Fraudsters don't just target customers and large companies with their schemes. Small businesses are also at risk of losing money and valuable data to online fraud.
According to the Federal Trade Commission (FTC), reports of online fraud — which involves using the internet to commit fraud — increased 70 percent from 2020 to 2021, resulting in almost $2.3 billion of losses from imposter scams and almost $400 million from online shopping fraud.1
It's important for small business owners to protect their companies from these threats, so they can help keep their businesses safe and their customers' information secure.
Here, we've outlined key tools and tips for minimizing your risk of online fraud.
First, it's helpful to understand common types of online fraud to watch out for, including:
Hackers use sophisticated programs that can run through many different versions of a single password in seconds. In other words, they have the tools to easily guess your passwords and access your accounts.
That's why many websites prompt you to create a strong password of at least eight characters, including at least one capitalization and one special character (for example, “P0r$che9!!"). If you're struggling to come up with a secure password, you can also use a strong password generator to help.
Train employees to spot phishing emails and fraudulent messages. For example, phishing emails might ask you to update your payment details for a certain site or submit your information to receive a government refund.
As a rule of thumb, employees shouldn't open any links or attachments from unknown sources. And if an email address, subject line, or message seems suspicious, tell them not to click or respond — but to report it to you or your IT team.
Make sure you're running the latest version of your operating system (OS), as OS providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware.
Also, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software programs. Keep in mind that free, limited-feature, or consumer-strength anti-virus software options are insufficient, even for small businesses.
Yes, you want to make money — but not at the expense of your safety and security. That's why you should set limits for the number of purchases and total dollar value you'll accept from one account in a single day.
If you sell casual boots, for example, and one customer tries to make 10 purchases worth thousands of dollars in under 24 hours, you know something suspicious is happening. And you can set up your e-commerce site to flag it for you.
When a customer pays with a credit card on your site, they should be prompted to enter a billing address for that card. That's where the address verification system (AVS) comes in.
The AVS compares the customer's entered billing address with the address on file at the credit card company, verifying the cardholder's information. This AVS check is an online fraud tool included in most payment processing solutions but check with your payment processor to be sure they support it.
The card verification value (CVV) is that three- or four-digit security code printed on the back (and sometimes the front) of credit cards. According to Payment Card Industry (PCI) compliance rules, merchants can't store the CVV as part of a customer's credit card information. Therefore, it's one of the most effective forms of fraud protection because customers must enter their CVV every time they check out. Plus, it's virtually impossible for hackers to get that number unless they've stolen the person's physical credit card.
Most payment processors include a tool to require CVV as part of their checkout templates, so make sure to use it.
Hackers can use unsecured Wi-Fi networks to tap into devices and steal information. That's why it's so important to make sure you're using a secure home or office Wi-Fi network.
You can do this by installing a firewall, setting access restrictions and guest permissions, and creating a secure password for your wireless network. Also, when you're not at home or in the office, be cautious about connecting to a Wi-Fi network that's unknown or publicly accessible.
When you do spot a suspicious message, report it right away to help stop the threat and minimize your risk of fraud.
You can report fraud to government agencies, credit bureaus, and financial institutions. For example, the FTC has a website dedicated to reporting fraud, and PayPal provides businesses with clear instructions for reporting suspicious messages.
We know how important security and peace of mind are in online business. Learn more about PayPal Seller Protection here.
So go ahead and set up shop. We've got your back.
In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.