Merchants selling virtual goods such as airtime or vouchers are the most vulnerable. I have seen people start up a website selling airtime and go bang within a fortnight. The more quickly your product is delivered, and the easier it is to resell, the more careful you have to be about your payment security.
Different kinds of business may attract different kinds of online threats, but nobody is completely safe. Even if you are selling a physical product, somebody may buy goods with a stolen card, have them shipped to a temporary address and then to resell them before anybody's worked out what's going on.
Even if a cardholder blocks his or her card the moment they know it is stolen, there remains that initial window period. It is almost impossible for a database to keep up with the millions of cards and millions of transactions happening around the world every second.
Websites that use affiliates to drive traffic are susceptible to their own set of scams, as are accommodation establishments. Even if you do not sell anything more valuable than cupcakes, you may find your site targeted by criminals who run through lists of stolen credit cards to make sure they are working before selling them on. The financial loss may not be that big, but it can take a lot of time and resource that small businesses do not have to sort things out."
Know your customers
The first step to take in protecting your online business is to know your customers and their buying habits if possible. A simple welcome call once they have registered, if your volumes allow it, can tell you a lot. Moreover, obviously the longer a customer has been with you and the more often they have made purchases, the more you can trust them. Do not automatically relax the rules for accounts over a certain age, though - fraudsters are wise to that one.
Limiting your exposure by imposing a transaction limit for new customers, or waiting a day or two before shipping, can also help. The art to managing your online risk is ensuring you are not overexposed, but at the same time gaining maximum return from your valid customers.
Then there is the 3D Secure system from Visa and MasterCard but it is not right for everyone and can't be used as the only security measure. Some customers hate it and will abandon transaction when the 3D Secure page comes up, so you may need to do some education and it doesn't apply to US credit cards or even to commercial MasterCards, so you need other protection as well.
Reputable payment gateway providers should offer extra levels of fraud protection. It is essential to have a conversation with your supplier about what it offers, what risks it can protect you against and whether it can give you access to more specialised third-party protection services if your need warrants it.
Whatever you do, do not just set up a website with a shopping cart and assume all will be well. Fraudsters are smart, brazen individuals - they are not to be underestimated.
Brendon Williamson is CSO at DPO PayGate, which processes payments for over 25,000 online merchants in Southern Africa. DPO PayGate (previously PayGate, VCS and PayThru) is a subsidiary of The Pan-African payments Group, Direct Pay Online (DPO).
LEGAL DISCLAIMER: This Message Board accepts no liability of legal consequences that arise from the Message Boards (e.g. defamation, slander, or other such crimes). All posted messages are the sole property of their respective authors. The maintainer does retain the right to remove any message posts for whatever reasons. People that post messages to this forum are not to libel/slander nor in any other way depict a company, entity, individual(s), or service in a false light; should they do so, the legal consequences are theirs alone. Bizcommunity.com will disclose authors' IP addresses to authorities if compelled to do so by a court of law.