Fighting the Fraudsters: Top Tips for SMEs this Festive Season

Cybercriminals and fraudsters are increasingly focusing their efforts on smaller businesses, which they see as more vulnerable compared to large high street businesses. Worldpay research has shown that over 85.7% of breaches are targeted against SMEs, and that doesn’t look like changing anytime soon1

We know that Christmas is traditionally the time when hackers go on the hunt for customer data, hiding in plain sight amid an online shopping rush. That enables them to stockpile card information to sell on the black market or use themselves in fraud attempts at a later date.

Prevent fraudulent transactions in person and online

With breaches on the rise and a highly motivated bunch of cybercriminals waiting in the wings, it’s no time to be complacent.

Transaction patterns will change over this busy shopping period, but you need to know what to look for so you can identify unusual behaviour. Some signs could include:

  • Shopper fails address verification (AVS), Card Verification Value (CVV) or 3D-Secure (MasterCard SecureCode/Verified by Visa) checks
  • Multiple purchases of the same and/or high value items
  • Inconsistencies in purchase data – i.e. UK billing address but US card and French IP address
  • Multiple declines relating to same email address, billing/delivery address, cardholder name etc.
  • Unusual foreign card use 
  • Delivery address is in a different country to the billing address

Protect against consumer data hacks

It’s also worth taking a step back and looking at whether you have the right provisions in place to keep your online store secure.

Businesses that host their own payment pages are often more at risk. And if your website is more than four years old you should seek a comprehensive third party review of how it’s configured and how you accept payments. 

One way to avoid being breached is to have your payment pages hosted by a trusted third party company. It’s their job so they should know how best to secure that all-important card data as effectively as possible. 

It goes without saying that you should also be compliant with the industry standard known as PCI DSS (Payment Card Industry Data Security Standard). It can help reduce the chances of you getting a fine in the event of a breach and demonstrate that you follow current industry practices in securing data. In the event of a breach, be sure to report it to your card processor immediately, because acting fast could save you money in the long run.

Online retailers should sign-up to 3D Secure, AVS and CVV as a bare minimum, but also choose a payment provider which offers advanced fraud screening for transactions. There are plenty of anti-fraud tools on the market which small businesses can also make use of. And vetting any seasonal staff hires thoroughly is particularly important. 

These measures do involve some extra effort. But they’re essential if you want to maximise your takings this Christmas.  By ignoring the risks of fraud and cybercrime around the busy festive season puts you at risk at throwing away your hard-earned profits and efforts to reduce fraud.