Preventing Online Fraud
This white paper will explain some of the issues around online fraud and sensible steps you can take to prorect your business.
What you need to know about online fraud and how it could affect your business!
Coming into contact with fraud is inevitable, however you choose to trade. The internet is no exception and in the UK this type of online fraud is certainly big news in the media- but with all that goes on over the internet trying to avoid becoming the victim of fraud is something that is certainly possible. If you are starting to run your business online you should carefully consider how it is you will be able to trade without having to worry about fraudulent activities on your website. It is a battle that we are slowly winning due to advances in security technology, awareness and anti-fraud schemes.
There are many different types of fraudulent schemes online including identity theft, phishing, online auctions, fake cheque scams and credit card swindles. There are actually many more but from a trading point of view the others are less important. Fraud that involves delivery and shipping is also something you need to think about.
Identity theft is when someone obtains your personal information and pretends to be you for financial reasons or deception. Phishing is associated with emails originating from various locations pretending to be legitimate organisations, governments or banks. The will request that you confirm your personal details for an important, but fake, reasons. They will then use the information provided unlawfully, usually to obtain money from your accounts. Fake Cheque Scams usually start with someone responding to your business or personal ad. They will then send you a cheque for the work / sale that was done, but will be for more than the agreed amount. They will then ask you to refund the excess money by wiring it back to them. The cheque sent is a fake and you end up losing money and earning none.
Last year online credit card fraud was estimated at around £690m in Europe! Online credit card abuse accounted for 70% of all card-not-present fraud and results in more than £1 millions being lost each day! Card-not-present refers to a transaction where a card is not physically seen / swiped so mainly relates to mail / telephone / internet orders. This is the most common type of internet fraud and the other common route is people acquiring credit card details from receipts in your dustbin at home, to use them to make purchases in the cardholder's name. They get this information either by hacking into a system with sensitive data from staff in retail premises who handle your card or by people who were conned into handing over these details by believing that they are purchasing something from a legitimate source.
Online auction fraud is one of the easy types of fraud to commit. Auctioning on the internet is an easy way to make money and it is hard to regulate all that goes on. People often sell items but fail to deliver and because the internet provides some anonymity it makes it harder to trace these crimes. Most of the time solving such disputes or offences is rare and almost never end up in getting your product or money back.
What many people do not realize about ‘cyber crime' is that the consumer is protected in many ways when being the victim but retailers are not. The only things that you can really rely on are your terms and conditions (see separate white paper) and delivery receipts. So what else can you do to reduce the risk for yourself? The people who commit this type of crime are not your usual crooks. They often have extreme technical knowledge of how both the internet and card purchases work. All in all it's fair to say that they are probably very clever people, and that is one of the reasons it is hard to realize when it is you've been ‘had'. It's so easy now to start selling online with the introduction of web building stores or online auctioneers and with so many more people having access around the world to the internet authorities have less control and knowledge of who does what.
In general, as a proportion of sales, fraud is on the decrease, largely due to the introduction of chip and pin - but this doesn't apply to online sales. All any person would need to buy on someone else's card is the card number, name, expiry date, 3 digit code on the back and an address. Something that is stored within most transaction databases of companies selling on the web. Doing some research and taking a few small steps can help decrease the chances of this kind of information being used to attack your business!
1. First thing is to know what your rights are! Know what it is that you can and can't do if and when this happens to you. Check all your options to help reduce the impact on your company. Before you start to trade make sure you know what the risks are and decide the best course of action to safeguard your business in the future. Be vigilant about international purchases, especially from countries outside the EU or where you know internet controls are relaxed. This doesn't mean that all purchases made within the UK are legal but a large majority of fraud is though international business.
2. Most retailers will process online credit card transactions and your company should not be any different. If you are worried about fraudulent use of credit cards on your website then consider using a reliable credit card payment service such as Worldpay. These companies are the internet leaders for processing orders on the web and have excellent services and schemes to reduce the possibility of fraud happening to you. These card processing companies provide anti-fraud services that include screening clients IP address, security code checks and integration with the card verification systems provided by Visa and MasterCard. For more information about these schemes see our white paper on Payment Processing.
3. Consider using an insurance scheme or anti-fraud guarantees! These schemes are often available from online processing companies and can provide you with some peace of mind. These types of services cost extra money but they do safeguard your business from a proportion of fraud so they are well worth the cost. The costs can vary depending on which processing service you use and usually take a percentage of your annual turnover. You could also consider using a separate insurance company to purchase fraud cover, but it frequently doesn't come cheap. If you think of the potential consequences and the costs from an unwanted illegal transaction, paying for a service that could relieve some of the damage would be a sensible decision.
4. Choose a system that is safe and secure! You are going to be storing very sensitive data from clients and the last thing you want is someone acquiring this information for malicious use! Using a behind the scenes database system that is safe, secure and efficient not only gives confidence in your own business, but makes consumers feel less vulnerable! Look out for menacing software on your computers / servers because having information hijacked is so easy now and this could make you liable for damages / costs.
5. Access to sensitive data should only be given to authorized employees. Employees who need access to sensitive customer databases must have a genuine reason or be extremely well trusted. You should also monitor which users access such files and keep a log so you know what is going on within your own company. There have been many reported incidents in the past of employees stealing company data for their own benefit which may backfire on your business if you are proven to be negligent! Data encryption is a must with online transactions and should be no different when protecting data on your local networks.
6. Delivery fraud is something that can be easily avoided. Most couriers will offer a ‘signed for' delivery service, as will most postal companies in various countries. Having a parcel checked and signed for eliminates much of the possibility that the recipient might claim they have not yet had any delivery from you and ask for a replacement. Sometimes undelivered items are genuine cases, maybe for unexplained reasons or because goods do get stolen from within the mailing system. Taking advantage of something as simple as requiring a signature can greatly reduce these types of claims from ever surfacing.
7. Also be aware of being the victim of goods disappearing during shipment. Maritime fraud is something that you want to avoid when having your products shipped from another country. Having a container load of expensive goods vanish somewhere between you and your supplier isn't going to do your business much good. Use a professional shipping service, opt for extra insurances, and make sure there are no language problems when organizing. You need to be able to communicate efficiently and make sure that the people you use are trustworthy and don't supply you with false documents. Corruption in some foreign states makes it very easy to obtain false or forged documents. Most cases (around 90%) are from East Asia and getting help from appropriate maritime officials is almost impossible.
8. The last thing you should be aware about, but highly important are the signs of fraud. Early warning signals can help you identify illegal transactions early and prevent them from happening. Be keen to focus on shipping addresses, especially if they seem dubious. Be aware of what country the buyer is located - are the billing or shipping address to that same country? Or are they expecting the delivery to go elsewhere? How expensive is the item being bought? Is it an unusual item to sell? Also consider how they want the item delivered - are they comfortable having an expensive item sent in the usual mail? Can this person be traced? Can you contact them at the relevant email address that they supplied when filling out the order form? And can you call them on a landline or check the postcode via a checking service or via a map site such as streetmap or multimap? If not it could be a suspect order! Beware of mobile phone numbers. Are they ordering a larger number or amount of products than the norm? Watch out for multiple attempts to checkout that are rejected, they could be trying out different cards to find one that works or isn't frozen by the bank or even making up false account numbers.
- What if it happens to me?
So what should you do once you are sure that you have been the victim of fraud crime? The first thing you should do, without hesitation, is report the incident to the proper authorities ie the police. You should also contact your bank and online card processor immediately. Often you will not hear anything for months by which time the fraudster is long gone! The most important thing is to make sure you don't fall for the same tricks or same person. Also dig out any paperwork, such as delivery receipts (to send to your merchant acquirer) to defend the chargebacks. So you need to make sure you file (and retain) paperwork sensibly. One thing you should remember is that these types of crimes happen every day but it can take many months for a transaction to be charged back (usually up to 6 months) by the card issuer! If you are unlucky enough for it to happen to you then you should remember that you are not the only one! Also, smaller fraudulent activities don't always attract the attention of the relevant authorities, especially if it comes from overseas so tell the police but don't be surprised if nothing happens! So the better prepared you are, the better chances you have of protecting yourself.
Fighting fraud is not an easy battle to win and if you are not sure about how to protect yourself then you might want to consider finding someone who can help you trade online with the know-how and confidence that you need. People are wearier now about shopping online because they are afraid of submitting their card information. You could help to build customer confidence by not withholding information. Consider listing your full company name and ‘real' address, ask for testimonials from other companies or customers and publish them on your site. Also try and get listed in business directories or consider PPC advertising. If people see you are a trusted client from Google or another search engine - they would be more likely to trust buying from you!
Banks want to promote online transactions. It is convenient, quick and costs less money to process. Stopping fraud altogether is near impossible but with the right tools and expertise it is becoming manageable. Installing anti-virus software and firewalls onto your computers / servers will help to detect unwanted attention and being smart about your business transactions all helps along the way. A little more money can go a long way in protecting yourself.
something4 Ltd can help you get started, with their team of e-commerce experts and the right connections, they are more than willing to make sure you get the best out of your online business. With industry leading products such as Click and Build and Cyrane that works hand-in-hand with the leading payment processors, you can be sure than your data is being safely handled.
