Selling online? Simple steps to protect yourself from fraud

it’s now essential to give your customers the option of buying online using their credit or debit cards

May 9, 2012

Whether you’re selling groceries or concert tickets, handbags or music, iPads or airtime, it’s now essential to give your customers the option of buying online using their credit or debit cards. But credit card fraud is a reality: How can you protect yourself?

The first step, says PayGate founder and MD Peter Harvey, is to make a realistic assessment of your vulnerability to online credit card fraud. “80% of merchants who use our payment gateway get targeted at one time or another,” he says, “but some kinds of business are more vulnerable than others. If you’re selling any kind of virtual product like airtime, or something of high value that is easy to resell like electronics, you’re pretty much guaranteed to attract fraudsters.”

On the other hand, in the kind of business that involves a personal relationship with the customer, the chances of being hit by fraud are much lower. “If you’re running a bed and breakfast or selling individual craft items you’re a less tempting target,” says Harvey. “But fraudsters are incredibly inventive people, so you should never be complacent.”

The first step to protecting your business, says Harvey, is to sign up for 3D Secure, the online PIN system introduced by Visa and Mastercard. “This is a no-brainer,” he says. “It’s free to you as the merchant and all you need to do to sign up is tick a box on a form. It’s effective at blocking fraud attempts – and most importantly, it shifts the liability for fraud from you to the bank.”

There is one downside, he notes: “3D Secure introduces a extra step into the payment process and some merchants lost sales, especially in the early days. But customers are getting used to it now, and if you explain the process properly to make it clear this is a security feature, it can become a selling point.”

3D Secure is also not 100% effective, says Harvey. “No system is perfect, so don’t rely on just one form of protection. With 3D Secure, for example, most US banks haven’t signed up for it yet, which means if someone uses a US credit card you don’t get the protection.”

An extra layer of protection comes from fraud and risk screening services offered by many payment gateway providers, says Harvey. “This involves screening every transaction for certain fraud indicators – suspicious transactions can be blocked outright, or flagged for review. It’s effective, and systems are getting better all the time as they learn more about fraud patterns. There is a small cost, but it’s very economical compared to the risk.”

Unfortunately, not all gateway providers offer this service – and it’s also not 100% secure. But, says Harvey, if your gateway has fraud screening you should definitely sign up for it – or if not, consider changing providers.

The final layer of protection comes from good business processes, says Harvey. “The better you know your customer, the lower your chances of falling victim to a fraudster,” he says. “There are several measures you can take to reduce your fraud risk.”

For example, if your product is physical it may be wise to delay shipping for a couple of days – at least for the first transaction by that customer. Similarly, if you’re selling a virtual product like airtime it’s wise to impose a limit for the first few transactions, until you have built up a trust relationship with your client.

Strong sign-up and registration processes also help, says Harvey. “Ask for as much information as you can. A physical address, a phone number and an ID number,” he says. “If you’re expecting to do repeat transactions of high value with the same customer, ask for a bank statement and/or a utility bill. The idea is to discourage the criminal with a list of stolen credit card numbers, without turning away legitimate customers.”

The bottom line, concludes Harvey, is to acknowledge that fraud is a possibility, and take responsibility for avoiding it. “Sign up for 3D Secure, activate whatever fraud and risk screening your gateway provider offers, and implement some basic safeguards in your business. It’s not hard, and it could save you a fortune.”