Risks

• Fraudulent purchases resulting in lost revenue and credit card chargebacks.
• Unauthorised access to your systems and theft of customer information, such as credit card details.
• Website defacement and denial of service attacks whereby vandals or criminals attempt to disrupt your business, typically to extort money.
• Damage to your reputation arising from any of the above.

Avoid fraud and chargebacks

Learn to spot the warning signs that might indicate a dodgy order:

• Using the most expensive shipping methods.
• Ordering the most expensive products or unusually large quantities.
• Using free, web-based email addresses.
• Different credit card and delivery addresses.
• PO Box delivery addresses.
• International orders.
• Unusual order patterns: for example, orders placed in the middle of the night or in rapid succession.
• If you suspect a fraud, there are some ways you can check:
  • Call the ‘buyer’ and ask to speak to the cardholder. Do they sound genuine?
  • Ask for a fax of the back strip of the credit card or proof of name and address.
  • Check dubious card details with your payment provider to see if the address, security code and postcode match.
• Take steps to protect yourself against fraud:
  • Consider only delivering to credit card billing addresses.
  • For business to business sales, run a credit check on new customers.
  • Consider adopting a verification program like Verified by Visa or MasterCard SecureCode.
  • Take advantage of any fraud screening programs run by your payment services provider.
  • Get the card security code for credit cards (the extra three security digits on the signature strip) and check it.

Protect your website

Make sure your ecommerce website is secure. If you have created your own ecommerce server rather than using a third party hosting company, it is especially important to make sure that the hardware and software is secure. In summary:

• Use the latest version of any ecommerce software. Old versions may have flaws that hackers can exploit.
• Use strong passwords throughout the system. Don’t leave any password set to its default value.
• Make sure the server is protected by an effective firewall and anti-virus software.
• Monitor log files carefully to spot any attempts at intrusion.
• Don’t store customers’ private information and credit card details on a public ecommerce server.
• Protect your SSL details and keep them secret.
• Consider getting a professional penetration testing firm to test the defences on your ecommerce server.

More information

• SecureTrading has an online guide to fraud prevention.
• Business Link has an extensive guide to all aspects of ecommerce and accepting online payments.
• The Electronics Payment site has lots of advice about eCommerce.