Selling online: How to prevent online fraud

So you’re ready to start selling online, however you’ve read and heard everywhere that selling online is a huge risk because of online fraudsters… well that’s absolutely true.

However, there are also scammers taking advantage of real-life commerce transactions! You can open a bricks and mortar store to sell goods and still face a fake bill, a bounced check or a stolen credit card. So just as you would do in a “real life” store, there are some things to look for and some security measures that you can take to conduct safe commerce online.

Step 1. Assess your true risk level.

There has always been a higher risk selling services or intangible products than selling tangible products. The explanation is very simple, with a tangible product you need a ship to address and therefore you know where to reach or locate your customers. With intangible products (like domain names, software, memberships) or services, it’s very easy for a scammer to sign up or fill the purchase forms stating that he/she lives in one country and actually be sitting somewhere else.

There’s also a higher risk when selling intangible products or services that may lure minors or that would attract people to try to get them for free. This is very common in the porn industry, a lot of minors are looking for stolen credit card details to purchase memberships and gain access to adult oriented websites, or people that just want to “protect their privacy” by avoid using their real credit cards to purchase such memberships.

Here’s a very simple questionnaire that we use to measure the real risk while developing an e-commerce project for our customers:

Q1. Is your product tangible or your services rendered “in-person” to your customers?

a) Yes

b) No

Q2. Will you be selling your products/services to people from other countries?

a) Yes

b) No

Q3. Will you accept credit cards or 3rd. party payment processors?

a) Yes

b) No

Q4. Would your customers publicly and proudly announce/admit that they have purchased your products or hired your services?

a) Yes

b) No

Q5. Is your product designed for (or would it lure) minors to sign up for it without their parents permition?

a)Yes

b)No

Q6. Do your customers have to come back to your site in order to keep using the service, receive product updates or confirm information so that the product can be shipped to them?

a)Yes

b)No

Score:

Q1. a=0 b=3

Q2. a=2 b=1

Q3. a=1 b=3

Q4. a=1 b=3

Q5. a=3 b=0

Q6. a=1 b=0

Results:

15 Very risky

10-14 Risky

7-9 Average

3-6 Low risk

Step 2. Select the right payment processors

When you’re starting a new online venture, it’s wise to use a 3PPP or 3rd party payments processor, as most of them already have advanced fraud screening mechanisms that will save you a lot of headaches.

Even if you’ll only accept cheques/checks and money orders, you can still be a victim of online fraud. A customer may sign up for your services or buy a product and then claim that he never received it. Make sure that the payment processor you’ll be using allows the sale or re-sale of the products/services you’ll be offering. Also make sure that even if there’s a chargeback or any other kind of fraud-related issue, they won’t charge a high fee for it.

Most payment processors have a “dis-allowed/banned/prohibited products list” where you can find the most risky products and services and why they don’t allow it. There are also payment processors that specialize in serving such niches, they will have higher setup fees, higher comissions and longer reserve periods.

Step 3.  Another fraud prevention system isn’t too much.

According to your risk level, you may use as many fraud detection/prevention systems as possible. The most common and easy to set up are:

1. Geo-IP checking: Make sure that your customer is connecting to your website from the same city/state/country that he’s stating as his address.

2. IP logging: Keep a log of every single IP that hits your “order now” pages.

3. Captcha images: Those images with letters or numbers that the user has to copy over a text field. This tools prevent automated systems that will keep trying to force a stolen/false credit card.

4. Session checking: Make sure that the user that’s filling the payment details form is the same one that started the sign-up/buy process. This will be useful because will prevent users from hijacking sessions.

5. Password protection: Keep all your sensitive information password protected using .htaccess files.

6. SSL: Even if your customers won’t be entering credit cards information directly into your site, it’s always wise to serve every form that gathers personal information through a secure connection, so eavesdroppers have a hard time trying to sniff data.

Here are some more advanced mechanisms.

7. Phone verification. If possible try to verify by phone every order/signup. Get a database of mobile assigned numbers so that you can make sure that you’re calling a home/work phone number. There are automated systems that do this in real-time.

8. E-mail verification: If you’ll be collecting e-mail addresses from your customers, send them a verification email that has proves that the email address used is valid and actually belongs to them.

9. Free e-mail ban: Ban e-mail addresses from major free email providers (like Hotmail, Gmail, Yahoo, etc.) most scammers will try to use a free email address that provides some anonymous features.

Hope this helps you when starting your online venture. Online fraud is a pain in the butt, and every single company/person that sells something online is exposed to it, however if we all work together and make it almost impossible for scammers to rip us off, sooner or later they’ll run out of resources and will have to get a job to earn some money to spend online.