Selling online has revolutionized commerce, opening and expanding doors for countless businesses around the world. Yet eCommerce also opens doors to fraud. It’s important to understand the risks in accepting online payments and the security measures that can help keep your business safe.
eCommerce continues to grow: Worldpay’s 2018 Global Payments Report projects US online sales to surpass $1.1 trillion by 2022, with nearly a third ($360 billion) of that total coming from mobile commerce.
Yet eCommerce also involves risk from the criminal activities of increasingly sophisticated fraudsters. Those risks and costs include direct financial losses, fines and fees, increased operational costs and reputational risks to your business. These risks mean security should always be the first priority when selling online—especially when it comes to payment systems and your customers’ personal data.
If you’re unsure about the importance of online payment security, consider just some of the costs of eCommerce fraud:
- LexisNexis estimates that in 2018 fraud cost eCommerce businesses 2.38% of revenues, a 6% increase over 2017. Their study projects the “true costs of fraud” for eCommerce merchants to be $2.56 for every $1 of payment fraud.
- Experian found that eCommerce fraud attacks in the US rose 30% in 2017 over 2016. Experian’s report notes that unauthorized use of credit cards accounted for 92% of fraudulent online transactions.
- A 2019 report from Juniper Research estimates that retailers may lose $130 billion from card-not-present (CNP) eCommerce fraud in the five years between 2018 and 2023.
Retailers need to be more vigilant than ever about security and their and operations. When setting up an online store for your business, consider these four leading online payment security measures.
#1 Take time to understand suspicious purchasing activity
Fraudsters are sophisticated criminals that cause real harm to businesses and consumers alike. But fraudsters are far from perfect—everyone leaves a trace. Those traces can add up to patterns of suspicious activity that raise the red flag of fraud.
Multiple orders from a single IP address using multiple credit cards can represent a red flag. This pattern suggests a single fraudster is using multiple credit cards, either stolen directly in data breaches or purchased from the dark web. Remarkably large orders—especially when the purchaser requests next-day shipping—could also raise a red flag for fraud.
Single points of suspicious activity aren’t sufficient to definitively identify a transaction as fraud. Strong payment security strongly suggests using multiple data points to help model both “good” and “bad” transactions. Taking the time to understand the range of suspicious activity you’re likely to face when selling online will help you make more informed decisions. Leading eCommerce platform providers and payment partners can help you dial in the right mix of security and convenience.
#2 Enable address verification system (AVS)
An important tool to help reduce fraud is the address verification system (AVS). This system verifies the billing address against the cardholder’s data from the issuing bank.
AVS helps prevent fraud, since the criminal often doesn’t have access to the billing address of the legitimate cardholder. AVS systems are often used in conjunction with CVV2 verification, the 3- or 4-digit code on the consumers’ physical cards. Requiring both CVV2 and AVS at checkout can help protect against fraudulent transactions.
A failed AVS may not necessarily mean the transaction is fraud. Similarly, a verified AVS doesn’t necessarily mean the transaction is legitimate—the address could have been connected to the card by other means. AVS represents an important data point that can help reduce eCommerce fraud.
#3 Achieve compliance with industry standards like PCI DSS
Data breaches can be devastating to businesses of all sizes. The 2018 Cost of a Data Breach Study by Ponemon found that the average cost of a data breach globally was over $3.86 million, or over $148 for every lost or stolen record of sensitive information.
The importance of keeping data safe led to the development Payments Card Industry Data Security Standards (PCI DSS). PCI DSS is an important set of guidelines and best practices that apply to any entity that receives, transmits or stores sensitive card data.
Achieving and maintaining PCI compliance takes an experienced partner that understands payments security. Leading credit card processors offer comprehensive support on meeting and maintaining PCI compliance through system vulnerability checks, training programs and customer support.
#4 Partner with a processor who knows online payments
Choosing the right payments processor is the first step to safely and securely accepting credit cards online. When you work with a reputable payments processor that prioritizes security, you can breathe easier knowing that your data is secure.
Staying vigilant with security of your online payments systems and eCommerce store is a process. A great place to start is to consult with a payments expert. A reputable and experienced payments partner will take the time to understand your business and craft online payment security measures that fit the way you do business.