Connect with us


How to keep your customers safe from online credit fraud

Customers are important to any business and keeping them safe from online credit fraud and other security threat is necessary.



online credit fraud

Few things matter more than trust when you are running an online business.

Can the customer count on you after they purchase on your business? On the other hand, how secure is your business against credit fraud? Protecting the customer’s data should be the priority in your online business.

For those who are doing business online, there are two types of online fraud that could happen to you and your customers. The first is the account takeover, which, as the name implies, is when someone takes over a customer account to make unauthorized purchases.

This is a brute attack on a client or customer account.

Identity theft is the second most common type of online fraud and is an attempt to steal your customer’s username, password, credit card number or other personal information.

These two categories of online fraud can affect your online business through hacking and phishing schemes.

Online fraud can be devastating to a business as well as the customer. As someone who owns and operates an online store, you want to ensure that your customer or client information is secure.

Here are seven practices that you can incorporate into your online business management to protect your customer privacy and business security against credit fraud.

1. Achieve and maintain industry standards.

Payment Card Industry Security Standards Council (PCI SSC), an organization which includes Visa, MasterCard, and American Express, set guidelines to protect consumer data. You can visit the PCI Security Standards website to have enough knowledge about its full requirements.

Online businesses are mandated to comply with these standards to maintain a secure environment for customers. PCI compliance includes basic security precautions that include changing factory default passwords on all network connection and setting up a good quality firewall between your internet connection and any system that stores and retrieves credit card numbers.

2. Be informed that your e-commerce platform provider can help you with or completely handle your PCI compliance.

For instance, PayPal offers Payflow Link, which is a PCI-compliant solution and handles PCI standards for you. Make sure to follow these guidelines by PCI Compliance as this is mandatory and to avoid any fines or penalties.

3. Always check your site security.

As the owner, you know very well your business than anybody, so you have the responsibility to monitor the security of your site. Part of securing your site is to regularly update your passwords to your web server control panel and databases.

You can also use tools to that could track customer IP addresses. Check if they are using free or anonymous email addresses (i.e., Gmail or Yahoo).

This is because the chance of fraud is higher from a free email service provider than from a paid or hosted service.

4. Monitor accounts and transactions.

Another tip is to monitor accounts and transactions on your site to detect any red flags such as a big number of orders using different credit cards, as well as inconsistent contact and billing information.

There are types of fraud monitoring steps implied by some e-commerce platforms already. For instance, PayPal has a set of Fraud Management Filters that screen and sort transactions.

A business should know the standards of the Payment Card Industry Security Standards Council for credit card payments. (Source)

5. Do not store customer payment or card data.

Any personal information associated with the cardholder such as an account number, expiration date, name, address, Social Security number, etc., is called as cardholder data. PCI standards forbid storing customer data, especially credit card numbers, expiration dates and CVV codes.

However, if there are cases that you have your customers’ cardholder data, get rid of them immediately. Your online business should keep only a minimum amount of data as possible.

The exception to this rule is meeting PCI standard encryption and storage policy guidelines before storing cardholder data (but never CVV codes). Always remember that hackers will have no reason to rob you as long as you do not have data to steal.

6. Require strong passwords.

Customers will find it a hassle when you require a strong password, but they will appreciate the added protection.

These kinds of passwords could have at least eight characters and be an alphanumeric password that requires at least one upper-case letter and one special character. While security cameras may not be an option, signage is. Site design can also be a security feature.

One example would be the initiatives taken by MX Store in Australia. Warnings such as the following which appears throughout their site serve to make would-be fraudsters think twice as well as increase user confidence.

“Please note due to an increase in for Dylan activity, all credit card payments are subject to a routine fraud check procedure. If you require this product urgently, please make payment via PayPal Express. This is the easiest secure method to receive your parcel as soon as possible. Please contact our customer service team on one 1300 871 290 if you have any questions or issues. Thank you for your understanding and cooperation.”

Let your customers know that this kind of password is not easy for hackers to access.

Hackers cannot breach information and perform deceitful transactions from an account that has a complicated password.

7. Train your staff.

Aside from the security measures that an owner should follow for his or her business, the staff should also have security and fraud training and security procedures to follow. They should be taught to have a vested interest in the security of the business and its customers or clients.

First of all, they have to understand the significance of the work they are doing so that they can protect themselves, your business and your customers from any fraudulent activities.

They need to learn to protect their own work and personal assets as well as the company’s assets.

Business should require that their own staff has strong and complicated passwords—just as they would expect this from their customers or clients.

They need to learn how to detect potentially fraudulent transactions, and there must also be a procedure in place on how the staff should respond to the occurrence of hacking or fraudulent activity.

They will also need a procedure to communicate effectively with customers about any attempted or successful fraudulent activity.

Staff training and education are critical here. The more equipped your staff are and the more aware they are of the potential for hacking and credit card fraud, the more they can protect not only the customer but also the very business that employs them.

DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.

David Trounce is a small business consultant living in Port Stephens Australia. He is the Founder of Mallee Blue Media and specializes in small business marketing and management. David also writes for, My Customer and the Huffington Post.