Fraud on online shops is growing every year and it’s something you need to concern yourself, make sure you protect your store and also your customers. Every fraudulent transaction on your store will cost you money, once because you have to refund the money and pay the chargeback fee.
“Fraud losses on UK-issued cards totalled £671.4 million in 2018, a 19 per cent increase from £565.4 million in 2017. At the same time, total spending on all debit and credit cards reached £800 billion in 2018, with 20.4 billion transactions made during the year.” Find the report here and other stats.
You have to be proactive in protecting your store and not reactive because the later means you already lost data and money. Sometimes managing fraud and maintaining a positive customer experience might be difficult but not impossible. The more your store grows the higher the chances your store will be a target for fraud.
From an 2018 Experian Global report on fraud and how it affects businesses and consumers.
Keeping your store safe must be one of your priorities to ensure your customers trust, but how do we do that?
Make sure you are on a safe hosting that takes active measures to update and patch the servers, keeping everything up to date. Most of the hacks are done though vulnerabilities in either the machine you are on or the theme or plugins you are using on the website that are not up to date.
Theme and Plugins
Keep your theme and plugins up to date and watch out for security updates all the time for WordPress as well. There have been many problems with well known plugins and themes with major flaws. Blog and blog to keep you up to date.
WAF – Web Application Firewall
Use a WAF like Sucuri or Cloudflare to filter bad traffic, for $20 a month is not much but you get some piece of mind and less load on the server. Most of the hacks are made by bots that scan the internet for websites that have known vulnerabilities that are not patched and infect them automatically. The basic sucuri plugin is free, you can start with that. It’s cheaper to have this tools in place instead of paying for your website to be cleaned by malware which usually starts at around $300.
SSL by deafult
All the traffic on the website must be encrypted, at least with a free ssl that most of the hosts now offer.
If you are using PayPal as a processor they do have some tools to protect you, if you sell tangible items in case of fraudulent transactions you must have Proof Of Shipment and/or Proof of Delivery and you get Seller Protection. Depending on which delivery service you are using this should be fairly easy to get.
If you are selling digital items, unfortunately you are not protected, usually digital items are considered high-risk by merchants and you are more likely to become a target for unwanted parties.
Stripe, Braintree or other Card Payment Processors
Settings to protect yourself on the Payment Processor side:
- CVC/CVV verification – enabled by default
- Zip code validation – enabled
- Ask for more details on the checkout like full address
- 3D Secure – some countries and banks have this enabled by default
- Stripe Radar – “Radar helps detect and block fraud for any type of business using machine learning that trains on data across millions of global companies.” – don’t go overboard with the rules as you will have a lot of false positives, resulting in legitimate transactions being blocked.
Anti Fraud API’s:
Why these work? Great technology and a very large number of transactions are made through them, making it easier to detect patterns, stolen cards and other clues that identify fraudulent transactions.
SiftScience – I’ve used this on marketplace a while back and it worked great, it does add up to the cost but for us was amazing as it greatly reduced the number of fraudulent transactions. It’s used by large shops and merchants, at the moment you would have to be a large store to afford it.
Kount – Great API as well, I’ve tested it but I haven’t used it on a real shop, same as SiftScience or even better because is used by very large customers with millions of transactions per month. It has an integration with Braintree and it starts at $1000/month.
– Seon.io – from $100 a month
– FraudLabsPro – start with Free (we’ve tested this one a while back and the results were not satisfying, but maybe they got better)
– NS8 – from $30/month, seems promising but I didn’t test it, also I don’t like they charge based on hits per month
Anti Fraud Plugins
I don’t like plugins like WooCommerce Anti-Fraud, they seem incomplete and easy to trick also adds some load to the transaction.
A good tool for fake accounts would be this plugin, Validator.pizza, easy to use and free. It detects if users are signing up with disposable email addresses and blocks them.
Cover the basics and you should be ok, simple settings will do wanders without affecting your customers. What do you do to fight fraud in your store?