5 steps to help prevent fraudulent payments.

Oct 03 2021 | PayPal editorial staff

You might think your ecommerce website is too small to be of much interest to online criminals. Sadly, that is not true.

In 2018, small businesses in the U.S. reported losing an average of USD $28,313.33 to online fraud.¹And the Federal Trade Commission reported that, from 2017 to 2018, credit card fraud increased by 24% and online shopping and payment account fraud increased by 18%.²

A fraud attack can be very damaging. At the very least, if you accept a fraudulent payment, you could be held financially responsible for the loss. But there are steps you can take to help minimize your risk, and we’ve outlined them below.

How fraudsters operate.

Before we talk about what you can do to minimize your risk, it’s helpful to understand common tactics fraudsters use. Generally, online fraudsters usually use two methods to steal money:

Account takeover: You may provide customers with accounts that store personal information, financial information, and purchase history. Fraudsters often hack into these accounts through phishing schemes. In one of the most common schemes, fraudsters send emails to trick customers into revealing usernames and passwords. The fraudsters then log in to your customers’ accounts, change the passwords, and make unauthorized purchases.
Identity theft: Although most businesses take many precautions to secure customer data, fraudsters still manage to hack into databases and steal usernames, passwords, credit card numbers, and personal information.

Hackers often sell credit card numbers to other fraudsters who open accounts with online retailers and use the stolen numbers to pay for purchases. This type of fraud is difficult to detect because many people don’t check their credit card statements thoroughly — and because victims typically have no idea that someone has opened an online account in their name.

Managing your risk.

Although the potential for fraud is high in online transactions, it doesn’t mean you must accept it as part of doing business online. By putting the right tools and processes in place, you can help keep your business and your customers secure – and reduce your chances of chargeback fees and lost revenue. Below are five tips to help you get started. Once you’ve checked these off, make sure to review the 13 signs of unusual buyer activity.

1. Monitor transactions and reconcile your bank accounts daily.

Nobody knows your business as well as you do. You know your biggest spenders and their buying patterns. Monitor your accounts and transactions looking for any red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers.

2. Consider setting limits.

Using your unique knowledge of your business, set limits for the number of purchases and total dollar value you’ll accept from one account in a single day. It can help keep your exposure to a minimum should fraud occur.

3. Require the card verification value (CVV).

You’re familiar with this three-digit or four-digit security code printed on credit cards. What you might not know is that PCI rules prevent you from storing the CVV along with the credit card number and card owner’s name (That’s why it’s so effective – it’s virtually impossible for fraudsters to get it unless they’ve stolen the physical credit card). Most processors include a tool to require CVV as part of their checkout templates. Use it.

4. Get tougher with password requirements.

Hackers employ sophisticated programs that can run through all the permutations of a password. It won’t take them long to crack a four digit, alpha-numeric password (such as, “abcd”). Best practices these days call for (at least) an eight-digit alpha-numeric password that requires at least one capitalization and one special character (for example, “P0r$che9!!”). Your customers might grumble, but it’s better safe than hacked.

5. Keep your platforms and software up to date.

Make sure you’re running the latest version of your operating system (OS), as OS providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware.

Likewise, install and regularly update business-grade anti-malware and anti-spyware software (free, limited-feature, and consumer-strength anti-virus software tend to not be not sufficient) to help prevent attacks that exploit outdated software vulnerabilities.

Note: If your site is hosted on a managed solution, automatic security patches help ensure that any vulnerabilities are quickly resolved.

Once you’ve taken these steps, learn the 13 signs of unusual buyer activity to be aware of.

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

¹ 48% of Businesses Think They’re Not Big Enough to be Targeted for Fraud, Small Business Trends, March 10, 2019.

² Consumer Sentinel Network Data Book 2018 – February 2019, Federal Trade Commission, 2019.

The contents of this site are provided for informational purposes only. The information in this article does not constitute legal, financial, IT, business or investment advice of any kind and is not a substitute for any professional advice. You should always obtain independent, professional accounting, financial, IT and legal advice before making any business decision.

We'll use cookies to improve and customise your experience if you continue to browse. Is it OK if we also use cookies to show you personalised ads? Learn more and manage your cookies