According to a study by the financial analysis firm Javelin Strategy & Research, some 15 million people lost a combined $16 billion dollars to identity fraud in 2016. This is up 16 percent over 2015’s total losses. The study also found a shift toward card-not-present (CNP) fraud, as point-of-sale transactions have become more secure. This means ID fraud hits online shoppers harder than any other category of consumer.
For this reason, as an ecommerce merchant, it’s time to step up your security game to protect your customers. Most online shoppers are already wary of transmitting sensitive financial data over the internet. If this trend in fraudulent transactions continues unabated, it will eventually debilitate your business.
Here’s what you can do to provide more security for your customers:
Maintain PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) provides protection for customer data. While compliance is mandatory, it has a self-assessment aspect. For PCI DSS to be wholly effective, you must be very rigid in your compliance. If an incidence of ID fraud can be traced to an act of non-compliance on your part, you will be subject to fines and penalties.
Choose Secure Enterprise eCommerce Software
Your software choice can make all the difference in the security of the transactions you process. Avoid open source software, as it is more easily hacked. Some of the best enterprise ecommerce software, like Shopify Plus, is certified PCI DSS compliant. While many of the foremost payment processing solutions also have a security component, make sure all content on your site is secured. This means in addition to your checkout and payment pages, every single page on your site should show “https” URLs.
Go “Overboard” on Security
In addition to the security measures provided by your platform, employ fraud-foiling measures such as Verified by Visa, MasterCard Merchant Fraud Protection, VeriSign and MacAfee Secure to impose a secondary layer of security upon your transactions. As security audits must be conducted as part of your PCI compliance procedures, consider making this a key position in your management team. Dedicate a single individual (for smaller businesses) or a group (for larger enterprises) to focus specifically on security. Ideally, this person will have the ability to probe your site for potential security weaknesses and plug them.
Require Security Codes For All Transactions
The validation of every transaction your site processes should require the submission of the three or four-digit security code found next to the signature panel on the back of every credit card. The only place this number can be acquired is on the card, so hackers who have harvested a list of names and credit card numbers won’t have access to that information.
“Use and Lose” Customer’s Credit Card Data
Yes, “one-click” purchases are more convenient for your customers, but this typically requires you to store their credit card numbers. Don’t do it. Stored credit card numbers are basically eggs in a henhouse waiting for a fox to show up. In situations where you have to automatically charge a card at certain intervals, be doubly sure your storage method is in line with PCI encryption standards. And, never store security codes.
While these five tips are a good start, there is much more you can do to combat ID fraud. Other tactics include requiring tracking numbers for every order, insisting your customers use passwords for every transaction and conducting regular security training for your staff—particularly those in network security and customer service. While ID fraud hits online shoppers particularly hard, it costs your business too. Take every possible precaution to prevent the theft of your customers’ personally identifiable information.