Purchasing goods and services via the internet has never been more attractive to consumers. Safety, convenience, and a diverse variety of choices are just some of the features of ecommerce that are making it the choice of an increasing number of consumers. Unfortunately, the criminals and fraudsters who want to prey upon them have taken notice. In this age of online dominance, you need to protect your business (as well as the people you serve) from fraud, data breaches, and other criminal behaviors.
Build your business on a solid foundation.
The quality of the ecommerce platform you choose can have a major bearing on your system’s safety and integrity. With the growth of online businesses has also come the exponential expansion of ecommerce providers, each of whom offers its own unique take on website templates, shopping carts, and other features. Whether you build your platform from the ground up, or choose among the various available vendors, be sure to keep fraud protection as a primary goal. While your ultimate choice might cost a bit more due to its advanced protection features, you often really do get what you pay for.
Adhere to PCI standards.
Any merchant who stores, processes, or transmits customer credit card data that contains personally identifiable information is responsible for protecting its safety. To that end, the Payment Card Industry Data Security Standards (PCI DSS) have been developed to give business owners a set of actionable benchmarks to follow. These include ensuring that factory default network settings are changed and that a firewall be set up between your internet connection and the system you store credit card information on.
Failure to comply with these standards can have very real consequences for you and your customers. For one thing, data is more vulnerable to attack when networks are not safeguarded by PCI DSS-compliant systems. Furthermore, you as a merchant may incur major penalties ranging from $5,000 to $100,000 per month and may even have your merchant account canceled. In short, it is crucial that businesses of all sizes protect their customers and themselves by complying with these standards.
Check and enhance your general company security.
Now that you are sure that you have complied with industry standards, your next job is to take stock of the overall security of the financial and personal information for which you are responsible. Start with these basic steps:
- Make sure your checkout URLs remain in “https” during checkout, even when a customer returns later to buy a product.
- Update database passwords frequently, providing training for staff members about how to choose strong strings of letters and numbers.
- Hire an auditor to review your websites and security protocols and recommend corrective changes.
In addition, respected credit card and software security companies offer their own programs that provide extra safeguards against fraud and other forms of e-crime. Take the time to do your research for maximum protection.
Monitor for red flags.
In many instances, vigilance, ofton in the form of tools included in your ecommerce platform, can prevent you from being the next victim of fraud. Be on the lookout for the following suspicious behaviors:
- A customer unknown to you orders large quantities of the same product or many items at once or requests rush shipping.
- Particularly for foreign addresses, the cardholder’s name differs from the recipient’s.
- The given phone number does not match the area code of the billing address.
Even if you identify any of these warning signs, that does not necessarily mean that your customer is attempting to defraud you. However, you can use this information to do some further investigating.
Require card security codes from your customers.
When you accept credit cards online, as opposed to in person, you cannot visually verify that the buyer has the physical credit card in their possession. However, requiring that they include the three- or four-digit security code listed on the back of the card will go a long way toward providing additional security since that number never appears on receipts or anywhere else besides on the actual card.
Never store sensitive card data.
Compliance with PCI DSS rules mandates that merchants never hold onto customer credit card numbers, expiration dates, or security codes. If you have any of this information in your possession, destroy it immediately. Only keep data that you need for recurring payments or to protect yourself in the event of product returns or chargebacks, making certain that it is encrypted according to PCI requirements.
Keep track of customer orders.
When you set up the shipping for a customer’s order, get a tracking number. By doing so, you can monitor the progress of the package and learn when it has been delivered, minimizing the likelihood that a buyer will claim that the item never arrived. Requiring a signature upon delivery also helps to protect you from incurring a chargeback.
Encourage strong customer passwords.
We all know how tempting it is to come up with a simple string of digits or letters when asked to provide a password on a new account. However, weak passwords leave both your business and the customers you serve vulnerable to hackers. Reduce your risk by requiring customers to create passwords that contain small and capital letters as well as numbers and symbols.
Keep detailed records of fraud and cyber attacks.
No business owner wants to contemplate the worst-case scenario, but even the best security measures are not infallible. Should you be on the wrong end of fraud or a data breach in spite of your best efforts, your best course of action is to learn all you can from the negative event. To that end, be sure to document the details of all attacks, both successful and thwarted, to fine-tune your approach to cybersecurity in the future.
Take note of patterns among the various breaches, including address and order inconsistencies. The best way to prevent future cyber attacks is to learn from those that have already occurred by modifying your systems and employee protocols accordingly.
Your business is one of your most valuable investments. Being a good steward of the company you have worked so hard to build should be one of your most pressing priorities. By adopting ongoing internal and external protective measures, you, your employees and your customers can keep destructive criminal behavior to a minimum.