Breadcrumb

How to Prevent Ecommerce Fraud

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedDec 20222 min read

Ecommerce sales are on the rise. While this is good news for ecommerce businesses, the bad news is it’s accompanied by increases in ecommerce fraud, which falls into the category of card-not-present fraud.

Fraud can result in a damaged reputation for your business, and can result in significant losses. If your company regularly suffers chargeback fraud, you may also suffer penalties from card networks

If you have an online store, it’s imperative that you protect yourself from fraudsters when taking online payments. In this guide, we’ll offer you some tips for optimizing your ecommerce fraud prevention strategy.

Ecommerce fraud prevention: best practices

Below, we’ll outline some of the steps you can take to arm yourself with ecommerce fraud protection.

1. Carry out site security audits

A great way to check how well your site can prevent fraud is to conduct a security audit. This involves asking yourself the following questions:

Are shopping cart software and plugins all updated?
Is the SSL certificate up to date and still working? An SSL certificate is a digital certificate that authenticates a site and provides an encrypted connection.
Is your commerce store PCI-DSS (Payment Card Industry Data Security Standard) compliant? All ecommerce sites that accept credit card payments must be PCI compliant. This means that your site meets the standards outlined by the Payment Card Industry.
Are all admin accounts password protected (with strong passwords)?
Is communication between stores, customers and suppliers encrypted?
Have all inactive plugins been removed?

2. Use AVS (Address Verification Service)

Wondering how to detect fraud in ecommerce? AVS is your answer.

In the same way physical stores have security to prevent shoplifters, you should have a service in place for monitoring suspicious behavior on your site - and AVS is just that.

Both credit card processors and issuing banks can offer you AVS to help you detect suspicious transactions. It works by checking that the billing address provided and the cardholder’s billing address are the same. When the addresses don’t match, the transaction is either declined or flagged as worthy of investigation.

3. Use HTTPS (Hypertext Transfer Protocol Secure)

HTTP is the protocol used to transfer data between a customer’s browser and your ecommerce site. HTTPS is the secure version of this protocol. It encrypts data so as to protect customer information. This prevents cyber attackers and fraudsters from being able to view sensitive customer data. You can utilize HTTPS by purchasing an SSL certificate.

4. Limit how much sensitive customer data you collect and store

A way to protect your store and customers in the case of a data breach is to avoid collecting and storing more customer data than is strictly necessary. Collect the minimum data required to complete an order, but avoid asking for extra information like birth dates or social security numbers. That way, fraudsters can’t do away with large amounts of sensitive data.

5. Use an anti-fraud solution

A simple but effective way to reduce ecommerce fraud is to use an anti-fraud software solution. There are a variety of different software available. The right solution for you will depend on which tools you require, although most will have tools for identifying fraudulent transactions and verifying addresses.

Catch payment fraud with GoCardless

With GoCardless’s Verified Mandates, you can check whether a new customer’s bank account details are genuine without compromising the checkout experience.

With Verified Mandates, verification happens during checkout. Powered by Plaid, customers are taken directly to their online banking login. From there, details are verified quickly and easily. We then send both business and customer immediate confirmation that the account has been successfully verified.

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.