As with any online activity, running an ecommerce business can leave you exposed to a variety of risks. Before you launch your new venture, take some time to understand the risks of selling online, and how best to deal with them.
[Note: This article is Part 4 in a seven-part series by Chris Dahl providing an essential guide to setting up your ecommerce business. Read , , and Part 3: Accepting online payments: the essentials.]
With a strong product offering and digital presence, your venture could see a ton of sales in just a short time. Whether you stay successful is another matter. An excess of fraudulent orders could see you hemorrhaging thousands of dollars in chargebacks, while the ramifications of poor website security could have a severe impact on your brand.
Fortunately, this is only a worst-case scenario. The services available to startup businesses these days offer numerous safeguards against known threats. It’s easier than ever to establish sound business practice and a solid infrastructure from the very beginning. Let’s explore how.
What is a chargeback?
A chargeback is when a cardholder disputes the sale made on their card. This is ordinarily because they claim not to have authorised the transaction or made that particular purchase. The cardholder contacts their bank or credit association and demands their money back.
Chargebacks are an insurance feature, designed to protect cardholders in the case of admin errors, unreceived deliveries or faulty goods being supplied. The downside is the challenge they present to your business when issued as a result of fraud.
What is fraud?
Fraud occurs when a person intentionally misleads for personal gain. Because online purchases don’t require the cardholder to be physically present, a customer’s identity can be masked, increasing the chances of your business engaging with customers who aren’t the people they claim to be.
If a lost or stolen card is used to place an order, the true cardholder may request a chargeback, leaving your business with an expensive lesson in risk management, especially if the goods have already been delivered.
Fraud isn’t limited to customers using other people’s cards, however. Cardholders themselves may request chargebacks, even if they legitimately placed an order and their goods arrived as described. This is known as chargeback fraud, or friendly fraud.
What is information theft?
Information theft is a general term describing unauthorised access to private data. It’s most often talked about in the context of identity theft, where someone pretends to be you in order to conduct fraudulent activity under your name. But information theft may also include the stealing of trade secrets (industrial espionage), secure documents (document theft), or any other files and data that could be used against you.
As an ecommerce business, your primary concern should be for the security of your website and customer data, ensuring malicious third-parties can’t gain access to your databases or eavesdrop during a payment transaction.
How to minimise risk when selling online
Know your customer before accepting their order
Knowing your customer (KYC) is sound advice as well as standard industry practice helping you stay protected from fraudulent transactions and costly chargebacks. KYC is a business owner’s due diligence, which should involve:
- collecting basic customer information,
- assessing the risks of dealing with each customer, and
- keeping records of a customer’s transactions to help determine the risk in future.
Just as a restaurant owner would think twice about serving a ‘dine and dash’ customer a second time, an ecommerce business can take reasonable steps to prevent being duped by fraudulent customers using stolen credit cards.
KYC measures come included in the services provided by ecommerce and online payment platforms. When shopping around, you’ll find varying degrees of assistance in the KYC process, so be sure to ask what a provider can do to help you protect your business.
Adopt clear and consistent communication practices
As strange as it sounds, some cases of fraud are accidental. It’s not unusual for a cardholder to forget they’ve placed an order by the time the charge appears on their credit card statement. This is made worse by bank statement descriptions that are hard to recognise.
For example, if your website is named “Candles & Aromatherapy Supplies”, but the transaction is listed under your company name “Smith Holdings Pty Ltd”, it’s likely your customer won’t recognise the charge.
Ensure you can accurately specify the charge description on your customers’ bank statements. Otherwise, make sure you let your customers know what they can expect to see. A clear and consistent approach to communication can be as simple as a one-liner in an order confirmation email, listing your company name.
Ensure your payment platform is secure
Even with the facilities available to business owners today, some websites still ask their customers to send payment details via email or through a non-secure web form. In these cases, all it takes is an email- or eavesdropping-based hack to steal that customer’s identity for making fraudulent purchases.
A secure payment platform eliminates this risk, and safeguards against other types of unauthorised activity. If you’re setting one up yourself, you’ll find all the security requirements outlined in the (PCI-DSS), covering network security, data protection, vulnerability management, access controls, security monitoring, and policies governing how your staff can contribute to keeping your business and systems safe on a day-to-day basis.
As you can imagine, full PCI-DSS compliance is a hefty challenge for startups and small businesses. The most practical approach when starting out is to find a PCI-complaint payment provider offering an infrastructure that handles the entire process on your behalf. Without needing to handle credit card data on your own site or servers at all, you can reduce both the time and costs involved in offering a properly secured service.
About the author
By Chris Dahl, Director, Sales & Growth at Pin Payments, an all-in-one payment provider, enabling businesses to accept payments around the world without a traditional gateway or merchant account.