Cybersecurity is a buzzword you’ve probably heard. What does it actually mean for independent retailers?
There are two main implications of cyber security that independent retailers will need to be aware of. First, retailers need to have an SSL or Secure Certificate on their website. Second, retailers need to understand card not present transactions and the liability associated with these transactions. These are two main factors in ensuring a secure experience for your customers and reduced liability for your business.
A SSL certificate is the code that makes your website turn from HTTP to HTTPS. Consumers understand that this means your website is safe!
The way a SSL certificate works is very technical. We don’t care about the technical explanation. As a retailer you need to know how it protects your business and your customers.
A SSL certificate creates a secure connection between your website and any place that you send or store information. This means that hackers will not be able to steal information that customers try to send to you through your website. With a SSL certificate on your website users can confidently buy items, send you their name, address and phone numbers without worrying about a third-party intercepting that information. Without a SSL certificate on your website customer information is vulnerable.
In fact, secure certificates are so important that web browsers are making changes to help alert consumers if a website doesn’t have one. For instance, on Google Chrome, a note saying Not Secure will appear next to the web address if there is not an SSL certificate.
Research indicates that consumers avoid unsecured websites. Consumer buying habits are closely linked to online research. An SSL certificate gives consumers one more reason to shop with you.
Card Not Present
When a retailer launches an ecommerce website they are accepting payment online. These transactions are referred to as “card not present” transactions. These transactions are inherently more risky. When a customer purchases a product in a brick and mortar store this is known as a card present transaction. The customer has to present a physical card in order to process the transaction.
With a card present transaction, not only does the customer need to be in possession of the card, but the retailer also gains a level of control. The cashier can ask to see the card, require the card to be inserted into a chip reader or even ask the customer for government issued identification. This is an inherently less risky situation.
With online transactions the retailer loses this control. There is nothing stopping someone with a stolen credit card number written on a piece of paper from making a transaction on your website. Scary stuff!
Moreover, if a retailer accepts a fraudulent transaction on their website they’re on the hook for reimbursing the customer. Since it’s unlikely that the store will be able to recover the inventory from the order that means that the retailer loses twice. Retailers who mistakenly fulfill a fraudulent order will have to refund the revenue to the customer who was scammed and they lose the inventory.
If you choose to sell online as an independent retailer it is imperative that you create procedures for reducing instances of fraudulent transactions on your website.
Tips for Fraud Prevention
The most obvious first step is to pick the right software for your ecommerce site. Some ecommerce software platforms have alerts in built into their systems to alert you if an order is potentially fraudulent. Second, set up your website to be PCI compliant.
Create a checklist to monitor for suspicious activity on your website. For instance, multiple orders placed with different credit cards and all sent to the same address is probably an indication of fraud. Bulk purchases of goods to be shipped internationally by first time customers is also something to look out for. These are just a couple examples. There are numerous ways that scammers may try to create a fraudulent order on your website. It is important to pay attention to each order that happens on your site to look for consistency and weed out any suspicious activity.
If you do suspect an order is fraudulent what should you do? You can always cancel the order, but what if it was actually a real order?
Good news, you’ve likely asked for your customers email address and phone number during the online checkout process. Call them. Call or email your customer to confirm the order. After the phone call, if you’re still not sure. Cancel the order.
Unfortunately, there’s no way to completely eliminate fraud online. Even following the advice in this book cannot completely eliminate scammers from targeting your website. However, thoughtful fraud prevention procedures and a strong PCI compliant software platform will help reduce instances of fraud on your business website.