Most small businesses are all too aware that cyber criminals are becoming more inventive in their hunt for vulnerable or accessible financial information. They’re targeting individual consumers and small businesses, and the costs for businesses can be high.
For small businesses looking to combat online fraud, it can really help to have an understanding of today’s fraud landscape; the fraud-screening tools available right now; practical tips to mitigate fraudulent transactions; and an understanding of tokenized payments, which is a great way to improve security and customer convenience.
The face of online fraud today
Sage Payment Solutions recently surveyed 1,110 U.S. business decision makers and 1,062 US consumers about payment security, among other topics. We found that for both businesses and consumers, security remains a huge issue when making or receiving payments.
More than three-quarters (78%) of consumers have concerns about fraud when paying for goods or services online, and 65% of businesses are concerned about cyber security. Moreover, 89% of the general public believes online payment providers should do more to protect people from fraud. (Download Sage’s exclusive 2017 Payments Landscape Report for the full story.)
Today, online fraud comes in many forms including stolen cards, identity theft, and hacked customer information. One current trend is “vishing” over the telephone, whereby fraudsters are tricking consumers into parting with personal or financial information. Similarly, fraudsters often take advantage of websites that lack proper security measures and obtain sensitive customer details.
Business email compromise (BEC) scams are a rapidly growing source of online fraud. In one type of BEC scam, criminals conduct extensive research and create fake profiles of business owners. By mimicking a business owner’s style, criminals can deceive their targets into making payments to fraudulent accounts.
Another source of online fraud can be poor IT security in your office, which means a simple break-in can escalate into a full data breach, whereby customer credit card numbers are compromised.
Know your weapons in the battle against fraud
The first step you can take in the battle against fraud is to configure the correct fraud screening tools on your payments account. Most payment service providers offer basic fraud tools that are easy to implement.
AVS, or Address Verification System
This security tool checks the numerics in the billing address of the card against the address at which the card is registered.
CVV/CV2, or Card Verification Code:
This is the three/four digit authentication code on the back of credit or debit cards.
This tool is similar to an online version of chip and PIN, where instead of a PIN, a user-generated password is required. It reduces the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction. Subsequently, this reduces the business’ exposure to disputed transactions and charge-backs of this type.
Practical tips for strengthening your defenses against online fraud
Despite the worrying numbers of businesses hit by fraud, the 2017 Sage Payment Solutions Payments Landscape Report found that 20% of businesses don’t spend anything on fraud prevention and instead rely on the free tools provided by their payment gateway. If you’re ready to strengthen your business’ defenses against fraudsters, Sage payments experts recommend you:
Analyze customer information and purchasing behavior
Your goal here is to be able to assess a customer’s profile, order, and delivery details before accepting a transaction. Similarly, orders placed early in the morning, of high quantity or high value are also red flags, particularly if the product can be easily resold.
Always check the delivery address is valid
You could use the banking industry’s Address Verification System, which compares the delivery address provided for the order with the billing address details for the payment card held by the card issuer.
Invest in geo-location technology
Geo-location will help you find the shopper’s location and help identify if the order is coming from a high-risk country. Then, you can check the location of the order against the type of order and the customer’s profile.
Maintain a customer database
It is generally a good idea to identify the customer by name, email address, delivery and billing address, and telephone number. It is also helpful if your server records the IP address from which the customer is accessing your system.
You should store these details in your database alongside details of the customer’s basket contents or other ordered goods.
Similarly, a fraud database will help you close loopholes, because criminals will continue to target a business until the window of opportunity is closed.
While these tips are sufficient for smaller businesses, larger businesses need to consult a third party and implement a custom fraud prevention solution.
Tokenized payments: the next step?
The token system allows customers to register their cards on the business’ website to use for future purchases. This allows customers to log on to the website, select the card they would like to use for the purchase, and proceed to the checkout pages.
When using a provider like Sage Payment Solutions, our system captures all of the shopper’s card details in our secure system and provides the business with a “token” that the business stores on its system (in place of the card details). This way, the business avoids storing payment data that could be compromised by criminals.
Tokenized payments are the natural next step for merchants looking to restrict their exposure to card data. This technology facilitates a range of payment methods including:
Delayed or deferred payments: this allow a merchant to take payment on delivery, but to collect and store the card details securely when the initial ordered is processed.
Repeat orders: for businesses offering subscription-based models for their products and services.
Single-click payments: as the payment processor already stores the customer’s details securely, the merchant just needs the customer to enter their card security code (also known as CV2 or CVV) to validate the payment.
No matter the size of your business, if you sell products or services online, fraud isn’t something worth sticking your head in the sand about. The good news is by taking the right steps today, you can protect your customers and concentrate on growing your business.
Visit Sage Payment Solutions’ site to learn more.