How must you protect your Startup from Online Fraud?
SaaS startups have to put measures to prevent online payment fraud that can significantly affect their revenues. Online fraud is rampant and without adequate detection and prevention measures in place, startups can find themselves with high merchant chargeback fees and possible run-ins with the law. What are the common online payment frauds and how can you prevent them?
Whether your startup is selling physical or digital products, having a robust fraud detection system is crucial to staying afloat. While your payment gateway may have some primary ways of preventing fraud, it is recommended to have an in-house fraud detection team that will countercheck and stop any potential fraud transactions.
Types of Online Fraud
Many startups accept both PayPal and credit card payments on their websites. Unfortunately, these two are the most common abused methods on online payment. Let’s look at the common types of online fraud you are likely to encounter if you accept PayPal or credit card payments.
While PayPal enables customers to make online payments without the need to enter their credit card details, it can be compromised in various forms. Below is an overview of PayPal fraud:
a) Account hijacking
Hackers can get hold of the credentials of active PayPal logged-in users and use their accounts to make fraudulent payments. Since PayPal does not have strict security checks like requiring users to confirm identity details (CVV, street address, etc.) when making payments, attackers can use hijacked account details to make purchases on your website.
b) Payments with stolen credit card details
Since users can make credit card payments through PayPal even without opening an account, this means payments from stolen credit cards can be processed. When the user disputes the fraud payments with their bank, you are likely to incur chargeback fees from your payment processor.
c) Disputes of legit transactions
Sometimes users will pay for product and later dispute the payment on their PayPal account. While this fraud is not related to hacking, it can significantly eat into your revenues. Most of the time, PayPal will side with the buyer unless you can provide proof that you actually shipped an item (e.g. signed shipping receipts). If you sell digital products, you will lose your money in case of a dispute.
Credit Card Fraud
Credit card payment fraud is another setback that you have to put measures to prevent. With credit card fraud, an attacker will try to make payments with stolen credit card details. The fraud can begin from the CVV to the card number and even expiry date.
Most banks and payment processors prevent credit card fraud by checking and comparing all the card details entered during a transaction. However, some gateways will still allow transactions even when some of the details entered are incorrect, and will leave the bank to decide whether or not the transaction should be approved. Other gateways may return false positives on credit card details. All these inconsistencies make it even more crucial for your company to have an in-house fraud prevention unit to reduce the chances of processing fraud payments.
How to Prevent Online Fraud
To stop online fraud, you have to recognize suspicious transactions before they are processed. There are some indicators you can watch to determine the degree of a payment likely to be fraudulent:
1. Check the billing address and the IP of the client PC from where the transaction is originating. Using Geolocation technology, it is possible to know which country a PC is located. If the PC location does not match the credit card billing address, there is a possibility it is a fraud transaction.
2. Flag transactions originating from high-risk countries and manually confirm the credit card details before processing them. For example, Just Host calls customers from high-risk countries to confirm their address as well as credit card details before processing their web hosting services purchase.
3. Transactions that are done using a free email address should be treated with caution. Emails from private domain names are less likely to be used for fraud. Here is a list of free email service providers that attackers are likely to use.
4. Sporadic transactions, especially of large amounts should be scrutinized further. If the customer’s shipping address is different from the billing address, you may want to call them up to confirm the details before processing the transaction.
While all of the above do not indicate absolute scenarios of fraud, it is up to you to put internal measures to determine what risk every element carries and what steps should be taken to confirm the transactions and possibly prevent fraud.
Preventing online payment fraud should be of key concern for all startups. Businesses should take measures to strengthen their security checks to reduce revenues losses from fraud transactions.