You might think your ecommerce website is too small to be of much interest to online criminals. Sadly, you’re wrong. According to Experian, one in five small businesses falls victim to some type of cybercrime –– phishing or hacking –– every year. Of those, about 60% go out of business within six months after an attack.
Note: Bigcommerce employs hacker deterrent security provisioning, three redundant network architectures and hardware firewalls to protect online stores from cybercrime.
Aside from phishing and hacking, if you accept a fraudulent payment, you could be held financially responsible for the loss. Thankfully, though, there are steps you can take to help minimize your risk, protecting both yourself and your customers from digital attacks. Below, we’ve outlined some online best practices for keeping your store safe from hackers.
How Fraudsters Operate
Before we talk about what you can do to minimize your risk, it’s helpful to understand common tactics fraudsters use. Generally, online fraudsters use two methods to steal money:
- Account takeover: You probably provide customers with accounts that store personal information, financial information and purchase history. Fraudsters often hack into these accounts through phishing schemes. In one of the most common schemes, fraudsters send emails to trick customers into revealing usernames and passwords. The fraudsters then log into your customers’ accounts, change the passwords and make unauthorized purchases.
- Identity theft: Although most businesses take many precautions to secure customer data, fraudsters still manage to hack into databases and steal usernames, passwords, credit card numbers and other personal information.
Hackers often sell credit card numbers to other fraudsters who open accounts with online retailers and use the stolen numbers to pay for purchases. This type of fraud is difficult to detect because many people don’t check their credit card statements thoroughly — and because victims typically have no idea that someone opened an online account in their names.
PCI Compliance and Your Online Store
To help businesses protect themselves and their customers from online fraud, the Payment Card Industry Security Standard Council (PCI), a forum of global brands including Visa, MasterCard and AMEX, has developed a set of best business practices to safeguard consumers’ data.
Complying with these standards –– i.e. PCI compliance –– is not optional and is strictly enforced. While many of the following recommendations fall within the PCI Standards, visit the PCI Security Standards website for full requirements. Also, know your payment processor can help you be compliant. In fact, many payment processors including PayPal build PCI compliance into the solutions they offer businesses of all sizes.
Managing Your Risk
Although the potential for fraud is high in online transactions, that doesn’t mean you must accept it as part of doing business online. By putting the right tools and processes in place, you can reduce your chances of an attack, keep both your business and your customers safe and reduce your chances of drowning in chargeback fees and lost revenues.
Below are a few recommendations from the PayPal Security Center.
Monitor Transactions and Reconcile Bank Accounts Daily
Nobody knows your business as well as you do. You know your biggest spenders and their buying patterns. Monitor your accounts and transactions looking for any red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers. Use tools that track customer IP addresses and alert you to any addresses from countries known as a base for fraudsters.
Also, check to see if your customers are using free or anonymous email addresses (such as Gmail or Yahoo), as there’s a much higher incidence of fraud coming from free email service providers than from paid. For more information, check out Common Fraud Schemes from the FBI.
Consider Setting Limits
Using your unique knowledge of your business, set limits for the number of purchases and total dollar value you’ll accept from one account in a single day. This can help keep your exposure to a minimum should fraud occur.
Use the Address Verification System (AVS)
AVS compares the numeric parts of the billing address stored within a credit card to the address on file at the credit card company. This is a fraud tool included in most payment processing solutions, but check with your payment processor to be sure it’s supported.
Require the Card Verification Value (CVV)
You’re familiar with this three- or four-digit security code printed on credit cards. What you might not know is that PCI rules prevent you from storing the CVV along with the credit card number and card owner’s name. That’s why the CVV is so effective. It is virtually impossible for fraudsters to get it unless they’ve stolen the physical credit card. Most processors include a tool to require CVV as part of their checkout templates. Use it.
Get Tougher with Password Requirements
Hackers employ sophisticated programs that can run through all the permutations of a password. It won’t take them long to crack a four digit, alpha-numeric password (such as, “abcd”). Best practices these days call for at least an eight-digit alpha-numeric password that requires at least one capitalization and one special character (for example, “P0r$che9!!”). Your customers might grumble, but it’s better safe than hacked.
Better yet, your customers expect security when checking out from your online store. Let your customers know why you are requiring extra information and it’s likely you’ll gain some loyalty points for being upfront and customer-centric. The extra messaging can go a long way toward building customer lifetime value.
Keep Platforms and Software Up-to-Date
Make sure you’re running the latest version of your operating system (OS), as OS providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware.
Likewise, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software vulnerabilities. Free, limited-feature and consumer-strength anti-virus software are not sufficient.
Note: If your site is hosted on a managed solution, such as Bigcommerce, automatic security patches help ensure that any vulnerabilities are quickly resolved.
Prevent to Protect
Use these tools in tandem to enhance your risk management processes while remembering that only you can decide whether to accept a transaction. It’s up to you to implement a coherent, consistent fraud management process. Following the above recommendations is a good start to protecting your customers and your business. More powerful protection comes when you combine multiple improvements. Your customers have entrusted their financial well being to you — make sure you keep it safe.
The post 6 Tips to Protect Your Online Store from Fraud and Digital Threats appeared first on The Bigcommerce Blog.