Six steps to protect your online store from credit card fraud

© svort - Fotolia.com

If you are taking your small business online, it is essential to protect yourself by following best practices and working with a reputable payment gateway. Here are some hints and tips to help you transact safely online with your customers.

1. Know your customer

   In online commerce, you are not certain of who is sitting on the other end of the Internet connection performing the transaction and you do not have sight of the debit or credit card. For all you know, it could be someone who has stolen the card details rather than the card owner. For that reason, you need to take every reasonable precaution to ensure the person you are transacting with is who he or she claims to be.

   Some steps you can take to this end include:

   • Don't ship to PO boxes, but only to physical addresses.
     
   • Use a reputable delivery stream - i.e. a courier that checks identification on delivery of the goods.
     
   • For a customer's first transaction, you could insist on clearing it with the bank if delivery is not to the cardholder's billing address.
     
   • Ask for an ID number and use an ID verification service to check that the ID number actually exists and ties to the name of the cardholder.
     
   • Once customers are registered, you could send a one-time PIN via SMS or email (in much the same way as the banks) when they transact. That gives your customers an extra layer of protection in case their passwords are stolen.

2. Get PCI-compliant or do not store payment details

   Every company that accepts credit card payments must be aware of the Payment Card Industry's Data Security Standards (PCI DSS) - a regulatory framework from the financial services industry. Its requirements include protecting data behind firewalls, encrypting cardholder data, staying up to date with virus protection, and controlling who has access to customers' card details.

3. Comply with 3D Secure for digital payments

   In a brick and mortar store, customers these days need to punch a PIN code in at the point of sale before their card payment is processed. Online, you should use the 3D secure technology from Visa and MasterCard to verify payments.

4. Set a sensible floor limit

   One good way to protect your business and your customers from the threat of big financial losses is to set a sensible floor limit. This refers to the maximum value of a transaction you will allow without calling the bank to verify its authenticity. For example, you might decide that you will not automatically process a transaction of more than R5000 without giving the bank a call first to validate it.

5. Work with reputable couriers

   If you are delivering goods to customers that shop online, you should work with a credible courier company. When delivering expensive items, insist that the courier verify the customer's identification by asking to see his or her green ID book. In addition, the courier must always get the person taking receipt of the goods to sign for them.

6. Monitor chargebacks carefully

   Payments companies (Visa and MasterCard) give cardholders 180 days to dispute any credit card transaction. Verify every chargeback to ensure that customers are not disputing valid transactions. If a chargeback is valid, make sure that the customer has returned faulty or incorrectly delivered goods so that you can limit your losses, another reason why you should know who you are selling to and where they are located.

   Banks and card payment firms tend to protect the interests of the cardholder in the event of fraud. If you accidentally deliver to a fraudster, there is no guarantee that you will recover the loss. That means it is up to you to protect your business against card fraud risks.