Fraud Prevention for SMB Ecommerce Sites

Tuesday, February 25, 2014
Posted by Brawlin Melgar

By Ash Curtis

One of the biggest factors in ecommerce is consumer trust. Without trust brands cannot develop and build relationships with customers on the internet and, without relationships, the consequences can be grave for a fledgling merchant.

This is critical in an age in which ecommerce is a main driver for business revenue. According to a 2013 white paper by CyberSource, 70 per cent of merchants expected online revenues to grow that year while 26 per cent was the average forecast revenue increase for those which expected growth.

However, fraud continues to be a problem; it has been a stumbling block in recent years and will be in the future if online merchants don't implement fraud prevention systems that instigate trust between consumer and business. For instance, a report by the Centre for Ecommerce and Business Research claims the cost of ecommerce fraud to the UK economy by 2015 is expected to grow by £30 million. The amount of opportunities for fraud created by the rise of social networking and proliferation of mobile devices means the impact of commerce fraud on the UK economy is likely to rise by 18 per cent - from £165.2million in 2011 to £195.3 million in 2015.

As a result, it pays for ecommerce merchants to invest in powerful solutions that protect online merchants from fraudulent transactions, chargebacks and unauthorised payments.

A case study

One case study that all ecommerce merchants should read is that of Lush, a cosmetics group, which fell foul of online fraudsters a few years ago.

The company admitted it had been subject to repeated hacks between 4 October 2010 and 20 January 2011 - but only informed customers their credit card details could be at risk on 20 January. As a result, the firm took down their site and advised customers to contact their banks as their card details may have been compromised.

Furthermore, this act meant the business failed to encrypt the details held on its site and could have been in breach of PCI compliance. Customers were also worried the firm had been holding on to customer's financial data in an unsecure environment for an unacceptable amount of time.

"We are horrified that this has happened, we understand the distress of those affected and we appreciate our customers' continued support while we resolve the matter," said Lush in a statement. "We will be continuing to work with our credit card acquirer to carry out a full investigation in to this hacking attempt."

But, by then, the damage had been done.

Preventing fraud

To avoid another disaster like Lush, merchants should be taking a proactive rather than a reactive response to fraud.

Their first port of call should be implementing pre-authentication services such as Address Verification Services (AVS) and Card ID Identification (CVC) services. Working as part of the order screening process, merchants can check and process transactions in real-time through a platform provided by a payment provider. With this, merchants can manage possible CNP fraud quickly.

AVS also compares the billing addresses provided by the customer to the billing address of the card used, while CVC validates the security code found on the back of the card, adding an extra layer of fraud protection for merchants across the globe.

Another payer authentication service is 3D Secure, which requires the customer to enter a password to confirm their identity with the card issuer. Developed by Visa to improve the security of internet payments (MasterCard has adopted a similar protocol called MasterCard SecureCode), the protocol brings together the vendor, the acquiring bank and Visa/MasterCard to fully authenticate cardholders' identity. By requiring identity authentication, merchants can benefit from increased consumer confidence (thus increased sales), increased card acceptance through heightened merchant confidence and a reduction in cardholder disputes.

If merchants are using these fraud prevention systems, they can develop consumer trust by adding relevant security logos on their websites. A 'Verified by Visa' or 'VeriSign Trusted' logo shows to customers they are working with a reputable, secure merchant.

This goes some way to developing trust in consumers. Merchants with a high level of perceived site quality have a high level of perceived market orientation and trustworthiness in the ecommerce sector. With this level of trust, customers are much more likely to participate in ecommerce, making fraud prevention a winner for merchants.