If you run an e-commerce business, online credit card scams and fraud can cost you big money in chargebacks, penalties, and other losses. You need systems in place to protect your customers’ card data–but where do you start?
PCI-compliance guidelines for e-commerce business owners
In September 2006, the Payment Card Industry Security Standards Council (PCI SSC) established a set of 12 requirements to help protect credit cardholder information. All organizations that accept, process, or handle credit card information must adhere to the PCI Data Security Standards (PCI DSS). (Learn more about PCI-Compliance.)
Even with these guidelines in place, credit card theft affects millions of people every year, costing billions of dollars in fraudulent activities. So, besides making sure you’re PCI-compliant, what can you do about credit card fraud?
Seven simple ways to help you reduce online credit card scams and fraud
1. Use a customer information tracking code in your order form. When a customer fills out an order form on your website, the tracking code will provide information about the computer used to make the purchase–such as the IP address. For merchants using this code, make sure you have a privacy and security policy on your website that tells customers what you will do with their data and how you will protect it.
2. Require cardholders to provide their Card Validation Code (CVC) or Card Verification Value (CVV). Asking for this number will help verify that the customer has the card in their hand at the time of the purchase. Decline orders that gives an invalid number.
3. For customers within the United States, use the Address Verification System (AVS). This will compare the billing address entered by the cardholder to the billing address on file with the credit card issuer. Decline orders that provide an incorrect billing address.
4. Call your customers to confirm orders. A scammer could provide an invalid telephone number, or simply avoid your phone calls. If you can’t get your customer on the phone to confirm, then cancel the transaction. On the other hand, the scammer may provide the real cardholder’s telephone number. By calling to confirm the order, you could alert the cardholder that someone stole his or her credit card information.
5. Scan your transactions carefully, and use common sense to determine whether they are fraudulent. Some scammers may purchase multiple small items at once, and others may place several small orders to look less conspicuous. Some may buy many expensive items, others may buy just one large ticket item. When in doubt, always call to confirm the order.
6. Be wary of orders that request rush delivery. Sometimes there are legitimate reasons why customers need their goods delivered overnight–and if you call to confirm, they’ll gladly explain. However, most scammers specify one-day or overnight delivery because they aren’t paying for shipping costs.
7. Use a well-known, reliable online fraud prevention provider. Look for services that offers security features such as a fraudulent customer database. The service provider will update the database network whenever they detect fraudulent activity on a merchant’s site.
Instabill is an online payment processor specializing in high risk merchant accounts