Transcription
Your Guide toE-CommerceFraud Prevention
YO U R G U I D E TO E - C O M M E R C E F R A U D P R E V E N T I O NE-Commerce Merchants Often Pay aHigher Price for FraudA survey of fraud experts conducted by theAssociation of Certified Fraud Examiners(ACFE) found that organizations around theworld lose an estimated 5 percent of theirannual revenues to fraud.1 The opportunitiesfor retail fraud increase as new accesschannels and payment methods — includingmobile wallets, the EMV rollout and digitalchannel applications — are introduced.2In consumer-facing retail, fraud typically fallsinto the following categories: Fraudulent and/or unauthorized transactions Fraudulent requests for a refund or returnbounced checks Lost or stolen merchandise, and the costsassociated with redelivering these items,which can result in carrier fraud.Be Proactive to Reduce Your RiskReducing your risk of e-commerce fraudrequires a proactive approach. Your bestdefense is a strong offense. Merchantsshould take necessary precautions to protectconfidential data. This will protect their businessfrom a data breach and their customers fromidentity fraud. Even the smallest data breachcan cause an average merchant cripplingfinancial losses and damage to their brand’shard-earned reputation.“Reducing your risk ofe-commerce fraud requires aproactive approach because yourbest defense is a strong offense.”The Soaring Cost of Fraud andData BreachFalling prey to cybercrime can lead todevastating financial burdens. Fraudulentunauthorized card use in card-not-present(CNP) transactions can lead to the followingfinancial losses: The cost of chargebacks by card issuers The expense of issuing credits or reversalsto defrauded customers Revenue loss from a damaged reputationand eroded consumer confidenceAn ounce of prevention is worth a pound of cure.The 2016 LexisNexis True Cost of FraudSM Studysheds light on the high cost of online fraud andmerchants’ struggle against its onslaught.2 Thestudy reveals that there needs to be moreawareness of the value of investing in amulti-layered approach to fraud mitigation. It alsoconcludes that the right solution can justify theupfront costs as greater accuracy yields morepositive results on the bottom line.888.845.9457W W W . T S YS . C O M2
YO U R G U I D E TO E - C O M M E R C E F R A U D P R E V E N T I O N“Remember, if an order seemsquestionable, trust yourinstincts and check it out.”Here are some terms you should know andguidelines that can help you to reduce therisk of e-commerce fraud and help keep yourwebsite safe: PCI Compliance: This refers to the PaymentCard Industry Data Security Standard (PCIDSS) established by the Payment CardIndustry Security Standards Council (PCISSC) to help protect sensitive consumerdata from being compromised. Merchantsmust be able to certify that the way theystore, process and transmit cardholder datais in compliance with PCI standards. PCI-Compliant Secure Tokenization: This isdone through your payment processor as asecure way to store customer card data. Yourprocessor generates secure tokens for eachcustomer and customer account that youcan submit whenever a transaction occurs. Address Verification Service (AVS): This isused to verify the identity of the personattempting the transaction by checking thebilling address provided by the user with theaddress on file at the credit card issuer. AVScan be used on all domestic transactions toensure the addresses match. CVC2 and CVV2 Verification Numbers:These are found on most major credit cardsto provide an additional level of security. Theyare a 3 or 4-digit number printed on the backof Mastercard , Visa and Discover creditor debit cards and on the front of AmericanExpress Cards. Merchants should ask for thecode in all CNP transactions. 3-D Secure authentication tools: 3-DSecure stands for “Three DomainSecure” — the domains being the acquiringbank (retailer’s bank), the issuing bank (thecardholder’s bank) and the infrastructurethat supports the 3-D Secure protocol. The3-D Secure service is more commonlyrecognized by its various commercialnames: Verified-by-Visa , MastercardSecureCode , American Express SafeKey ,JCB International J/Secure andDiscover/Diners ProtectBuySM. Enhanced Fraud Protection Services:Automated transactional risk scoring canhelp you identify and prevent potentiallyfraudulent purchases by flaggingcustomizable triggers. Fraud Notices: When prominently displayedon your website and order forms, fraudnotices can deter online fraudsters. Common Sense: This is an invaluable tool.Remember, if an order seems questionable,trust your instincts and check it out. It’s alsoa good idea to save voicemails and emails,and to record all customer calls. It’s alsohelpful to call or email the customer to verifykey data before confirming their order.888.845.9457W W W . T S YS . C O M3
YO U R G U I D E TO E - C O M M E R C E F R A U D P R E V E N T I O NBest Practices forE-Commerce SecurityThe following list of best practices can helpyou protect your e-commerce website, yourlivelihood and your reputation. Choose a secure e-commerce platformwith an administration panel that is onlyavailable on an internal network andcompletely removed frompublic-facing servers. Use a secure connection for onlinecheckout and make sure you are PCIcompliant. Use strong SSL [Secure SocketsLayer] authentication for web and dataprotection to authenticate the identity ofyour business and encrypt the datain transit. Don’t store sensitive data. It is strictlyforbidden by the PCI Standards. Require strong passwords. Longer, morecomplex logins will make it harder forcriminals to breach your site from the frontend. Help customers to help themselvesby requiring a minimum number ofcharacters and the use of symbols ornumbers in their passwords. Set up system alerts for suspicious activity.This includes multiple and suspicioustransactions coming through from thesame IP address, multiple orders placedby the same person using differentcredit cards, phone numbers that arefrom markedly different areas than thebilling address, and orders where therecipient’s name is different than thecardholder’s name. Layer security. Start with firewalls, anessential aspect in stopping attackersbefore they can breach your network andgain access to your critical information.Then add extra layers of security to thewebsite and applications such as contactforms, login boxes and search queries.These measures will help ensure that youre-commerce environment is protectedfrom application-level attacks like SQL(Structured Query Language) injectionsand cross-site scripting (XSS). Provide security training to employees.Employees need to know they should neveremail or text sensitive data or reveal privatecustomer information in chat sessions asnone of these communication methods issecure. They also need to be educated onthe laws and policies that affect customerdata and be trained on the actionsrequired to keep it safe. Use strict writtenprotocols and policies to reinforce andencourage employees to followmandated security practices. Use tracking numbers for all orders.Issue tracking numbers for every order yousend out to combat chargeback fraud.This is especially important for retailers whodrop ship.888.845.9457W W W . T S YS . C O M4
YO U R G U I D E TO E - C O M M E R C E F R A U D P R E V E N T I O N Monitor your website regularly. Use areal-time analytics tool to observe howvisitors are navigating and interactingwith your website in real time to help youdetect fraudulent or suspicious behavior.You can even arrange to receive phonealerts for any suspicious activity, allowingyou to act quickly and prevent suspiciousbehavior from causing any damage. Youre-commerce site hosting company mustregularly monitor their servers for malware,viruses and other harmful software with aplan that includes at least daily scanning,detection and removal of malware andviruses on the website. Make sure your website host is backing upyour site and has a disaster recovery plan.Protect yourself against the loss of valuableinformation in the instance of poweroutage, hard drive failure or even a virus.To make sure your site is properly protected,back it up regularly (or make sure yourhosting service is doing so). Perform regular PCI scans. Regular quarterlyPCI scans by an approved scanning vendorcan lessen the risk that your e-commerceplatform is vulnerable to hacking attemptsand help maintain PCI compliance. Ifyou’re using third-party downloadedsoftware, stay on top of new versions withsecurity enhancements. A few hours ofdevelopment time today can potentiallysave your entire business in the future.as well as any third-party code such as Java,Python, Perl, WordPress and Joomla! , whichare often targets for attackers. It’s critical toinstall patches on all software such as webapps, X-cart, osCommerce and ZenCart . Consider a DDoS protection and mitigationservice. DDoS (Distributed Denial of Service)attacks are increasing in frequency,sophistication and range of targets.E-commerce sites can turn to cloud-basedDDoS protection and managed DNS servicesto provide transactional capacity to handleproactive mitigation and eliminate the needfor significant investments in equipment,infrastructure and expertise. Consider breach protection. TSYS offers aunique data breach security program that’sspecifically designed to help merchantsmeet the expenses resulting from asuspected or actual breach of paymentcard data. This assistance plan reducesmonetary exposure in the event of acardholder data compromise. It is designedspecifically to meet the expenses resultingfrom a suspected or actual breach of creditcard data from a business.In conclusion, knowledge is one of your bestdefenses against e-commerce fraud — byfollowing these best practices you can helpprotect your business, your revenue and yourcustomers from fraud. Patch your systems. Patch everythingimmediately on the day a new version isreleased. This includes the web server itself,888.845.9457W W W . T S YS . C O M5
YO U R G U I D E TO E - C O M M E R C E F R A U D P R E V E N T I O N ! () " " " " # , / % .% % & % ! ! -- '. !* , "- * ", / % 0 ) FRXQWULHV ZZZ HPYFR FRP 7RWDO 6\VWHP 6HUYLFHV ,QF DQG LWV DŷOLDWHV RZQ D QXPEHU 2)* ) 8 5 ) 4 . 8 - ! 7 1 ) 8 ! 1 ) : 9 ; -) 4 78 - : * !6 ) , .! 1 ) 4 ! - 8.1 . ) * !* * )& 9 - ) , - ) 5 ) - & 0 5 ! ) 1 * ) 9 4 % . , - 1 . ! )! ! * / * -7 ! 8 - 1 - ) !3 7 ! !-- 6 1 ,5 . 888.845.9457W W W . T S YS . C O M6
An ounce of prevention is worth a pound of cure. The 2016 LexisNexis True Cost of Fraud SM Study sheds light on the high cost of online fraud and merchants' struggle against its onslaught. 2 The study reveals that there needs to be more awareness of the value of investing in a multi-layered approach to fraud mitigation. It also
