As a UK online retailer you have probably already been victim of some kind of internet fraud – a chargeback, goods ‘never delivered’, or even just an irate customer who has no idea about distance selling regulations.
Here’s a few steps from our digital partner Project Octo that you can take to minimise your risk:
Get the order details correct
Using a service like Postcode Anywhere where users are given suggested addresses base on their postcode means will improve accuracy. This address should perfectly match the address held at the banking institution meaning that typos won’t result in lots of failed/rejected orders.
Make the most of 3D Secure
The majority of payment gateways (SagePay, WorldPay etc) give you the checkbox option to opt into their 3DSecure service (where users must enter an additional Visa/Mastercard password) and increase security. It also shifts the liability onto the gateway/card provider whose role it is to encourage customers to enrol in these schemes.
Check your gateway security settings
Your payment gateway will also have varying levels of security that determine whether or not to accept a transaction. Some businesses want the cardholder name, address, postcode, expiry date and CVV to be perfect; others are happy to let a typo go on an address. It can have an effect on sales, though again using Postcode Anywhere can eradicate much of this problem.
Log the IP addresses of customers
You are perfectly within your rights to log the IP address of the computer used to complete a transaction – and by comparing this IP location to the cardholder address, you can identify misdemeanours. For example, a UK card used on a computer in Romania may flag up questions. IP proxy services can be used by serious fraudsters to hide their identity but for the majority of £50 fraudulent transactions, its an effective reporting tool.
Check cart code can’t be amended
Cheap cart software that uses certain javascript to pass order details from the website to the payment gateway can be intercepted and changed by the serious criminal. So that genuine order for £79.99 appears completed and ready to ship to you, whereas in truth only £9.99 ever hit your bank account.
Control and secure your hosting access
Startup online traders often opt for cheaper shared hosting services, and let all manner of people have access – web developer, staff member, designer, SEO company etc. Not only are the cheaper hosting services more regularly compromised (by other sites on the same server running malicious code), but emailing just about anyone with your server login details opens you up to having malware installed that you might never detect until its too late.
Watch out for unusual orders and trends
Once you have been operational for a while, you will know that you are strong on certain products, to certain locations and people, and you’ll have a good idea of your average order value. Whilst you don’t want to turn away that huge £1,100 order you should tread carefully and do your due diligence.
Check if the customer has ordered before on the same card (perhaps a test £2.79 order?) and if there has ever been any payment gateway flags, a discrepancy between billing and delivery address, or even an unusually boring email address (see later).
Unusual customer details can indicate smoke – and therefore fire
Online traders must remember that you CAN refuse to do business with a customer if you have reasonable grounds (just remember to refund them, and quickly).
If you see an unusual name or email address that you don’t like, Google it, Facebook it and see whether that person exists (people’s digital footprint is growing). If that’s inconclusive and you still don’t like the fact they have used a different billing and delivery address (watch out for PO Box addresses) for their very first order – give them a call. Feel free to use ‘out of stock’ or ‘confirming it wasn’t an error’ as reasons for the delay in order shipment, and get a feel for whether they are genuine or not. Fraudsters will often set up a dead end yahoo/hotmail email address to seem authentic, and their mobile number often rings off to a default voicemail message.
Ultimately it is your decision to trade – check your own published terms and conditions – or refuse and refund transactions.
Get your customer service and returns process correct
Too many customers expect to use Twitter or Facebook as a valid channel for querying or cancelling orders, when often businesses will only check them once a week or month thus getting into Distance Selling Regulations grey territory.
Be clear in your terms and conditions, and returns policies about the correct method for complaints or queries. Given that you have a contract of service to them as well, make sure there is someone to answer the phone line, respond to email messages and deal efficiently with these problems, or your online reputation and repeat business could suffer.
Check your returns policy
For many online traders the legal policies published on the site are cut ‘n’ paste jobs from the internet or a competitors site (we’ve even seen wrong trading names left in!). It might seem an unnecessary expense to pay a solicitor £250 to check your own fine print, but it pays off when 5 customers want to return bespokely made or rarely sold items totalling the same amount in your first year.