Six easy strategies for protecting your online store from fraud
As more and more businesses pivot to online sales, the corresponding rise in online fraud is inevitable. And, every day, hackers and fraudsters are finding new and ‘creative’ ways to attack online businesses, scamming them out of money and goods.
We know—that’s a pretty heavy paragraph to open with. But it’s not all doom and gloom. Once you understand how to identify online fraud, then you’re already giving yourself a greater chance to put strategies in place to better manage these situations.
Detecting fraud can be difficult, but there are warning signs
The big problem is that online fraud can be so sophisticated these days that you may not even be able to tell it’s occurring. We say ‘can be’, because if you check your email spam folder there’s going to be at least one phishing email about a mystery consignment from a US General or a long lost family member. Online fraud that occurs against small businesses, though, is a lot more complex.
However, there are some red flags to be aware of that may help you identify potential fraud incidents. You can look for:
Suspicious customer contact information. This can include things like email addresses that are just a string of letters and numbers, or poorly-spelled names
Orders to the same address using a variety of different cards or using different contact details
Large order from clients who don’t usually make large orders
Large orders all of the same item
An order where the billing and shipping addresses are different
A random international order, or large volumes of orders from new countries
Orders made at strange hours. While they may be made during business hours in Australia, 3am in Russia isn’t a typical time to be making many online purchases
While these occurrences aren’t necessarily a guarantee of online fraud, being aware of the red flags is the first step to managing fraud in the future.
6 easy strategies to manage fraud online
Here are six easy strategies you can put in place that help protect your business and your clients against online fraud.
1. Be on the lookout for account takeovers
Customer accounts that have been lying dormant for a while are vulnerable to account takeovers. This is where a fraudster has gotten hold of those account details—whether it’s through hacking, ATM skimming, or they’ve bought the details from some shady source—and use them to make purchases. It’s essentially identity theft for that account.
They then use this account to buy goods for themselves using the account's details.
It’s possible to spot this type of fraud when it occurs. If you notice that a dormant account has suddenly sprung back to life, and then it starts doing something suspicious like making bulk purchases or changing their account details completely, then this can be an indicator of an account takeover.
If multiple customer accounts all suddenly change their details, particularly if they change them to one shared set of details, this is a big red flag of an account takeover.
While it’s difficult to combat in the moment, you can put methods in place to prevent future account takeovers. Outside of recommending your customers change their passwords regularly, two-factor authentication can be a strong tool in fighting this type of online fraud.
2. Use two-factor authentication
Two-factor authentication provides that added layer of safety for your customers’ accounts when managing purchases. You probably already use it in one form or another, perhaps in your Gmail account, or your ATO online portal identification.
Now, while sending confirmation of an order via both text and email to your customers might sound like overkill, it’s a simple way to confirm that the person using the account to make the order is legitimate.
And if you do use two-factor authentication and the customer’s details immediately change, then you know you’ve got a scammer on your hands.
3. Use virtual cards for payments and change them regularly
Online fraud isn’t confined just to your customers. Your business can come under threat in your everyday business dealings—particularly when it comes to your payments.
One strategy to combat this is with virtual payment cards . Virtual payment cards are exactly what they sound like: a virtual debit card that you create for specific payment needs.
Creating virtual payment cards for you and your teams is a great way to monitor your spending, and ensure there’s nothing going awry. The beauty of virtual payment cards is that you can set their spending limit and even their lifetime, so the card details can be rendered obsolete after a certain timeframe, or after a set number of payments. And as there’s no physical card, there’s nothing that can go missing or be stolen, either.
Virtual payment cards are a safer, more secure way to manage your business’ spending online.
4. Double-check shipping details
As outlined above, suspicious shipping details can be a red flag that something isn’t quite right. This can indicate that someone has taken over that account and is using it for their own ends.
Fraudsters can make last-minute changes to their shipping details at check-out, meaning you send it to a different address to their billing. They may also be shipping goods to vacant blocks, empty houses, or new buildings. One tricky thing to look for, is any direction in the shipping details that can indicate that the packages may be rerouted during shipping.
Double-checking these details means you have a better understanding of where your products are headed, and whether anything seems amiss.
5. Defend your business and your customers against card testing
If you run an eCommerce business you should be aware of a type of fraud known as ‘card testing’. In this scenario, thieves are using your business’ payment portal to test the details of stolen credit cards to see if they work. This includes both physical credit cards and virtual cards.
It’s gotten to the point where fraudsters can use a script-based program that tests thousands of credit card credentials all at once.
One way that can help you get around this is by adding security measures like CAPTCHAs to your checkout pages, or any page where card information is required. High volume card testing scripts, and even bots, can be caught out by CAPTCHAs, and this can help distinguish card testing from human activity.
6. Do your due diligence
Taking a first-hand approach can provide that added layer of security, and peace of mind, that you’re doing everything you can to combat online fraud. Now, this one takes time on your part, but it can be worth it.
Check your orders. If an order rings some alarm bells for you, look up the address and phone number. You can do a quick google search, or check the White Pages. If no hits come up, or the address doesn't seem to correspond with the order, it could be fraudulent activity.
Check the IP address too. If the biller’s postal address is in Sydney, but the IP address is coming from another country altogether, then you might have an issue.
Yes, this method does require you to do some digging—but a little personal insight can go a long way.
Protect your staff and your business from online fraud with virtual cards
We know all too well the damage debit card fraud can have on businesses, so we created our virtual payment cards as a way to help combat this.
Airwallex Borderless Cards can be created within seconds, and you can start using them instantly. This allows you to make payments quickly, thus limiting the chance for their details to somehow be stolen. You can also set your cards for single-use, so as soon as the payment is made the card is rendered useless.
All your card spend details are logged automatically, and you can assign specific payment codes to your cards so you know exactly where your money should be going. We’ve created Borderless Cards to be as easy for you to use as possible, so much so that you’re able to replace your cards regularly, further limiting your chance for fraud to occur.
Airwallex is working towards making managing your finances as safe and secure as possible. Book a free online demo to discuss how Borderless Cards can benefit your business, and hear more about the strategies Airwallex has in place to keep your business finances safe from fraud online.
Our products and services in Australia are provided by Airwallex Pty Ltd ABN 37 609 653 312 who holds AFSL 487221. Any information provided is for general information purposes only and does not take into account your objectives, financial situation or needs. You should consider the appropriateness of the information in light of your own objectives, financial situation or needs. Please read and consider the Product Disclosure Statement available on our website before using our service.