Protecting against merchant fraud online
While PCI compliance is a great way to make sure a business is doing certain things correctly in avoiding online merchant fraud, there are other security risks that need to be addressed by every eCommerce website that accepts credit or debit card payment online. Tools such as as antivirus, firewalls and SSL certificates from companies such as VeriSign and GeoTrust can help companies avoid being scammed online, and more importantly, they can help keep customers safe when purchasing from a business.
Michelle Thompson, vice president and fraud/risk officer for FirstMerit Bank, said that security risks will not be going away anytime soon, according to Smart Business Online. She said business owners and employees are doing things that may be putting the company at risk, so they need to get a hold on this as soon as possible.
"Businesses are anxious to sell their product, so they tend to bypass red flags, focusing on making a sale," Thompson told the news source. "Fraud is much more prevalent than many merchants think, or would like to admit. In some cases, it’s glaringly obvious, but in others, it’s very well hidden. Many merchants also don’t understand that a credit card transaction is the same as accepting a check. Many merchants accept cards because the process feels safer and quicker."
She said credit cards carry a much bigger risk, as there's no guarantees in knowing the cash will be coming back. Thompson said a key way to defend is to know the customers, know the employees that are dealing with the customers and educate others on how to stay secure within the business.
Ballistic Merchant Services said there are many ways to help avoid fraud, including bolding displays of fraud notices, analyzing orders that come through very carefully, being sure to have a website that asks for credit card CVV2 verification numbers and expiration dates, and always being cautious of orders coming from overseas or from a free email address. Companies also must be sure to bring in other software or tools to help fight against fraud, such as VeriSign SSL certificates and tools to keep track of PCI compliance.