Website Merchant Security
OK, so we've talked about how to make your customers feel more secure, but what about you? What about your liability? What about your losses? Merchants and financial institutions are the ones who pay when credit/debit card fraud occurs. According to the August 2013 Nilson Report, this fraud amounted to a staggering $11.3 billion in 2012; card issuers had to cover 63 percent of those losses, while merchants ate the other 37 percent [sources: Kiernan, The Nilson Report]. There are some ways you can keep such fraud to minimum. Here are a few of the best ones [source: Campbell]:
- Keep a record of credit card numbers. If one customer enters five or more different ones, especially in one day, it's likely fraud.
- Make sure your system requires credit cards' security code.
- Watch out for transactions with different billing and shipping addresses, especially if the order asks for expedited shipping. They're not necessarily fraudulent, but often are. If the order is large, try to match the phone number given with the shipping address.
- If the customer is -- or appears to be -- a business, check the Web address (often the last part of the email address is the Web address). If the website doesn't match the information you were given, don't fill the order until you can verify further.
- Check the IP location and credit card address; they should match. Or restrict IP addresses to countries where you ship.
- Watch out for orders that originate, or are to be shipped, out of the country.
- Restrict the number of times someone can enter incorrect credit card information.