How to Combat Credit Card Fraud

The confidence of internet users have been built on the integrity of online payment systems So also have there been an increase in shopping on the internet and tons of companies are accepting online payments, which also increases the risk for credit card fraud. Unfortunately, this is a familiar scenario for webshops. You receive a large order from a new customer. But at the same time, something doesn’t seem quite right.

Related posts

6 Ways to Protect Your Website From Security Hacks

Best Practices for Magento Website Security

How to build your website trust and credibility

With a little research, you realize that this is a case of credit card fraud – hopefully before sending the order. It can be very damaging to your business if you end up being the victim of many successful fraud attempts.

Although it is difficult to catch every credit card scammer, there are a number of things you can do as a web shop owner to protect your web shop against credit card fraud.

Also read:

10 Things to Consider When Starting an Online Shop

Top 10 Ecommerce Platforms Recommended for Small Businesses

Useful Tips on How to Use Google Analytics on eCommerce Websites

Indicators for credit card fraud

First and foremost, it is important to discover what you need to monitor in case of attempted fraud. We’ve listed some potential indicators of transactions that are very likely to be attempted credit card fraud:

1. An order that is much larger than normal

2. First-time customers you haven’t sent an order to before.

3. An order where the delivery address is not the same as the billing address

4. Any previously rejected orders prior to a successful order, especially if the billing information or card number was changed in subsequent order attempts

5. IP-addresses that are not in the same area as the billing information for the order

6. Email addresses where the person’s name in the email address does not match the name of the person in the billing information

These are just some of the things you need to be aware of. These indicators do not necessarily mean that you are dealing with a fraudster. Even so, it is important that you be aware of them before shipping out an order.

Read more:

Useful Tips on How to Use Google Analytics on eCommerce Websites

On-Page Optimization in OpenCart

E-commerce Website: A Guide on The Choice Of Magento Or Woocommerce

3 Important SEO Considerations Good for E-Commerce Websites

Tips for combatting credit card fraud

Customers are not the only ones who must be aware of credit card fraud. As a web shop owner, you must be too. Sending off too many orders for which you will never get paid can ultimately destroy your business. With these 5 tips, you are well on your way to combatting credit card fraud in your web shop.

1. Analyze the transaction behavior

First and foremost, you must “get to know your customers”. By that, we mean that you should identify what a completely normal purchase in your web shop usually looks like. This could be anything from the time of day you see most activity to the products being purchased or the amounts of money being spent. In addition, it is always important to be aware of anything that may seem much too good to be true. If this is the case, you’ll usually have to go with your gut.

You can choose to investigate the specific transaction further by first finding out if the name and the address match. You can also take a look at the IP-address to see where it is from and to see if the purchase is legitimate or just a scammer trying to trick you. This is a particularly good idea if it was preceded by several rejected transactions and then a transaction that was approved.

You also have the option of using the AVS system (Address Verification Service), which was developed to identify credit card fraud on the internet. The system matches the numerical shipping information provided by the customer when ordering with information held by the card issuer about the particular card holder. Because the information is limited, this can mean that legitimate transactions are rejected. It can, however, contribute to combatting credit card fraud in din web shop.

2. Use a fraud detection system

A fraud detection system scans transactions and scores them based on the probability of fraud. Many different items are considered in order to determine risk score, such as user behavior, device ID, IP-address, whether the card has previously been used in a fraudulent transaction, etc. The data are then compared to "normal” attributes. If the transaction is considered valid, it will then be permitted and processed. If the transaction has a risk score above a certain limit, a warning will be issued, and the transaction can be rejected automatically. Therefore, a fraud detection system can help you reduce the amount of fraud and chargebacks.

There are several of these systems, such as Clearhaus Fraud Detection, where a card gets a so-called “fraud marking” if it has been involved in a fraudulent transaction. There are similar system from P2P gateways you can also use like Quickpays Fraud Filter or Stripe Risk Evaluator.

These fraud detection system is probably one of the best tools to combat fraud, and it’s usually just a matter of a tick to enable them on your payment gateway.

3. Use 3D-Secure

3D-Secure is a term for the two security standards Verified by Visa and Mastercard Securecode, which were developed by Mastercard and Visa. 3D-Secure is a feature you can activate in your payment system in your web shop, which helps keep away fraudsters.

By using 3D-Secure in a web shop, extra security steps are added to the payment process. What happens is that your customer will receive a code by SMS, which must be entered immediately after the customer enters his or her creditcard information.

When a customer’s payment is processed via 3D-Secure, the security for your company increases significantly in case of credit card fraud. This is because, as a rule, any loss will not harm you, as it will if you don’t use 3D-Secure in your webshop. Instead, the issuing bank for the card assumes the risk when using 3D-Secure.

Today, 3D-Secure is one of the best tools available against credit card fraud, and it is used by many European banks. Where many shops previously were a bit reluctant on enabling 3D Secure, it is now used by almost any big retailer, and has almost become a norm.

4. Validate the customers e-mail address and phone number

When a scammer is shopping in your web shop, the e-mail address or phone number entered usually are fictitious. If you are unsure, whether you are dealing with fraudster, it can be an advantage to check both the e-mail address and phone number entered.

As far as the e-mail address, you can go in manually to check if it is valid. If it is not valid, you should follow your gut and not just send off your product immediately. You can also opt for calling the customer to check if the number in question is valid. If you are unable to reach the customer, or if it is an invalid number, it is very likely due to fraud.

5. Have an SSL-certificate

It is important for you to secure your web shop in every possible way. Obviously, the payment page is the most important. You can secure this page by having an SSL-certificate in you own name, which you implement on your web shop. This ensures that you can protect yourself more effectively against hacking and credit card fraud. It is a further bonus that it also makes it safer for customers to shop in your web shop, if you have an SSL-certificate.

6. Keep Your Credit Cards Safe

One of the simplest ways to avoid credit card fraud is by keeping your credit cards safe from thieves. Place your credit cards in a purse or wallet close to your body where it can't easily be snatched away.

If you're shopping in a high traffic area, carry a smaller purse because it's harder to steal or sneak into. For both men and women, carry only the one or two credit and debit cards you'll be using that day. Leave all your other credit cards at home.

Thieves can take pictures of your credit card with a camera or cell phone, so don't leave your credit card exposed any longer than necessary.

After you make a purchase put your credit card away immediately. Confirm you have your credit card back in your possession before you leave the store or restaurant.

7. Shred Anything with Your Credit Card Number on It

Don't toss your credit card billing statements directly into the trash; they typically have your full credit card number printed on them. Shred them to keep dumpster divers from getting their hands on your credit card number. The same thing applies to old credit cards that have expired or been canceled.


8. Don't Sign Blank Credit Card Receipts

Always verify the amount on your credit card receipt before signing it. If you get a credit card receipt that has blank spaces in it, write $0 in those spaces or draw through them before putting your signature on the card. Otherwise, the cashier could write in an amount and send the purchase to your credit card issuer.


9. Avoid Giving out Your Credit Card Information

Only give your credit card number or other sensitive information on calls you initiate. Not only that, when you call your credit card issuer's customer service, use the number on the back of your credit card. Don't return calls to a phone number left on your answering machine or sent to you in an email or text message. It's hard to be sure a scammer hasn't left a fake number for you to call.

Don't give your credit card number to anyone who calls you requesting the number. Credit card thieves have been known to pose as credit card issuers and other businesses to trick you into giving out your credit card number.


10. Play Safe with Your Credit Card Online

Don't click on email links from anyone that looks like your bank, credit card company, or other business who uses your personal information, even if the email looks legitimate. These links are often phishing scams and the scammers want to trick you into entering your login information on their fake website. Instead, go directly to that business's website to login to your account.

Make sure you're cautious when you're using your credit card online. Only enter your credit card number on secure websites that you can be 100% sure are legitimate. To be sure a website is secure, look for https:// in the address bar and lock in the lower right corner of your internet browser. Taking these extra steps will help you avoid credit card fraud.


11. Report Lost or Stolen Credit Cards Immediately

The sooner you report a missing credit card the sooner your credit card issuer can cancel your credit card and prevent fraudulent charges. Reporting your lost or stolen credit card as soon as possible lowers the likelihood that you'll have to pay for any fraudulent charges made on your credit card. Write down your credit card companies' customer service number now so you'll have them if your credit cards are ever missing.


12. Review Your Billing Statements Each Month

Unauthorized charges on your credit card are the first sign of credit card fraud. If you notice a charge you didn't make, no matter how small, report the charge to your credit card issuer immediately. Your credit card issuer will tell you whether you should close your account and get a new account number to avoid credit card fraud.


13. Make Strong Passwords and Keep Them Safe

Your credit card number may be stored in a number of places online. For example, you may save your credit card on Amazon so you can make one-click purchases. Make sure you use strong passwords with a combination of upper- and lower-case characters, numbers, and even characters, and avoid writing or sharing your password.


14. Check ATMs and Petrol Filling Stations for Credit Card Skimmers

Credit card thieves sometimes place credit card skimming devices onto the credit card readers at gas pumps or ATMs. These skimmers capture and store your credit card information and credit card thieves come back later to get the device. Skimmers are placed on the regular credit card swipe, so if anything looks off about the place you're swiping your credit card, go to another gas station or ATM.

Also read:

How to Reduce Security Risks From WordPress Plugins

Joomla Security - The Complete Guide

Best Practices for OpenCart Website Security

Best Practices for Magento Website Security

Additional Measures You Need To Protect Your Web Shop

The more security you have for your webshop, the greater your chances of avoiding fraud. Although fraud still happens every single day – regardless if you have utilized all these steps – you can reduce your risk of fraud significantly. This does require, however, that you are actively monitoring your webshop and following up on any red flags you notice.

1. Select an Appropriate Ecommerce Platform

Most ecommerce store owners prefer Magento, OpenCart, WooCommerce, or PrestaShop for ecommerce platforms. It’s essential to select an appropriate one from them according to your requirements.

You need to keep in mind the key factors such as security, convenience, robust functionality, and ease of use.

2. Never Forget to Use HTTPS

HTTPS is the most secure standard in website security these days. The outdated HTTP protocol can lead to severe repercussions, so in an effort for overall security of the visitor’s data, many website owners have decided to use HTTPS on their site.

Earlier HTTPS protocol was only used on the payment pages.

To initiate the process of switching over to HTTPS, select an SSL Certification. You can purchase it from your hosting company or an SSL merchant.

It’s an easy process, just follow these steps:

  1. Shift your site to HTTPS
  2. Set up 301 redirects
  3. Update all the internal links on your site

3. Secure the Admin Panel

A weak password is all that a hacker needs to manipulate your website. But it can lead to a huge loss for your business. Keep your website away from malicious hackers by securing your admin panel.

  1. Use a secure password for all entry points of your website. The password should be at least 8-12 characters long. It should contain alphanumeric and special characters. An easier way to generate a strong password is to use a tool like lastpass.

Another good step is to use cPanel dashboard to create backups:

Follow these steps, to generate a full site backup in cPanel:

  1. Log into your website’s cPanel.
  2. Navigate to the Files section, then click on the Backups icon.
  3. Under the Full Backup section, click on the Generate/ Download a Full Website Backup option.
  4. In the next page, select the Home Directory option from the Backup Destination drop-down menu.
  5. For setting your Email Address preferences, you can select whether you want to receive an email notification once the backup is complete or not. You can also change the email for receiving the notification.
  6. In the end, Click on Generate Backup.

Once complete, this will place the backup in your home directory, with the extension tar.gz.

To download the backup from cPanel:

  1. Log into your website’s cPanel.
  2. Navigate to the Files section, then click on the Backups icon.
  3. Under the Full Backup section, click on the Generate/ Download a Full Website Backup option.
  4. In the Backups Available for Download section, click the hyperlink for the particular backup file that you wish to download.
  5. To complete the process, Select a destination folder on your system where you would like to download the backup.

More resources:

Recommended Security Checks For Your Joomla Website

How to Prevent an Exploitation of Your Website by An Attacker

4. Avoid Storing Credit Card Details

You should avoid storing customer credit card details on your server. But if you have to, then get PCI Compliance certificate. PCI compliance certification assures that the credit card data is safe on your website. You will have to first pass the compliance assessment.

Points to follow:

  • The first step is to determine the Compliance Level
  • Do the self assessment questionnaire
  • Attestation of Compliance
  • Submit the documents.

You can also handle the payments using a third party payment  gateways such as stripe, PayPal. These processors allow smooth payment processing and an enhanced ecommerce experience.

5. Protection Against SQLi, XSS, Malware

As a website owner, it’s very important that you protect your website against threats like Cross Site Scripting (XSS), SQL injections, Bad Bots. If these vulnerabilities aren’t fixed they leave your website’s data at a risk of being exploited by hackers.

You could either go through your store’s code and fix such vulnerabilities or use a security plugin.

6. Use an Ecommerce Security Plugin

Security plugins are a simple way to enforce security protection on your website. They provide protection against Bad Bots, SQLi, XSS, Code Injections and hundreds of other severe attacks. One of the most secure, easy to implement, feature rich security plugin is Astra. It helps automatically secure your site and virtually patch software by preventing malicious requests from ever reaching your website.

7. Ecommerce Security Best Practices

Go through your particular CMS’s security best practices documentation and follow all the steps mentioned there. This will configure your particular CMS in a secure way according to the CMS’s guidelines.

8. Keep Ecommerce Platform Updated

Keeping the ecommerce platform updated is one of the most integral and crucial steps in having all-round security of your website. Keep updating the CMS, themes, plugins regularly. Outdated versions of the themes and plugins tend to have vulnerabilities in them that lead to the website become insecure and exploitable.

Share this post

Comments (0)

Leave a comment


Powered by Simple Blog