All sorts of criminal activity happens in the ecommerce world. You have fraud, which stems from people trying to take advantage of your company by completing unwarranted chargebacks, claiming a product wasn't delivered when it was and utilizing fraudulent payment techniques. Fraud also ties in with identity theft, where you might think that you have a sale, but it's actually someone who has stolen the credit card information of another person.
Then there's hacking, where criminals try to tap into your website for a wide variety of reasons. One of them might be to simply wreak havoc, causing your website to crash and lose you thousands of dollars. Another form of hacking might be to steal information from your company like personal customer information. Yet another form of hacking involves using your website resources (like your server) to send out malware and other types of unwanted messaging.
You might even stumble upon copycats, who plagiarize your blog content, replicate your unique products and sell them or completely rip off your company's brand.
That last one isn't as common as everyday fraud, but you're still gonna have to look out for it. But for now we want to focus on fraud and even hackers, seeing as how those are problems that every ecommerce professional will have to deal with.
So, how do you go about protecting your store against fraud and hacking? Here are some tips to get you started.
Start by Going with an Ecommmerce Platform You Know is Secure
Nothing is completely secure online, but you can get pretty darn close. We've talked about the elements of ecommerce security, but how do you know if your current platform is protecting both you and your customers?
In short, the ecommerce platform you go with should have all of the following, making it much easier for you since you don't have to go out and get them yourself:
- A secure online checkout
- Enterprise-level, layered security
- Encryption for all customer data, including tools that don't store any of the credit card information
- Constant fraud monitoring
- PCI compliance and scans
- Card verification value
- Address verification system
Some Words on the Address Verification System (AVS) and the Card Verification Value (CVV)
We've all encountered the CVV. It's the little three digit code on the back of your credit card. With reputable ecommerce platforms with solid checkouts, you're going to have this system already configured. If not, you might have to go out and find an app or a service for that. However, it's a wonderful way to prevent fraud from people who have only stolen the credit card numbers and not the CVV.
The AVS is a little different. Customers don't see this on the frontend of the site, but once again, most reputable platforms provide this service. Basically, it checks to see if the address in the billing address field matches that of the address on file for the credit card. For instance, a fraudulent user might want to send a product to their address, but a stolen credit card would have another person's address on file, triggering a warning for you.
More often than not the AVS is handled through your payment processor, so you'll have to check with them.
Have a Backup Plan
Fraud generally doesn't cause any problems with your content, but hacking does. Even with all of your security you might end up getting hacked. In that case, there's a possibility of having to relaunch your site or bring it back from the dead.
The Relaunch app from Shopify is an example of a way to keep your site backed up and secure for potential attacks.
Prevent Chargebacks with Tracking Numbers and a Human Monitoring All Orders
Tracking numbers give you a clear picture of how much inventory you have and what happens to a package after it's sent out from your warehouse. Most ecommerce platforms don't require tracking numbers and you can skip the whole UPS/USPS/FedEx tracking thing, but I recommend against that. It's the only evidence you have against someone who claims they never received their package.
An Automated Fraud Detection System Helps Too
Check with your ecommerce platform to see which types of fraud detection tools they use. Sometimes you have to pay a little extra for this.
Configure System Alerts For When Suspicious Activity Occurs
Every time a suspicious user is on your site, you should know. Every time a person makes a purchase with a fishy address, you should know. This notification shouldn't be sent to a random folder you made in your email inbox, because it's big news that should be addressed instantly.
Force Yourself and All Employees to Have Strong Passwords
Don't write passwords down, and try to change them every month. There's really no reason to remember passwords with tools like Dashlane and Roboform. These password managers make up complicated passwords to combat brute force attacks, and you don't have to think of what you made your password last time.
Set Limits on Purchases from Accounts on a Given Day
Let's face it. Sometimes you're not going to be able to take a look at every single sale that goes through your site. Therefore, a random fraudulent purchase might slip through the cracks and get through. However, many ecommerce platforms allow for setting limits on purchases in a given day or other time frame. For example, you might set a limit of $1,000 per day per customer.
This way, if someone comes to your site and tries to buy $5,000 worth of merchandise, your website stops the transaction and notifies you. You're given a little extra time to breath and look at the transaction, and you might even scare away a criminal.
Do You Know How To Protect Your Online Store Against Fraud and Other Attacks?
Protecting your online store from fraud and other criminal activity always starts with your hosting and ecommerce platform. Your platform should have a security page where they outline all the measures taken. If not, skip the platform completely. For example, Shopify has an entire page explaining its PCI compliance.
If you have any questions or thoughts on protecting your store from fraud, let us know in the comments below.
header image courtesy of Eugenia Ho