When the pandemic hit, ecommerce blew up.
With people locked down and with little to do, buying online seemed the only escape. The global ecommerce market jumped to . Customer habits, too, were changing. In one survey, agreed that
But it wasn鈥檛 just the sales that were soaring. And it wasn鈥檛 just the ecommerce industry鈥檚 businesses that were
In just a single year (between 2020 and 2021), : from $17.5 billion to $20 billion. One look at the similarly burgeoning
The bottom line? Ecommerce fraud is something you can鈥檛 afford to turn a blind eye to. After all, it鈥檚 not just a threat to your profits but your brand image. If customers don鈥檛 feel they can pay securely through your website, they won鈥檛 trust you. Once you lose that consumer confidence, it鈥檚 extremely difficult to win back.
Below, we鈥檒l unpack the state of payment security, starting with the most common types of ecommerce fraud. We鈥檒l also offer actionable advice for protecting your customers, your website,
Most Common Types of Ecommerce Fraud
As the world of ecommerce expands and evolves, so too do its villains. So over the last few years, it鈥檚 not only the number of fraudulent
From pharming and account takeovers to “friendly” and “silent” fraud (not to mention
Pharming
Pharming is a type of ecommerce fraud in which fraudsters redirect web users (without their knowledge or consent) to a fraudulent website. This website might look and feel like the one the customer intended to reach, but with a key
Designed only to simulate the original website, its fake counterpart exists for one reason
Chargeback Fraud
Also known as “friendly fraud,” chargeback fraud is when a customer fraudulently attempts to claim a refund by abusing the chargeback system.
A chargeback is a step introduced by banks way back in the 鈥70s to boost public confidence in the credit card (which, at that stage, was a
Let鈥檚 say you鈥檙e off to Santorini for a holiday, and your card is stolen at the airport. By the time you get to Greece, you realize the thief has made $700 in fraudulent purchases on your card. In this situation, you could (quite legitimately) request a chargeback.
The problem? When it鈥檚 not legitimate. Whether maliciously or “innocently” (customers forgetting about a transaction on their statement or a recurring billing cycle), fraudsters can take advantage of the chargeback process to claim money back on totally valid purchases.
The worst part? That, when a chargeback claim is upheld by the bank, the bank then claims the money (along with a fee on top, for their troubles!) back from you. Add that to the stock you鈥檝e already lost to the fraudster, and chargebacks offer an
Identity Theft
Because of popular movies dealing with the subject (The Talented Mr. Ripley, anyone?), identity theft is one of the more
Here, a fraudster falsely assumes another person鈥檚 identity: using their name, personal information, and documents to open credit cards, then hitting the high street.
Beyond the impact on the victim, why is this bad news for your online business? After all, you鈥檙e still selling鈥ight?
Wrong. Think back, for a second, to our Santorini example above. Pretty soon, the person whose identity was stolen will become aware of the litany of fraudulent purchases made under their name
Making up , identity theft is by far the most common type of ecommerce fraud. Plus, fraudsters are also becoming more sophisticated, now using the personal devices, IP addresses, and user accounts of targets to assume their identities, which makes them a threat to be alert to.
Account Takeovers
At some stage or other while shopping online, all our customers have done it. Ticked that box that says “Save My Credit Card Details.” It鈥檒l save them a minute the next time they come back to make a purchase, so it鈥檚 a
Right. Unless that is, a fraudster is able to get their
And when they do? Expect chargebacks from the real customer, leaving your business out of pocket.
Malware and Ransomware
Does your computer keep freezing up? Are there ads popping up everywhere? Do links take you to the wrong destination, or are new icons appearing on your desktop and browser?
If so, you may have inadvertently installed malware (mal = bad, ware = software鈥t鈥檚 bad software) on your device. Even the term “malware” itself includes a range of different malicious code types, each more nefarious than the last. These include spyware, “Trojan Horses,” and
The problem for ecommerce store owners is that malware, whether on your system or that of your customers or admins, can steal sensitive data. That includes the names and address details of your customers, as well as their payment information. If any of that鈥檚 compromised, it won鈥檛 just be profits or data you鈥檒l be losing, it鈥檒l be your credibility.
What鈥檚 more, malware attacks pave the way for an emerging form of ecommerce deception called “silent” fraud. After using malware to illegally access a number of accounts, fraudsters, instead of snatching thousands, hundreds, tens, or even ones, swipe a few cents alone. Done at scale and with regularity, these thefts can total huge amounts of stolen funds. Not so “silent” after all!
Ways to Protect Your Customers
Knowing what the main types of ecommerce fraud are is one thing. But being able to effectively insulate you and your customers from fraud鈥檚 ill effects is quite another.
Below, we鈥檝e rounded up our top tips for helping you, your customer base, and your business remain beyond the covetous clutches of fraudsters.
Safeguard Customer Information
The first way you can protect your customers? Safeguarding their most important details. Here鈥檚 how:
Firewalls
By filtering and monitoring incoming (and outgoing) traffic, firewalls help maintain the security of your website, acting, basically, as a literal wall between your network and the wild, wild West of the internet at large.
Through this lens, firewalls are vital not only for securing your data systems but for maintaining PCI compliance. PCI DSS (Payments Card Industry Data Security Standards) is a set of regulations all businesses accepting credit and debit cards must follow. PCI compliance is a kind of “seal of approval” that shows your customers, regulators, and the wider market that you can be trusted to handle sensitive data.
If you sell online with 黑料门 by Lightspeed, your store is already PCI DSS compliant. 黑料门 by Lightspeed is a PCI DSS validated Level 1 Service Provider. This is the highest international standard for secure data exchanges for online stores and payment systems.
Enable Two-Factor Authentication (2FA)
Ensure 2FA is implemented, so anyone attempting to access your business鈥檚 backend platforms and processes will need to log in through two devices. If you or one of your team members is logging in from a desktop computer, for instance, you鈥檒l also need to confirm the attempt on another device, such as your phone, to gain access.
Other variations include:
Two-step variation (2SV): involves receiving aone-time code or password via email, message, or phone call which you must enter to log in.Multi-factor authentication: a mix of multiple forms of authentication for one of the highest levels of security.
Business owners selling online with 黑料门 by Lightspeed can use their Google or Facebook accounts to sign in to their 黑料门 store. for your Google or Facebook account and thus protect your login information for 黑料门 as well.
If you want to add other team members (like fulfillment staff or a designer) to your 黑料门 store, never share your 黑料门 login with them. Instead, for each user in your store. Staff accounts have separate logins and don鈥檛 have access to your profile and billing pages.
Use a Secure Payment Gateway
If you want to offer your customers the highest level of payment peace of mind possible, a secure payment gateway is a must.
A payment gateway is the tech merchants use to accept credit and debit card purchases: both
黑料门 by Lightspeed is integrated with dozens of . You can choose a payment system that is convenient both for your business and your customers.
More: How to Pick a Payment System For Your Ecommerce Store
Share Advice and Info with Your Customers
One of the easiest ways to protect your customers? Informing them.
Whether through emails, texts, or dedicated sections on your website, let your customers know of the fraud that exists and how they can protect themselves from it. (And help you protect them from it!)
Be sure to clearly lay out:
- How your business greets its customers (so they can spot discrepancies)
- How your business doesn鈥檛 greet its customers, and what it won鈥檛 request (i.e., their login details or to click a link to log in)
- Clear, actionable tips for customers to keep their account details safe (if your business keeps customer accounts)
- How to get in touch if something doesn鈥檛 look right or if the customer has questions
- What security checks you鈥檙e introducing, if any
- How the customer can safely update their details
- What to do if they receive a scam email (i.e., a fraudster posing as your business) and how to report the fraudulent communication
Needless to say, these kinds of comms are vital. Not only do they inspire trust and offer an excellent user experience, but they also help reduce the risk of your customers falling prey to ecommerce fraud.
Remember, too, to make this info as accessible as possible. Your customers might not read their emails or thoroughly read through your website. So the more channels you can publicize this advice on, the better!
Keep Your Site Updated and Conduct Regular Security Audit
Earlier, we analogized the wider internet as a kind of “Wild West”: a frontier state where bandits and lawlessness abound.
Now, while that might be a little on the harsh side, there are plenty of threats out there and myriad methods via which phishers, hackers, and fraudsters can derail your business:
- DoS (Denial of Service) attacks: a hacker attempts to stop users from accessing your site鈥檚 services.
- DDoS (Distributed Denial of Service) attacks: the perpetrator doesn鈥檛 attack you directly but instead uses your site as a “zombie” with which to harm another site. In a DDoS attack, your servers are inundated by requests from a bunch of untraceable IP addresses, crashing your site, and stopping traffic and sales.
- Brute force attacks: here, hackers hit your website with thousands of different password combinations in an attempt to gain access.
- Man in the middle (MITM) attacks: if your customer is accessing your site via a vulnerable network (i.e., public WiFi), hackers can “listen in” to the transaction and use it to extract sensitive data.
- SQL injections and
cross-site scriptings: these attacks exploit vulnerabilities in your site. In an SQL injection, hackers target your forms to gain access to, corrupt and steal information from your site鈥檚 backend. Incross-site scripting, hackers insert malicious snippets of code that steal your visitors鈥 information.
The fact that all these modes of attack exist? That鈥檚 the bad news. The good news, however, is that these hackers are opportunists. They鈥檙e looking for vulnerabilities in your site鈥檚 security and fraud prevention setup. That means, by keeping your site updated and regularly identifying, understanding, and plugging its vulnerabilities you can reduce the risk of a hacker targeting your website and business.
To do this, conduct regular security audits. Assess your site鈥檚 infrastructure for loopholes, exploring the backend and code (including extensions and themes) for anything hackers can exploit. Ensure:
- Your passwords are strong
- Your software is up to date
- Your site鈥檚 (Secure Sockets Layer) certificate is up to date
Speaking of SSL certificates, if you created your ecommerce website with 黑料门 by Lightspeed, you already have an SSL certificate by default.
If you added your 黑料门 store to an existing website, you already have the free SSL certificate for your store. However, the rest of the website is a separate matter. You need to purchase an SSL certificate to protect sensitive information. Learn how to do that in the .
Another way to protect your website is to revise the list of your online store鈥檚 staff accounts and remove the staff members that you do not work with anymore. This way, you prevent hackers from taking advantage of these “back channels” to gain access to your site.
Key Times to Protect Your Website
So, now that we鈥檝e explained what fraud to look for and how to protect your website from it, let鈥檚 look at the
Public Holidays
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and
Christmas, Easter, Memorial Day, Independence
Increased distraction on the part of the customer or
Against this backdrop, don鈥檛 let your business get caught out. Don鈥檛 wait until the next holiday to set your site鈥檚 security up for success, or find yourself scrambling to audit your site mere days before the long Mother鈥檚 Day weekend. Remember that old Chinese proverb?
The best time to plant a tree was 20 years ago. The second best time is today.
Weekends
Hackers tend to target businesses when they鈥檙e most vulnerable and when they鈥檙e closed.
That鈥檚 why weekends, particularly long ones, where public holidays are involved, are ripe opportunities for hackers. Still, that doesn鈥檛 mean you should let your guard down during the rest of the week. Hackers, on average, attack a staggering , so you need to remain vigilant.
Conclusion
As the opportunities of ecommerce evolve, so do its threats.
With so many scaremongering statistics out there, it can be easy to want to put your fingers in your ears, turn a blind eye, and take an “ignorance is bliss” approach.
But this mentality doesn鈥檛 take into account that with those threats come even more exciting opportunities.
To make the payment process safer, easier, more convenient and more consistent than ever before. To build your brand, engender customer loyalty, and boost trust with your audience by showing them that you value their privacy and respect the sensitivity of their data. And, in the process, lay the foundations for your ecommerce business鈥檚 solid, sustainable success.
听
- Data Privacy in Ecommerce: Emerging Trends and Best Practices for 2024
- The State of Ecommerce Payment Security
- How to Use HTTPS Protocol and SSL Certificates to Protect Your Online Store
- Ecommerce Fraud: How to Protect Your Store From Online Shopping Scams
- How To Protect Your Online Store From Cyber Threats
