Build Your E-Commerce Store: Detecting + Preventing Fraud


This is our fifth installment in the “Starting Your E-Commerce Store” series. Check out the intro here, part two (on payment gateways and merchant accounts) here, part three on building a better shopping cart, and part four, on converting window shoppers.

Your e-commerce site just started, and it’s already going great. Orders are pouring in from around the globe, and you’re shipping out product as fast as you can. You’ve been surprised—and delighted—by your success, and everything seems to be going smoothly.

Two weeks later, and it’s a different story. You realized that many of the orders you received were fake, and now you’re getting email after email notifying you that you need to pay extra fees for your failure to know that half of your international customers were actually scammers. You’ve had your first experience with e-commerce, and it’s been a bad one.

Fraud can ruin even the most promising e-commerce site, but you can avoid most fraud by adopting a few best practices. Here are some tips that will help you detect—and prevent—fraud.

Be PCI Compliant

Preventing fraudulent payments on the Internet is hard work, which is why you’ll want all the help you can get. Fortunately, you’re not alone in your struggle to fight against scammers, frauds, and hackers. The Payment Card Industry (PCI) is an organization that was created by the major credit card companies to establish standards for secure financial transactions online. As part of their efforts to fight fraud, PCI developed the PCI DSS (Data Security Standard), a set of requirements one has to adhere to in order to be trusted with credit card data.

If your e-commerce site is PCI Compliant, you’ll be helping to ensure that your customer’s credit card data is safe and you’ll do your part to keep credit card data from being leaked and being used to make fraudulent purchases from folks like you. In addition, some of the steps you have to take in order to be PCI Compliant, like setting up a SSL Certificate, will help your customers be assured of your identity and that it’s safe to purchase with you.

Use Protection

There are steps you can take to protect yourself from getting a fraudulent payment in addition to contributing to the general safety standard on the Internet by being PCI Compliant. You can add automated fraud protection services, which will flag payments that seem suspicious. For example, MaxMind’s minFraud service analyzes each transaction by looking at such information as the IP address it originates from, and the associated email address, device, and, if used, proxy service. After conducting this analysis, it gives it a risk score, which allows you to decide whether to deny the sale or inspect the transaction more closely.

By using an anti-fraud system, you’ll automate much of the work of detecting fraud and won’t be lulled into accepting an order that is bound to end in heartache.

Check Orders Yourself, and Use Common Sense

Most of the time, you want to use services that will automate the annoying things about running an e-commerce store. But with payments, it’s sometimes better to check them out yourself, and use your common sense. For example, you can check the address of a purchase using Google Maps, and fraud the purchase if the address seems fishy. Or you can call the customer on their phone and confirm that they’ve made the purchase. While this labor can be exhausting, it’s better to do it now and save yourself the trouble, and expense, of returning orders later.

Despite your best efforts, you’re likely to encounter some fraudulent orders on your e-commerce site. But if you make your store is PCI Compliant, uses automated fraud detection services, and manually checks large and fishy orders, you’ll stand a good chance at reducing fraud. After all, you want to focus on growing your business, not protecting it from the scammers.