card issuer that the shoe was returned, but the refund was never processed. They can also say that the order made on your site was canceled and they want to be refunded. There is chargeback management software to help you identify and prevent instances of this.
Account takeover fraud occurs when someone succeeds in gaining access to a user’s account on an eCommerce store or website. This can be realized through a series of methods, including purchasing stolen passwords, security codes, or personal information from the dark web or the successful execution of a phishing scheme against a particular customer.
Account takeover fraud is even more serious because it is a form of identity theft and a threat to victims and your reputation as a retailer. Customers who think their data may be compromised on your website or eCommerce store are less likely to proceed to checkout and will turn to competitors who offer more stringent security measures.
4. How Can KORONA POS Help You Prevent eCommerce Fraud?
KORONA POS is a sophisticated point of sale software designed for retail merchants of all kinds. Although KORONA POS does not offer chargeback management software services or any other specific type of online fraud prevention, it allows you to choose any type of payment processor to process your payments and transactions that take place on your website.
Since choosing a sound and trusted payment processor is crucial for better security of your data and those of your customers, you need a POS capable of integrating with any type of processor, an advantage you will benefit from by using KORONA POS. Plus, we now offer a robust, custom eCommerce solution for online retailers. The solution comes fully set up with fraud protection included in every subscription. For more information on how KORONA works, click the button below for a free demo with our product specialist.