10 Best Practices to Prevent Ecommerce Fraud

Use Industry Specific Risk Modeling

Different industries and verticals experience different fraud patterns. Fraud prevention vendor Precognitive stresses the importance of understanding what fraud looks like in their specific niche. Merchants should review their own data to find relevant patterns and trends instead of relying on general patterns.

Avoid Merchant Errors

Chargebacks911 estimates that 20%-40% of chargebacks occur because of merchant error. Avoid things like unclear billing descriptors or confusing return policies that can frustrate legitimate customers.

Have a Plan to Scale Fraud Prevention Properly

Growing businesses are a growing target to fraudsters. Merchants should monitor their fraud data, and have a plan to manage scale. Nanoleaf, a merchant selling a highly-niche and “cool” product suggests merchants use their chargeback rate, administrative costs, and the costs of lost goods as benchmarks for when to take action.

Watch out for Phishing Attacks

Fraudsters often embed spyware in malicious links sent via email. This practice is known as “phishing”. According to research by Avanan, one in every 99 emails is a phishing attack. Email platforms do not do enough to protect businesses. Employees should never respond to an email asking for money or credentials.

Find Vendor Specific Tools

Fraud prevention solutions often offer their own services to help prevent fraud on specific eCommerce platforms. Often, they draw on data about how fraudsters target that site specifically. For example, a number of tools offer services to Shopify users.

Keep Detailed Order Records

Merchants can fight chargebacks. However, it requires proving correct order shipment and receipt. This requires a lot of information. Keep shipping records on file. Require customers to sign for packages. Provide clear billing descriptors. Document every touch point with customers. You can use them later to fight friendly fraud.

Use Address Verification Services

Address Verification Services (AVS) checks to see if the credit card billing address a customer enters at checkout matches the address the card’s issuing bank has on file for the card.

Check the Card Verification Value (CVV)

Card Verification Value (CVV) requires a customer to provide a separate three or four digit identifying code that is physically written on their credit card when they make a purchase. It is illegal for merchants to keep CVV data on file.

Ensure PCI Compliance

PCI compliant means following the Payment Card Industry Security Standards Council’s rules to protect eCommerce customer data. All online merchants merchants are required to comply with them. The Security Standards Council website has information on how to remain compliant. You can also use it to keep up to date on any changes.

Understand Chargeback Reason Codes

Chargebacks all have the same result. However, they occur in different ways. Card issuers make distinctions between methods. Each one has a different chargeback reason code. These differences matter when disputing the chargeback. If you don’t know them, you won’t succeed.

Use Tools to Supplement Best Practices

Finally, pay attention to account takeover fraud. In an ATO attack, fraudsters gain access to a corporate email account, which they then use to impersonate executive, steal employee credentials, and more. Although merchants often focus on chargebacks, this kind of direct theft happens frequently as well. Often times, the overall damage done by these attacks can be even worse.

All things considered, merchants need to use a combination of best practices and eCommerce fraud prevention tools. Many different types of tools exist, including fraud platforms, chargeback management services, and payment solutions.

You will never eliminate all fraud. However, if you take the task seriously you can do a lot to reduce its impact on your bottom line as much as possible.

Brad

Merchant Fraud Journal