Fraud practices follow the money. As online business and internet retail continues to expand rapidly, fraudsters hone and refine their practices and find new ways to exploit online businesses. Smaller businesses have a higher fraud rate than larger companies, due largely to an inability to spend the time or money to invest in the smart risk mitigation procedures utilized by larger companies.
So, what can you do to protect your company and your customers?
- Know what type of fraud you face
The types of online fraud that any business owner needs to be aware of include the following:
- Credit and debit card fraud
- Identity theft
- Mobile phone transaction fraud
- Online advertising fraud
- Delivery address fraud
- Carousel fraud and similar cross-border fraud
- Malware that steals customer data
You can protect your customers and business best if you understand the threats, as once you’re aware of the threats your business faces, you can tailor risk assessment and mitigation strategies to address any potential threats and associated vulnerabilities.
- Always check the credentials of new customers
Use a smart electronic identity verification process so you can eliminate fake or stolen identities. This is Trulioo’s area of expertise, but it’s also a prudent practice for any business with online transactions. Smart identity verification solutions have specific features: they can be integrated seamlessly into existing processes and they verify an identity by comparing your customer’s provided contact information and documents against reliable data sources to ensure that accounts are opened by known and trusted people.
- Check credit card information against the Industry Hot Card File (IHCF) and/or Address Verification Service (AVS)
If you are in the UK, you can sign up to use the IHCF, an electronic file with the records of cards that have been reported as lost or stolen. Once you have subscribed, any card you use is automatically checked against the file, which is updated continuously. This service currently only collects UK-issued cards, but the Address Verification Service is more widely available.AVS is an available service provided by leading payment companies, including Visa, MasterCard, Discover, and American Express, that examines the customer’s address information during the card authorization process. AVS checks the address and returns an approval, exception, or decline code, which you can use it to determine your next steps. View code information here: https://www.chasepaymentech.com/address_verification_service.html
- Invest in secure IT infrastructure
How confident are you in your firewall? Do you have anti-virus, malware and spyware detection software? How do you manage software updates? What are your data back-up practices?In today’s increasingly threat-filled online environment, all business owners must invest in securing their IT infrastructure so as to protect that data contained therein. The utilization of a strategy of defence in depth is a prudent foundation for one’s IT security practices. Employing such a strategy involves ensuring that a layered defence is in place, allowing for the prevention, detection, and containment of security issues at both the network and host levels. For instance, having a hardware firewall on a network is a good first line of defence, but employing software firewalls on all computers in addition to this first line of defence greatly enhances one’s security posture.Many resources are available online to help businesses secure their IT infrastructure; however, for those businesses without staff dedicated to the task, consulting with experts is often the wisest course of action.
- Use only the appropriate services and software for financial transactions or other sensitive processes
There are multiple steps to securing financial transactions that range from simple to incredibly complex. To start, make sure that you utilize checkout pages secured via HTTPS. You can also improve security by using a dedicated machine for online financial transactions.Many businesses choose to use an external payment processing solution for part or all of their financial transactions. Only work with companies with solid reputations and talk with them about their security protocols and features. Do they have a secure data centre? Are they PCI, SAS70, or HIPAA compliant? Do they have an annual audit by a Qualified Security Assessor? Ask questions, so that you feel confident that you’re working with the right company.
- Schedule recurring risk assessments and fraud prevention checkups
Technology changes quickly. Business functions evolve, new technologies emerge, and new threats appear, so your security controls will become inadequate over time. This necessitates the regular and periodic reassessment of the appropriateness and effectiveness of your systems and processes. Helpful resources include the National Institute of Standards and Technology’s Guide for Conducting Risk Assessments, and the Association of Certified Fraud Examiners (ACFE).
- Educate Your Staff
Employees can be an excellent line of defence or your biggest vulnerability. Make sure that you hold regular discussions about the security threats and safety protocols associated with your business so that they have the knowledge to do their part in maintaining the security of your business systems and information. Educate employees about how to handle confidential information and what to look for in terms of cyber threats.
If you have any question about identity fraud or identity verification processes, contact Trulioo to talk with one of verification experts. We want businesses to save money, protect themselves, and improve business client relationships.