Secure Your Shopping Site

The dot.com boom may be over, but eCommerce is still going strong. In fact, business worth £23.3 billion was done over the internet in 2002, according to figures published by the Office for National Statistics in October last year. Figures for 2003 are expected to be much higher.

This presents an increasingly attractive target for crooks and fraudsters.

Fraud is easier and more widespread online. In America, losses to online fraud are nineteen times higher than offline sales, according to Gartner, a research company.

Sometimes, just a threat is enough. In the first two weeks of March 2004, extortionists threatened that they would shut down online bookmakers’ websites if they didn’t cough up $10,000 each. The targets of this hackmail included well known names like William Hill, Coral, BetDaq and others.

For smaller businesses, the biggest risk is fraudulent credit card payments and the dreaded charge-back. A payment can be authorised by the cardholder’s bank, the goods sent and then, weeks later, you have to repay the bank because the card in question was a fake. You don’t just lose your profit on the sale; you lose the entire cost of the goods you supplied. This system protects customers and the banks but puts the weight of fraud prevention on the retailer’s shoulders.

Well-run online business can do a lot to reduce the risk and cost of fraud.

1. Provide encrypted (SSL) transactions with a valid security certificate that proves to customers that you are who you say you are
    
2. Validate postcodes and addresses to make sure they are genuine. Verify the card holder address with the bank if necessary. Be wary of PO Box delivery addresses. Consider only delivering to credit card billing addresses
    
3. Get the card security code for credit cards (the extra three security digits on the signature strip) and check it
    
4. Look for suspicious behaviour – repeated attempted to pay with slightly different credit card numbers, orders being placed so rapidly that they must be done automatically, multiple orders from one customer in a short space of time, orders placed in the middle of the night etc
    
5. Check email addresses: beware of anonymous or odd ones
    
6. Get the purchaser’s IP address and, if you have concerns, check it with Antifraud.com, which can trace the address. Be wary of cards from one country being used in another and especially wary of countries that are notorious for fraud
    
7. Consider doing a credit check, with a firm before shipping goods. This applies as much to business customers as individuals
    
8. Consider getting insurance against charge backs resulting from fraudulent use of customer’s cards and customer protection insurance
    
9. Use your merchant service’s fraud protection tools. For example, Barclaycard's Merchant Services system has an optional fraud screening feature and address verification
    
10. Good technical housekeeping: don’t store private customer information on the public-facing eCommerce site where it can be hacked, keep a back up of your site in case it is vandalised, make sure your eCommerce and server software is patched and up-to-date and ensure you have an effective firewall. Put in place good computer security in the rest of your business: up-to-date patches, firewalls and virus protection are the minimum