Default HubSpot Blog

Current Articles | RSS Feed RSS Feed

How to set up an eCommerce Site | Protect your customers and business

Posted by Alex Neir on Fri, April 19, 2013 @ 11:13 AM
Protection From Hackers
When setting up an eCommerce site for your business, security is the most critical component. It’s well documented that selling products and service online can increase revenue. It’s also becoming imperative to have an ecommerce presence if you want to stay competitive. That being the case, how do you set it up to protect your customers and your business?

Customer credit card security is important if you want to retain customers and protect your business. The first major vulnerability for an ecommerce site is the checkout page where the customer’s credit card information is collection and transmitted. At an absolute minimum you need to have your checkout page hosted on a secure server.A secure server is evidenced with a URL that starts with HTTPS:// and not the traditional HTTP://.

Secondarily, it’s a good idea to invest in an SSL or certified secure server page. Both the secured server and certified SSL will be offered by your hosting company and can easily be set up. A certified SSL comes with a certificate that customers can validate the encryption services and security of your website. Securing your checkout page limits the risk of your customer’s credit card information being stolen by identity thieves and therefor limits your liabilty.

A second and an increasingly apparent vulnerability for ecommerce sites are credit card validation procedures. It is a good idea to validate customer credit card information on as many fields as possible. Now there is certainly a balance here as you don’t want to force your customers to enter too much data at checkout, however to few and you open yourself up to fraud. Here are the minimums suggested.

  • Name
  • Billing Address
  • Billing Zip
  • Credit Card Number
  • Expiration Date
  • CVV Code

If you do not capture the CVV code at the time of checkout you waive your rights to fight charge backs initiated by the customer. Additionally, if you do not validate the credit card credentials you open your business up to liability from credit card testing programs. A credit card testing program is a computer generated attack on your website in which credit card numbers are tested to see if an authorization can be acheived. It is not uncommon for credit card testing programs to run 100,000 credit cards on your website overnight. The unsettling part, your business is liable for the transaction charges for the attempted authorizations.  100,000 attempted authorizations at $0.08 per transaction comes out to be $8,000 in transaction charges, over night.

Next, it is a good idea to choose a trusted merchant service provider that has tools to help limit your exposure to cyber-attacks. Let’s face it, more online business means more online criminals. The most common cyber-criminals are those attempting to steal credit card numbers to then purchase items with the stolen card numbers. How can you protect against these types of attacks?

Choose a merchant service provider that offers fraud protection tools

Fraud protection tools are cheap insurance against cyber criminals. The right tools can make the difference between a successful online presence and being put out of business. Fraud attempts can be eliminated with a rules based fraud detection application that examines each transaction before it is processed. Here are some examples of the rules that can be set up.

  • If a daily, weekly or monthly number of transactions or total dollar amount is exceeded. Flag transaction for review or auto decline
  • If a user tries a credit card X number of times, flag or decline
  • If the first XXX digits of a credit card are attempted, flag or decline
  • If daily, weekly or monthly number of transactions or total dollar amount attempted from a single IP address or block of IP addresses, flag or decline
  • Ban a single IP address or blocks of IP addresses
  • Ban specific credit cards
  • Ban geographic areas

Last, make sure your customers know the effort you have made to protect them and their credit card information. By taking the appropriate steps to protect your customers you are laying the foundation for a very successful online presence.

Tags: Ecommerce, Best Practices, Fraud Protection

Authorize.Net Phishing Scam | Beware

Posted by Alex Neir on Thu, September 06, 2012 @ 01:44 PM
Authorize.Net Scam
Authorize.Net, a leading payment gateway provider has recently released a statement pertaining to a phishing scam that is currently in circulation via email.

The subject line for the fraudulent email is “Successful Credit Card Settlement Report”. The email explains that the business’s online service has expired and must be renewed immediately or service will be cut off.  The email asks for the business to verify the account and to renew. A link is provided to login to the Authorize.net account.

Following the link and providing the login name and password is what the scam is after. Once that information is provided the scammer then has access to the business’s Authorize.Net account and can cause damage.

It is vital that this email not be responded to and that the attempt is reported to Authoriz.net. If you or any of your employees have responded to the email please contact Authorize.net immediately to determine if any fraudulent activity has been made.

As a general rule, never respond to email requesting information pertaining to sensitive information. It is best to contact the company that appears to have sent the email to verify the authenticity of the communication. 

Tags: Credit Card Fraud, Fraud Protection, Fraud Alert

Master Card Fraud Alert

Posted by Alex Neir on Tue, June 05, 2012 @ 11:24 AM
Master Card Fraud Alert

Master Card has announced a fraud alert. If you have received a “Master Card Security Alert” via email asking you to preform a credit card test transaction, please call Master Card immediately.

Apparently the criminals are asking unsuspecting businesses to conduct a credit card test in which the details of the transaction are to be sent to an email address that is not associated with Master Card. The intent is to acquire merchant transaction information in order to complete fraudulent transactions and refunds using stolen credit card information.

You should never receive an unsolicited phone call, email, social media request or fax request from Master Card. If you are contacted by someone that claims affiliation with Master Card, please do not respond and report the inquiry to Master Card at [email protected].

Tags: Credit Card Fraud, Fraud Protection, Master Card Fraud Alert

FINALLY – Chargeback Fraud Leniency for Merchants

Posted by Alex Neir on Tue, December 07, 2010 @ 01:41 PM
Chargeback dishonesty
Issuing banks have finally begun to side with merchants over chargeback fraud commonly called ‘Friendly Fraud’. Friendly fraud is the practice of a consumer making a purchase and then claiming that “it wasn’t me” in effect stealing from the merchant and bank.

It has been reported by Lexis Nexis that nearly 23% of fraud losses reported by merchants are a result of friendly fraud. As the economy continues to correct the prevalence of this type of fraud is likely to increase. The main reason – it’s easy to commit and get away with.

Most banks advertise that fraudulent charges will be hassle free with zero liability for the consumer. However, the increase in friendly fraud is forcing issuing banks to look into claims in much more detail.  When the consumer claims fraud they call their credit card issuing bank and claim they did not make the purchase in question. At that point the chargeback process begins.

The chargeback process is the banks evaluation of the claim to determine who is telling the truth. Both sides present their evidence and a re-presentment is issued in which the result is rendered. Some banks are now requiring consumers to provide notarized affidavits pertaining to the claim. If the consumer wins, the money is refunded to the consumer and revoked from the merchant. If the merchant wins the money is awarded to the merchant. According to Julie Fergerson at Ethoca.com, a fraud prevention firm, banks are siding with merchants much more often lately.

In addition, according to the annual Merchant Risk Council survey, the “win” rate for merchants is up 14% from 3 years ago.

How Can You Protect Your Business From Friendly Fraud?

  1. Always get a signature for the purchase
  2. If your business is shipping products,  require a signature upon delivery

Tags: Chargebacks, Fraud Protection, Friendly Fraud