Courtesy navigation

How to stop online fraud on your website

A shadow of a hand over a keyboardOnline fraud is the curse of any ecommerce operation and it seems the scammers will try anything to rip you off, from supplying someone else’s credit card details to claiming refunds on allegedly incomplete deliveries

Chris Barling of ecommerce software provider SellerDeck explains how to combat fraud in your online retail business.

It’s easy to prevent online fraud. Just don’t ship any orders. This somewhat silly statement perfectly illustrates the problem.

The challenge is not simply to reject suspicious orders, it’s to find the right line between online fraud prevention and losing good business.

Online fraud does not affect all ecommerce websites. The incidence varies greatly between different categories.

With known-buyer fraud, the buyer tells lies about the product they received in order to get free goods by demanding a full or partial refund. With straight fraud, you are dealing with an unknown person who is using stolen card details.

Measures to combat online fraud

The big change in the past few years has been that banks have started to take online fraud seriously. There are now a range of services such as address verification service (AVS), CV2 (the code on the back of the card) and 3D Secure (also known as Verified by Visa and MasterCard SecureCode).

Banks have also introduced the payment card industry data security standard (PCI DSS) which tries to make it more difficult for scammers to acquire big treasure troves of card details.

Alongside this we have seen the rise of anti-fraud services like DataCash, which checks more than a billion online payments a year and claims to prevent £1m of attempted fraud a day.

How can small firms prevent online fraud?

The approach adopted by a merchant really needs to combine the technical weapons in the armoury with some sensible internal policies.

With a policy-based approach, you should be defining what to do when suspected online fraud is flagged by technical indicators or orders over a certain value.

Contacting the buyer by phone or email can be very effective, as can asking for details of 'the order'. If the fraudster has placed several orders, they won’t recall a particular one very easily — and they don’t want to talk to the merchant anyway.

A second line of defence can be adopted if you are is still uncertain whether an order is genuine. Simply ask for payment by an alternative means, such as cheque or even a different card, which would need to have the same billing address.

In order to implement these checks, you need a payment service provider that supports them. So make sure that your payment provider supports 3D Secure, AVS, CV2, preferably one of the independent fraud checking services and of course is PCI DSS compliant.

When you have these services up and running, mention them on your website as they boost trust and may discourage online fraudsters from chancing their luck.

It’s a fact that you can gain a competitive advantage by controlling online fraud. When we are all struggling to increase sales by small margins, getting the fraud percentage down while rejecting few good orders can provide a small but genuine edge.

More on this topic:


Add a comment

Not registered? We'll create a new account for you when you add your comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <p>
  • Lines and paragraphs break automatically.
  • Links to specified hosts will have a rel="nofollow" added to them.

Not registered? We'll create a new account for you when you add your comment.
Account information
Your name on the Donut websites
Personal information
Your first and last name, please
We'll send your registration details here
Just the first part - eg SW17
Not in the UK? You can still leave comments:
I would like to receive the My Donut e-newsletter

When you click 'Register' to create a new account, you accept our terms of service and privacy policy

We check all comments before publishing them on the site.