The small business guide to preventing online fraud

The small business guide to preventing online fraud
Tips for stopping online fraud

Research carried out by National Fraud Authority (NFA) and the Department for Business, Innovation and Skills (BIS) has revealed that a quarter of all small businesses have suffered some form of Internet based crime in the past year.

Home Office Minister for Crime Prevention Jeremy Browne said: "For too long online fraud has been seen as a victimless crime or simply a cost of doing business in an internet age, but left unchecked it can cost people their livelihoods."

The types of online fraud that small business owners need to be aware of include:

  • Credit and debit card fraud.
  • Identity theft.
  • Mobile phone transaction fraud.
  • Pay-Per-Click (PPC) fraud from online advertising such as Google AdWords.
  • Delivery address fraud.
  • International purchasing fraud.
  • Pharming fraud where customers are directed to a bogus website.
  • Malware that attempts to collect credit card information from merchants' online businesses.

Cybercrime can take many forms, but for online merchants being vigilant regarding the transactions that move through their online stores is vital to ensure that fraud it kept to a minimum.

Smaller businesses can often be unaware of some types of fraud. A good example is Pay-Per-Click fraud that could cost your business a great deal of money as each click on your ad is charged to you. The bogus ad also redirects the ad to the criminals' website depriving your small business of a potential sale.

Combating online fraud in your small business

As the Internet has continued to expand as a retail channel, so fraud has also expanded to exploit online businesses. Whether your enterprise has an online department or is a completely e-commerce based operation, there are a number of steps you can take to protect your business from online fraud:

  • Always check the credentials of new customers. This is particularly important if they are placing large first orders with your business.
  • Are the goods being ordered of high value that can be easily re-sold? This could indicate a fraud especially if multiple quantities of the same item are being ordered.
  • Is the delivery address valid? Fraudsters will often try and get businesses to deliver to bogus addresses. PO Boxes should always be avoided.
  • Check that the debit or credit card is not stolen. Also, is the purchaser the actual cardholder?
  • Is the customer trying to split the cost of their order over several cards? This could indicate that the cards are stolen.
  • Quiz a suspicious customer about their past orders if you think they could have stolen one of your regular customer's identity.
  • Are orders from parts of the world your business doesn't normally sell to?
  • Businesses that trade with other organisations should be aware of counterfeit invoice fraud.
  • Always keep the firewall on your systems fully up to date to avoid customer details being stolen.

As most of the fraud that takes place is where the customer's card is not present, it's vital that your business has systems in place to identify potential fraudulent transactions. Answering 'yes' to any of the above questions doesn't automatically mean a fraud is taking place, but it does mean that that you should take a closer look at these orders before they are processed.

Fraud is also a danger if your company is in the B2B sector. All of the above rules apply, but in addition your business should do all it can to confirm the identity and commercial solvency of the business, before it enters into a commercial agreement with a partner. Invoice fraud now accounts for - in some extreme cases - the loss of millions of pounds. Invoices sent via email should be particularly scrutinised to ensure they are genuine.

There are a number of card payment security systems that can offer a level of protection and your business should use these systems, as they can offer a practical solution to card not present fraud. The current systems include:

Using the Industry Hot Card File to prevent fraud

Online retailers should also use the available data that can help them identify stolen credit and debit cards. Called the IHCF (Industry Hot Card File) over six million stolen cards are listed. In 2011 alone, using the IHCF prevented 463,000 of attempted card frauds. Over 60,000 UK retailers now use the file to automatically check against their card transactions.

An additional system that is ideal for online businesses is the automated address verification services (AVS) coupled with the card security code (CSC) system that all businesses could use. The system allows them to verify the billing address of a cardholder and crosscheck the security code on the signature strip of the card.

There are many types of online fraud that your business could fall foul of. The good news is that your business isn't powerless to act. As online retailing has grown so have the systems to combat each type of online fraud. And it seems to be working with Financial Fraud Action UK stating:

"Total fraud losses on UK cards fell by seven per cent between 2010 and 2011 to £341 million. This is the lowest annual total since 2000 and follows on from a fall of 17 per cent in the previous year. Whilst card usage and transaction volumes continue to grow, card fraud losses against total turnover – at 0.06% – continue to decrease and have now fallen by 33 per cent in the past two years."