You might think your ecommerce website is too small to be of interest to online criminals. Sadly, you'd be wrong. The Federation of Small Business reports that smaller businesses in England and Wales suffer a total of 3.9 million cybercrimes each year, at an average cost of £972 per incident.1
Cybercrime attacks can be very damaging. As well as the risk of financial loss, businesses can suffer reputational loss from a high-profile cybercrime attack. But there are steps you can take to help minimise your risk, and we've outlined them below.
Before we talk about what you can do to minimise your risk, it's helpful to understand common tactics fraudsters use. Online fraudsters usually use two methods to steal money:
Hackers often sell credit card numbers to other fraudsters who open accounts with online retailers and use the stolen numbers to pay for purchases. This type of fraud is difficult to detect because many people don't check their credit card statements thoroughly and because victims typically have no idea someone opened an online account in their names.
Although the potential for fraud is high in online transactions, it doesn't mean you must accept it as part of doing business online. By putting the right tools and processes in place, you can help keep your business and your customers secure and reduce your chances of drowning in chargeback fees and lost revenues. Below are 6 tips to help you get started.
Nobody knows your business as well as you do. You know your biggest spenders and their buying patterns. Monitor your accounts and transactions looking for any red flags, such as inconsistent billing and shipping information, as well as the physical location of your customers there are tools that trace customers' IP addresses and alert you to those from countries known as a base for fraudsters. Also, check to see if your customers are using free or anonymous email addresses (such as Gmail or Yahoo email addresses), as there's a much higher incidence of fraud coming from free email service providers than from paid.
Using your unique knowledge of your business, set limits for the number of purchases and total value you'll accept from one account in a single day. It can help keep your exposure to a minimum should fraud occur.
The new PSD2 regulations come into force in March 2021, but you can improve your security by implementing them now. PSD2 regulates payment services and includes new security requirements for electronic payments to reduce fraud.
From March 2021, your payment solution will need to authenticate customers using strong customer authentication (SCA). If not, customer payments may be rejected by the card issuer (e.g. the customer's bank). The protocol the card industry uses for authentication is called 3-D Secure (3DS). Get safe and get ahead by implementing 3DS, now. Learn more on our PSD2 site, here.
These are now standard options from most payment providers but it's usually up to the merchant to switch them on. AVS compares the address given by the buyer with the card issuer's records. CVV (sometimes called CV2) is the three-digit or four-digit security code printed on credit cards. Again, this is compared with the card issuer's records to minimise fraud. Be sure you use both.
Hackers employ sophisticated programs that can run through all the permutations of a password. It won't take them long to crack a four digit, alpha-numeric password (such as, abcd"). The National Cyber Security Centre and Metropolitan Police recommend making passwords as long as possible by starting with three random words (e.g. fishboattulip"), then including capitalised letters, numbers, symbols and punctuation marks.2 Your customers may grumble as you enforce harder to crack passwords, but it's better safe than hacked.
Make sure you're running the latest version of your operating system (OS) and applications. Providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware. Likewise, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software vulnerabilities. Free, limited-feature, and consumer-strength anti-virus software are not sufficient.
Note: If your site is hosted on a managed solution, such as BigCommerce, automatic security patches help ensure that any vulnerabilities are quickly resolved.
Once you've taken these steps, learn the 13 signs of unusual buyer activity to be on the look out for.
Simply complete the form to receive valuable info and actionable tips for your business. Plus, you'll hear from fellow merchants who use PayPal to help reach their goals.
If you accept cookies, we'll use them to improve and customise your experience and enable our partners to show you personalised PayPal ads when you visit other sites. Manage cookies and learn more