Best practices to prevent online fraud

PayPal Editorial Staff

PayPal Editorial Staff

February 22, 2023

Woman standing behind the counter at a shop, on the phone and looking at an open laptop

Fraudsters don't just target customers and large companies with their schemes. Small businesses are also at risk of losing money and valuable data to online fraud.

According to the Federal Trade Commission (FTC), reports of online fraud — which involves using the internet to commit fraud — increased 70 percent from 2020 to 2021, resulting in almost $2.3 billion of losses from imposter scams and almost $400 million from online shopping fraud.1

It's important for small business owners to protect their companies from these threats, so they can help keep their businesses safe and their customers' information secure.

Here, we've outlined key tools and tips for minimizing your risk of online fraud.

Types of online fraud

First, it's helpful to understand common types of online fraud to watch out for, including:

  • Phishing or email fraud. Fraudsters send deceptive emails to trick people into sharing sensitive information like bank details. Learn more about phising and spoofing and how to protect your business.
  • Online shopping fraud. Scammers set up fake e-commerce websites to accept payments. Customers make purchases but receive either counterfeit items or nothing in return.
  • Identity fraud. Hackers steal personal information and then use it to commit a crime or make a purchase.
  • Lottery fraud. Fraudsters call or email people to trick them into thinking they won the lottery. They ask for bank details to transfer the winnings but steal the information for themselves.
  • Tax scam. Fraudsters pose as IRS agents or debt collectors to steal people's financial information.
  • Credit card reward point fraud. Scammers access people's credit card accounts and use their loyalty rewards and points to redeem benefits.

Keep a strong and secure password

Hackers use sophisticated programs that can run through many different versions of a single password in seconds. In other words, they have the tools to easily guess your passwords and access your accounts.

That's why many websites prompt you to create a strong password of at least eight characters, including at least one capitalization and one special character (for example, “P0r$che9!!"). If you're struggling to come up with a secure password, you can also use a strong password generator to help.

How to stop phishing

Train employees to spot phishing emails and fraudulent messages. For example, phishing emails might ask you to update your payment details for a certain site or submit your information to receive a government refund.

As a rule of thumb, employees shouldn't open any links or attachments from unknown sources. And if an email address, subject line, or message seems suspicious, tell them not to click or respond — but to report it to you or your IT team.

How to protect your computer

Make sure you're running the latest version of your operating system (OS), as OS providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware.

Also, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software programs. Keep in mind that free, limited-feature, or consumer-strength anti-virus software options are insufficient, even for small businesses.

Setting limits to your e-commerce

Yes, you want to make money — but not at the expense of your safety and security. That's why you should set limits for the number of purchases and total dollar value you'll accept from one account in a single day.

If you sell casual boots, for example, and one customer tries to make 10 purchases worth thousands of dollars in under 24 hours, you know something suspicious is happening. And you can set up your e-commerce site to flag it for you.

Use the address verification system

When a customer pays with a credit card on your site, they should be prompted to enter a billing address for that card. That's where the address verification system (AVS) comes in.

The AVS compares the customer's entered billing address with the address on file at the credit card company, verifying the cardholder's information. This AVS check is an online fraud tool included in most payment processing solutions but check with your payment processor to be sure they support it.

Require the card verification value

The card verification value (CVV) is that three- or four-digit security code printed on the back (and sometimes the front) of credit cards. According to Payment Card Industry (PCI) compliance rules, merchants can't store the CVV as part of a customer's credit card information. Therefore, it's one of the most effective forms of fraud protection because customers must enter their CVV every time they check out. Plus, it's virtually impossible for hackers to get that number unless they've stolen the person's physical credit card.

Most payment processors include a tool to require CVV as part of their checkout templates, so make sure to use it.

Connecting to a secure Wi-Fi network

Hackers can use unsecured Wi-Fi networks to tap into devices and steal information. That's why it's so important to make sure you're using a secure home or office Wi-Fi network.

You can do this by installing a firewall, setting access restrictions and guest permissions, and creating a secure password for your wireless network. Also, when you're not at home or in the office, be cautious about connecting to a Wi-Fi network that's unknown or publicly accessible.

How to report a suspicious message

When you do spot a suspicious message, report it right away to help stop the threat and minimize your risk of fraud.

You can report fraud to government agencies, credit bureaus, and financial institutions. For example, the FTC has a website dedicated to reporting fraud, and PayPal provides businesses with clear instructions for reporting suspicious messages.

How PayPal helps buyers

We know how important security and peace of mind are in online business. Learn more about PayPal Seller Protection here.

So go ahead and set up shop. We've got your back.

Was this content helpful?

Sign Up for the PayPal Bootcamp

In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.


We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies