Retailers moving into the online space for the first time face risks that don’t exist in the bricks-and-mortar world, says Brendon Williamson, general manager of business development at payment services provider PayGate – and they need to ensure they are well protected.
Merchants selling virtual goods like airtime or vouchers are the most vulnerable, he says. “I’ve quite literally seen people start up a website selling airtime and go bang within a fortnight. The more quickly your product is delivered, and the easier it is to resell, the more careful you have to be about your payment security.”
“Different kinds of business may attract different kinds of online threats, but nobody is completely safe,” says Williamson. “Even if you’re selling a physical product, somebody may buy goods with a stolen card, have them shipped to a temporary address and then to resell them before anybody’s worked out what’s going on.”
This is not particularly hard, says Williamson: “Even if a card holder blocks their card the moment they know it’s stolen, there is still a window period before the information gets to everyone who needs it. It is almost impossible for a database to keep up with the millions of cards and millions of transactions happening around the world every second.”
Websites that use affiliates to drive traffic are susceptible to their own set of scams, as are accommodation establishments. “Even if you don’t sell anything more valuable than cupcakes, you may find your site targeted by criminals who run through lists of stolen credit cards to make sure they’re working before selling them on,” he says. “The financial loss may not be that big, but it can take a lot of time, and resources that small businesses don’t have, to sort things out.”
Williamson says managing online risk is an art: “On the one hand, you need to make sure you are not exposed to unnecessary risks. On the other hand, you need to make things easy for your legitimate customers to maximise your sales. “
The first step is to know your customers and their buying habits as well as possible, says Williamson. “A simple welcome call once they’ve registered, if your volumes allow it, can tell you a lot. And obviously the longer a customer has been with you and the more often they’ve made purchases, the more you can trust them. Don’t automatically relax the rules for accounts over a certain age, though – fraudsters are wise to that one. “
Limiting your exposure by imposing a transaction limit for new customers, or waiting a day or two before shipping, can also help, he adds.
Whatever you do, he says, don’t just set up a website with a shopping cart and assume all will be well. “Fraudsters are smart, brazen individuals – they’re not be underestimated.
Reputable payment gateway providers should offer extra levels of fraud protection, he says. “It’s essential to have a conversation with your supplier about what they offer, what risks they can protect you against and whether they can give you access to more specialised third-party protection services if your need warrants it.”