E-Commerce - Ready, Steady, Threat!

Topic: PCI DSS (Tue 7th Nov 2017)
E-Commerce - Ready, Steady, Threat!

In the e-commerce world, the appeal to thieves is high, these thieves are known as ‘Digital Scammers’.

This type of crime affects up to 50% of companies at some point in their life, especially if we consider that in 2016, online scams increased by 25%. Unfortunately, the risk continues to increase, especially in the run up to Black Friday, Cyber Monday and Christmas.

Have you taken anti-fraud measures for your online shop? Or do you think the measures you’ve implemented up to now have been sufficient?

Fraud in e-commerce concerns fraudulent payments and the shop is held responsible for this. Scammers may steal data from your user data base, which they could use in their shop or other shops. They may obtain the passwords of your customers as well, they could then change these passwords and make purchases under their name. This can impact your business's reputation.

It is essential that you’re prepared for Black Friday and Cyber Monday.

What are the typical cases of online fraud according to the FBI?
• Business E-Mail Compromise (BEC): Business email addresses are attacked in order to carry out unauthorised transactions.
• E-Mail Account Compromise (EAC): The same as the previous case, but attacking customer account instead of a business.
• Data Breach: An attack revealing data from a secure server, which could be about your company or your customers.
• Denial of Service: Access to a network or service is interrupted in order to maliciously gain access to your data.
• Malware/Scareware: Malicious software that brings harm to computer units, equipment or networks.
• Phishing/Spoofing: Emails that contain false documents which are sent under the name of a so-called legitimate business in order to obtain personal information from the user.
• Ransomware: Another kind of malware that exploits security gaps in organisations or in individual networks in order to steal personal data and demand ransoms in return.

Depending on the size of your business, the type of online fraud you’re likely to be subjected to may differ, but the likelihood of it happening to you is all the same. Unless you take the necessary steps to keep your business safe.

Firstly, be organised with your product catalogue and keep all of your company software up to date by always installing the latest versions of management programs. For example, keep your catalogue organise by using the PIM tool (product information management) and keep the software updated. Your ideal situation would be to buy decent anti-spyware and anti-malware. Some credit card companies such as Visa and Mastercard have their own anti-fraud tools you may be able to use as well.

Secure Payment
Apply address verification to the payment procedure. Always ensure your payment process requests the customers CVV security code, the 3-digit number of the back their card (or 4-digit number on the front for AMEX). It’s near impossible for fraudsters to have this code if they don’t have the card to hand.

IP Tracker
You can use various tools for tracking the IP address from which payments are made and check they don’t correspond with blacklists. Always compare IP addresses with email addresses to highlight any inconsistencies between the country the customer is in and the country the purchase was made in. Sometimes, when large sales are made, scammers make the most of the general sense of mayhem (surrounding Black Friday and Cyber Monday) so the ‘behaviour’ goes unnoticed.

Strong Passwords
Even through fraud can put your business at risk, the biggest threat affects the customer. You’ll be surprised how the majority of online customers don’t think about their security and often choose weak passwords.

Customer Conduct Control
You may choose to enforce maximum daily expenditure limits per customer, similar to ATM’s. However, if your shop is based on expensive products or larger purchases you may have to reconsider.

You can also keep a record or all transactions and email correspondences with your customers, you can then review anything that you feel is suspicious, especially if the order is from an unfamiliar country. You can train your employees and managers about all the available different anti-fraud measures. If you or your colleagues have any suspicions about an order, don’t be afraid to contact the customer directly and clear up any doubts. This can help you tackle fraud as well as coming across as a professional, reliable and cautious business.

Transparency and Honesty
Always let your customers know if there has been fraud or a beach in your online shop. It’s better to be honest that hide any information that they would find out about later on.

Don’t know where to start?
We highly recommend that firstly you ensure your E-commerce website is organised (using PIM can help) and that your systems and programs are up to date, running the latest spyware and malware.

Sophie Walker, PCI Specialist at nexpay, says that “you should always ensure that you have spyware and malware in place on your website, and that all employees have been fully trained to protect your systems. If not, you could be at risk of a breach at one of the busiest times and have to pay thousands in fines!”

Speak To Us Today

Find Out More

Read more articles in topic: PCI DSS