4 must-have strategies to manage cyber fraud.

Feb 21 2020 | PayPal editorial staff

Today’s digital transformation allows us to keep in touch and shop anywhere. It also creates opportunities for cyber fraud. While there’s no way to stop it, security experts advise a four-step strategy to minimize negative impacts.
We’re fortunate to live during a time of digital transformation—in which growing digital technologies allow us to keep in touch with people all over the world, put instant knowledge at our fingertips, and shop or sell from the comfort of our homes. It also, however, creates opportunities for cybercrime.
 
The good news: ecommerce sales are projected to reach $3.6 trillion in 2019.1 The bad news: ecommerce fraud is already, at least, a $32 billion problem.2
 
While fraud isn’t the reason most people get into business in the first place, many businesses are finding they’re spending too much of their time managing it. And dealing with the aftermath of cybercrime is expensive. Beyond the annoyance and loss due to chargebacks, there are the hidden costs as well: declined or cancelled orders, loss of customer trust, lost shipping expenses, wasted labour, and more.   
 
It’s always better to be proactive than reactive.
 
While there’s no way to stop criminals from trying to target your online business, you can proactively take action. Think of it like insurance. By setting up a fraud management strategy in advance, you can help avoid paying the heavier consequences that could occur in the face of fraud. When you compare the cost of protecting your business with the cost of losing your business, there’s no contest.
 
Cyber security experts advise a four-step strategy to minimize negative impacts on your business. And for best results, you must use all of them together—rather than pick one or two—for more comprehensive protection.
 
1. Educate your team about fraud attack methods. Build or upgrade your existing training program to educate employees involved with taking, approving, or shipping orders. Cybercrimes are most successful when no one even knows they’re happening. Find sources that can be pushed to them every day to help them identify the latest fraud techniques and trends.
 
2. Build a fraud financial model. There’s no way to protect your business from fraud 100% of the time without turning down a ton of orders. So, it’s a good idea to use analytics to help you determine where fraud is most likely (by product, by region, by device, etc.). Product margin analysis is important as well—the more profitable a product, the more risk you can tolerate—and vice versa. Think about it this way: If you produce and sell a product for $10,000 with a low profit margin—say $500 per item—then a loss to fraud would be keenly felt. In fact, you’d have to sell 20 more just to make up for the loss. Fraud vectors and loss analysis can help you determine which transactions are worth the risk and which ones aren’t.
 
3. Take advantage of fraud management tools. Even basic tools like AVS, CVV, and risk thresholds can help you minimize fraudulent transactions without losing sales—and 40% of businesses don’t even take advantage of simple services like postal address validation.3 Up your game even further by tapping into advanced fraud tools like custom rule sets and decision transactions with a tailored fraud review dashboard. This helps you to balance automation with good judgment.
 
4. Choose a robust payment partner. Your payments platform, like the solutions available through PayPal, should allow you to help protect financial data while still making it easy for customers to shop. Payment details and customer data are stored in the PayPal vault, so not only are you qualified for PCI compliance, but with PayPal you may see higher conversion rates by removing friction, while mitigating the risk of fraud.


Like PayPal, your partners should also provide programs that help protect you against common types of fraud as well as customizable offerings that give you more control and coverage.
 
Businesses are often pleasantly surprised by how simple it can be to put these strategies into action. Often times it starts with selecting the right technology platform that incorporates all of these strategies into one package. And when it’s a scalable solution, like PayPal, it can enable current and up-and-coming payment methods and security features with one simple integration.
 
If you’re working with a different platform, now’s the time to ask some important questions—to find out what types of protections are available for your business. What tools, processes, systems, analytics, and partnerships do you want to build? The cybercrime landscape is always changing, and it’s better to set strategies and policies in motion now to help protect your ecommerce business now and in the future. 
The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

1 https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369
2 https://www.pymnts.com/news/2015/2014-fraud-spike-cost-u-s-retailers-32-billion/
3 https://www.cybersource.com/content/dam/cybersource/2017_Fraud_Benchmark_Report.pdf

Frequently asked questions.

With PayPal, you can enjoy a safer and easier way to send and receive payments for goods, services and more.

Shopping globally with peace of mind
Simply link a card to your PayPal account and you can start making payments in over 20 currencies. Instead of entering your card information for every transaction, you can now pay with just a few clicks without compromising your security. You can also withdraw funds into your bank account anytime. We use industry-leading anti-fraud technology and a dedicated team of risk experts to help keep your transactions safer. Learn more about PayPal Buyer Protection.

Growing your sales from various channels
Select from our wide range of payment solutions to receive payments from buyers all over the world. Accept safer payments anytime, anywhere – on eBay, through your own website, using PayPal Here in your storefront, or by simply emailing an invoice to your customers. Besides our expertise in payment security, our Seller Protection protects you from any losses arising from unauthorised payments and items not received on eligible transactions.

Find out more about how we protect you.

PayPal Business app lets you manage your business and get paid on the go. Regardless of the size of your business or the type of PayPal account you have, this app could be useful to you. You can download the app from the iOS App Store or Google Play.

Key features of the Business app include:
  • Withdraw money to your bank account.
  • Create and send invoices.
  • Have easy access to your customers' information as well as contact them by phone, email or text.
  • View transaction details and search for transactions.
  • Provide refunds.
If you're interested in sending PayPal payments on the go and keeping track of your money easily, check out the PayPal app for consumers.

It's extremely important to report any suspected instances of fraud. Not only will this protect you, it'll also help make the internet a safer place to do business.

Here are some types of fraudulent activity and steps to report them:


Unauthorised activity on your PayPal account

If you notice unauthorised account activity, report it to us immediately through the Resolution Centre. Here's how to report an unauthorised activity:

  1. Go to Resolution Centre.
  2. Click Report a Problem.
  3. Select the transaction ID you want to dispute and click Continue.
  4. Select "I want to report unauthorised activity".
  5. Follow the instructions to report the issue.


Fake PayPal emails or fake websites
If you received what looks like a scam PayPal email, or you've come across a phishing PayPal website, please report it to us by forwarding the original email or URL to spoof@paypal.com. Once you’ve forwarded the email to us, delete it from your inbox and don't click on any links in the email.

Learn more about how to idenfity a fake email. For safety, you should always log securely into your PayPal account to view your transactions.


Items not received or a potential fraudulent seller

If you sent a payment but haven't received what you paid for, or believe the seller to be fraudulent, you can file a dispute in the Resolution Centre and start communicating the issue with your seller. Here's how to file an item dispute:

  1. Go to Resolution Centre.
  2. Click Dispute a Transaction.
  3. Select the transaction ID you want to dispute and click Continue.
  4. Select "I didn't receive an item I purchased".
  5. Follow the instructions to file the dispute. 
If you can't find an agreement with the seller, you can escalate the dispute to a claim any time within 20 days of the date the dispute was opened. We’ll step in to investigate the case and decide the outcome based on evidence supplied by you and the seller.

For more information about staying safe online and protecting yourself from fradulent events, please visit our Security page.
The PayPal Developer Centre (in English only) offers support for developers who have questions about technical topics, such as APIs, PayPal product integration, or testings. You can also find useful information on the PayPal Community Forum, or contact our technical support specialists on Merchant Technical Support.

Below is a list of common topics searched for by developers: 

Account Authentication
Information about validating your visitor's PayPal account.

Encrypted Website Payments
To make online payments more secure, you can make Encrypted Website Payment buttons that rely on standard public key encryption for protection.

Identity API
PayPal offers a secure commerce Identity API that lets your customers sign in to your web site using their PayPal credentials.

Instant Payment Notification
Instant Payment Notification is a message service that automatically notifies merchants of events related to PayPal transactions.

Invoicing
Merchants, developers, and business solution providers use Invoicing APIs to automate the creation, delivery, tracking, and reconciliation of invoices with an integrated payments solution.

Mobile SDK
Accept PayPal, credit cards and other payments methods through mobile apps.

Name-Value Pair (NVP) API
Information and support on name value pairs and NVP SDKs.

PayPal Checkout
PayPal Checkout gives your buyers a simplified and secure checkout experience that keeps them local to your website or mobile app throughout the payment process.

PayPal Sandbox Support
Information and support for users testing in the PayPal Sandbox environment.

PayPal Shopping Cart
The PayPal Shopping Cart system allows buyers to select multiple items on your website and pay for them with a single payment.

Permissions Service API
PayPal's permissions service enables you to request and obtain authorization to make API calls and take action on behalf of your customers.

SOAP
The PayPal SOAP API is based on open standards known collectively as web services, which include the Simple Object Access Protocol (SOAP), Web Services Definition Language (WSDL), and the XML Schema Definition language (XSD).

Testing Your Apps in Sandbox
A guide for developers testing their apps in the PayPal Sandbox environment.

Virtual Terminal
Information about PayPal's Virtual Terminal - a web-based application that processes credit and debit cards, replacing swipe machines.

Website Payments Pro
PayPal's Website Payments Pro is an API-based solution that enables merchants and developers to accept credit cards, debit cards, and PayPal payments directly on their website.
 
Website Payments Standard
You can accept credit cards online easily and offers a streamlined checkout experience to customers using mobile devices.
The contents of this site are provided for informational purposes only. The information in this article does not constitute legal, financial, IT, business or investment advice of any kind and is not a substitute for any professional advice. You should always obtain independent, professional accounting, financial, IT and legal advice before making any business decision.

Consumer Advisory - PayPal Hong Kong Limited is a licensed issuer of a stored value facility regulated by the Hong Kong Monetary Authority under Licence Number: SVF0008. Users in Hong Kong SAR are advised to read the terms and conditions carefully.

When you visit or interact with our sites, services, applications, tools or messaging, we or our authorised service providers may use cookies, web beacons, and other similar technologies for storing information to help provide you with a better, faster and safer experience and for advertising purposes. Learn more here.