The holiday season is the “most wonderful time of the year” for retailers, thanks to the multibillion-dollar shopping frenzy that begins on Black Friday. Unfortunately, for retailers the holiday gift-buying season is also the peak season for e-commerce fraud. That’s because criminals know they can often push more fake orders through during sales peaks when retailers’ fraud-screening resources are overwhelmed and the pressure is on to approve orders fast and avoid losing business to competitors. So even if you have a secure and reliable web host like A Small Orange for your business site, you will still need to be on guard for fraudulent purchases.
To make matters worse, there’s been an explosion in online retail fraud since last year’s EMV liability shift, which made it harder for criminals to use counterfeit magnetic stripe cards at point-of-sale terminals in brick-and-mortar stores. Between last October and the end of Q1 2016, RetailDive reported a 137% jump in ecommerce fraud attempts.
Ideally, every retailer would work with a fraud-prevention service that has the most up-to-date data on known criminals and uses biometrics and geo-location to evaluate orders. If that’s not yet in your budget, or if you don’t think you have time to select the right partner before the holiday rush, here’s a list of the fraud prevention steps you can take now to make your shop less appealing to holiday-season fraudsters.
- Review your existing fraud protection. Who provides it, and what’s included? Payment service providers usually offer some screening as part of their card-processing role. Make sure you understand what your PSP handles, what you’re responsible for, and how your PSP can help you if you have questions. Make sure you are using secure and reliable web host and consider adding on a site lock option to your hosting plan, this is available as an option for all of A Small Orange’s hosting plans.
- Don’t assume your business is too small to be a target. Fraudsters know that smaller retailers often have less effective fraud screening protection than major retailers. In fact, they often seek out and share information on vulnerable shops online.
- Do you have velocity and transaction limits in place with your PSP to flag suspicious transactions for further review? If not, now’s the time to set those up. These limits alert you to screen high-dollar-value orders and multiple orders from the same customer placed in an unusually short time, which are potential fraud red flags (more on those below). Ask your PSP if you’re not sure how to set up those limits.
- Make sure your fraud protection is scalable. This can be a challenge for small businesses who do it all themselves, but it’s important, because most fraud attempts now are done in rapid-fire style through criminal botnets. Especially during holiday sales peaks, you need to balance the need to keep good customers happy by approving orders quickly with the need to screen your orders for fraud. If you don’t have the resources to accurately screen transactions during heavy sales periods, now’s the time to talk to your PSP about your options this holiday season.
- Know the most obvious red flags for fraud screening. They include
- Big-ticket orders from a customer who’s never shopped with you before, especially if they request rush shipping
- Many orders made by the same customer in a short amount of time using different cards
- Multiple orders from different customers all shipping to the same address
- An order or orders made by a new customer for the same item in various colors/sizes/models
- Customer billing that doesn’t perfectly match the card companies’ Address Verification System (more on the AVS below)
- Set product-return time limits to reduce the likelihood that scammers will buy, use, and then return your goods for a refund.
- If you’ve had a problem with chargebacks or returns of used goods in the past, you can block future orders from those customers.
- Require CVV (Card Verification Value) numbers for all card transactions. The CVV is a 3- or 4-digit number on the back of the card, included to prove that the customer actually has the card in their possession.
- Limit the number of times the customer can attempt to enter the correct CVV or expiration date before you shut down the order. This can reduce or prevent “card testing” — guessing by fraudsters who have the card number but not the other information.
- Require that all orders include a telephone number in case you need to contact customers to verify their information.
- Compare all billing addresses to the Address Verification System used by the card companies. If there’s a mistake, don’t approve the order until you find out whether you’re dealing with a fraudster or a legitimate customer who made a data-entry mistake.
- Require that your customer sign for delivery, especially if the item they buy is expensive. A delivery signature and timestamp from your shipper can help invalidate false chargeback claims later on. If your current shipping partner doesn’t provide delivery signature service, find one that does. Some shippers will also let you cancel delivery if you learn after fulfillment that the order was fraudulent, which can spare you the expense of lost merchandise.
- Contact your PSP and/or the customer whenever there’s a question about the validity of the order. Don’t approve the order until you have evidence that it’s valid.
- Schedule a post-holiday fraud review now so you can see how your fraud protection plan performed. Then you can decide how to strengthen it even more for the 2017 holiday season.
This all may seem like a lot to do, but taking these steps now can protect your business from lost merchandise, lost revenue, and expensive chargeback fees, so the most wonderful time of the year is more profitable for your business.
Need the perfect host to get your website up and running in time for the holidays? Visit A Small Orange for all your holiday hosting needs!