Internet and ecommerce tech have broken down the barrier of entry for new businesses, with millions of SMBs taking advantage of worldwide markets at the click of a mouse. The enthusiastic embrace of ecommerce is leading to new and profitable opportunities for many companies, but there are stumbling points: one particular issue, ecommerce fraud, stands out.
Staff and management working at SMBs are often, and rightly, most concerned about promoting the product and service on offer, and with keeping customers happy. Side factors, such as the potential impact of fraud, are easily ignored. Yet the cost of fraud can be extremely high – Experian found that ecommerce fraud spiked by 33% in 2016 alone – which is why SMBs should put fraud protection right up there with customer satisfaction.
Fraud ABC for SMB operators
Ecommerce fraud manifests in many shapes and forms, but three important points should be noted by smaller ecommerce vendors. First, vendors should be aware of the possibility of account takeovers or ATOs.
Just because an order is placed by a customer that has passed an online authentication process does not mean it is placed by the owner of the account. A mix of pure hacking power and poor password discipline opens the doors for customer accounts to be stolen and used for fraud.
Second, valid credit card details are easy to come by on the dark web. An order placed with credit card details that pass basic security checks is not necessarily an order placed by a genuine customer.
SMBs should know that orders that pass the credit card verification stage may still be fraudulent and result in a chargeback. Of course, one of the best defenses against credit card fraud is chargeback protection from an anti-fraud vendor.
Finally, even smaller ecommerce operators will over time collect a large amount of customer data. This aggregation of personal details acts as a honeypot for hackers who can employ stolen data to further their interests. SMBs should be very aware of how much customer data is retained, how long it is retained for and where it is stored, including the protections in place to prevent theft.
What SMBs can do to stop ecommerce fraud
Awareness of the basic issues around ecommerce fraud is the first step, but SMBs should also actively engage in preventing fraud, including credit card fraud (known as card not present or CNP fraud) as well as ATOs and the theft of personal data.
Engagement starts with evaluating transactions on a case-by-case basis. Merchants have several options when it comes to evaluating transactions, including manual review of transactions or an automated, rules-based system. Merchants could even refer transactions above a certain value for manual review, automatically approving transactions that are for a trivial amount.
Manual review, however, can cause a delay in orders, so many merchants rely on the automatic rules-based approach. Yet merchants should know that rules should not be too blunt as this
can lead to false positives, where bonafide transactions are incorrectly declined. An excess of false positives can be damaging to an SMBs chance of making it big, saying no to a customer once at such an early stage can mean that a customer never returns.
Think about getting outside help – when appropriate
One easy way to protect against CNP fraud is to employ the services of a fraud protection vendor. Vendors act as a middleman, checking orders against a sophisticated set of rules in real time, leading to either approval or denial of an order.
The better vendors will use advanced algorithms driven by machine learning that can evaluate transactions based on an up-to-the-minute understanding of customer behavior and fraud risks. Though anti-fraud vendors can help SMBs fish out fraudulent transactions, protecting against ATOs is a responsibility which is closer to home.
Merchants should make sure that internal systems offer resistance to ATO attempts, by for example forcing the customer to use complex passwords or by insisting on other verification steps should red flags be raised – orders from an IP in a different part in the world, for example.
SMBs can also resist ATOs and the resulting fraud by blocking multiple failed login attempts and by blocking accounts that are associated with repetitive credit card declines.
Fraud prevention should be a core concern
To ensure ongoing success, and a solid bottom line, SMB operators must have at least a basic understanding of ecommerce fraud risks. We have outlined some of the most important factors SMBs should be aware of and underlined that they should not be hesitant to recruit outside help.
Advanced fraud protection systems can be both affordable and effortless, providing the crucial support that SMBs need to stop the cost of fraud.
Image Source: Univision.com