You may be asking why you, the owner of a small online business, should be worried about online security. As it turns out, there are plenty of reasons you should invest on online security. How so?
Symantec’s 2014 Internet Security Threat Report showed staggering statistic how small businesses are likely to be victimized by online fraud. The report said that 61% of the attacks targeted businesses with employees fewer than 2,500. On the other hand, 41% of the attacks were aimed at those with fewer than 500 employees, and 30% targeted those with fewer than 250 employees.
The effects of a fraud attack
Take a look at the 2013 Target credit card debacle. Target had to pay $10 million to customers for the damages – and that’s notwithstanding the losses Target sustained. While Target is a big business that can at least take the hit, consider how disastrous it would be if the target was a small business.
The National Cyber Security Alliance once said that one in five small businesses are victimized by cybercrime annually. Among those who were victimized, over half would go out of the business within six months.
To make it even more realistic, imagine if you are the owner of a specialty shop that had an online component. One day, you noticed that someone placed an order for $5,000 worth of items. It’s not a big deal, as this is something you could sell on the storefront to a very eager customer. Your staff didn’t notice anything odd with the order, and they packed it up and sent it to the courier.
That night, you couldn’t sleep. You check the order, and noticed that the $5,000 was comprised of odds and bits. The order didn’t make sense. The next morning, you had your staff do the routine follow-up call (asking the customers how they liked the items) – but no one can get ahold of the customer. You dug deeper and realized that the address is a vacant property. Frantically, you realized what happened – you’ve been duped. A fraudster used somebody else’s credit card details to make a purchase on your store. The original credit card owner probably didn’t notice that their card is gone or hasn’t reported it yet. Whatever the case, the order is out the door, and you’re going to sustain $5,000 worth of losses.
The fact of the matter is that the biggest victims of credit card frauds are small businesses. They are the ones who would reel from the effects of such an attack. While $5000 may not be enough to sink a business, it can make a dent that you would be hard-pressed to fix if you do not have the money to start over.
How to avoid credit card fraud
Thankfully, there are a number of ways through which you can protect your online business from credit card fraud. Firstly, look out for the red flags. These red flags usually involve:
- Unusually large orders from a customer who has not even inquired about anything
- Expensive orders that are under rush processing or overnight shipping
- Missing information on the order, such as a phone number
- Orders from foreign countries that are being shipped within the USA
- Orders from the US that are being shipped to foreign countries
- Drastic change in the usual amount being purchased (for example, if your customer regularly purchases items worth $50 and the next transaction was $500)
- Suspicious email addresses – this means email address that are in long, alphanumeric format. Most email addresses are very easy to understand (for example, firstname.lastname@example.org), as this email address is something that they would use on their day-to-day life. If you come across an email address such as email@example.com, then it’s probably a scammer and you should pay closer attention.
While these things are not usually a sign of fraudulent online activity on its own, it is worth checking out if several of the signs are present in any transaction.
Now that you are familiar with the red flags, here are a number of ways through which you can further protect your business from credit card fraud:
- Verify – Compare the billing and the shipping address. If they do not match, call the credit card holder and see verify the shipping address. This way you would be able to determine if the credit card holder actually placed the order. If you are unsure of an order, call the customer using the number they gave you and make an excuse to talk to the cardholder. If you cannot talk to the cardholder, do not ship the items. Likewise, you should also verify that the IP address matches the billing address. Lastly, use address verification and card code verification (CCV) to ensure that you are dealing with a person who is authorized to use the credit card.
- Set a declined transaction limit – Individuals with access to several credit card numbers would usually use a software script to send instructions to your site until one is accepted. By setting a declined limit (for example, three declines), you would be forcing the user to actually contact your customer service department. If they are fraudsters, they would be unlikely to contact your customer service department.
- Flag high value orders for manual confirmation – Instead of having everything automated (i.e., from placing items to cart and verifying the payment), have a limit where high value orders have to be verified by a live person. This could be as simple as having someone on the phone call the customer. Again, if they are scammers, they would be unlikely to speak with a real person.
- Coordinate a package recall service with your shipping company – This service enables you to track packages in real time and to freeze the delivery at any given time. This way, when you discover something fishy going on with a transaction, you can immediately ask the item to be held at a distribution center or to delay delivery while you are verifying the transaction.
- Use software that can detect potential fraud – There are numerous software that can see up to the minute information and determine if they are fraudulent or not. This would minimize the risk of scammers targeting your website.
These are just some of the things that you can do to ensure that you are protected against credit card fraud. Remember, when in doubt, verify.