What can be more frustrating then selling your products to a credit card thief? The lawful owner of the card will likely eventually get reimbursed, but you will be left without your product and with a negative tally on your ledger.
How can merchandisers avoid such a mess? Thankfully, there are steps you can take to help steer clear of fraudulent thieves.
Here are important things you can do to protect your business:
Questions for Your IT Manager
- Before finalizing credit card orders, check in with your processing company to ensure the billing address on the order matches the billing address of the credit card. A lot of smart merchandisers will not even ship the order if those two addresses do not match.
- Check to see if your processor has a secured website where you can quickly examine card information without having to wait for periods of time on the phone. In such a case, you will get a login and password that you can utilize 24/7.
- Become alerted if a customer wants a large, heavily weighted order shipped either express or priority mail. Such disregard for shipping costs can be a tell-tale sign of fraud. So if possible, have your IT person set up a rule in your ecommerce system that flags orders that are greater than X weight or dollars.
- Be wary of any order that does not follow the typical ordering patterns of your customers. For example, if you sell an item that customers usually order in multiple sizes and colors, and you get an order for a large number of just one color, then check into it. Chances are there is something funny going on.
- Program your system to automatically flag orders coming from Western African nations, especially Nigeria, which has become the most infamous of all fraud locales. When it comes to ecommerce, there is nothing wrong with being safe rather than sorry.
Unfortunately, getting stuck with the cost of credit card fraud is really only the beginning of your security concerns. All marketers should also vigilantly keep an eye on whether or not the information on their ecommerce sites is being protected.
After all, nothing will harm an Internet brand's reputation faster than if your customers get their credit card stolen from your site. Furthermore, if you have not done so already, you need to get PCI compliant.
PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by the major credit card companies (as a guideline to help companies and organizations that process card payments) to prevent credit card fraud, hacking and various other security infringements.
Of course, this is an area that makes online merchandisers uncomfortable from the start, and it is not just because of the scariness of it all. A better depiction of these anxieties deals with the fact that this is where the issues become really technical and hard to understand.
But here is a list of questions you can show your IT person. The answers you receive will either make you feel more secure (e.g., more PCI compliant) or alert you that the time for action is now.
- Do we have a firewall installed?
- Is our data protected? How?
- Do we use vendor supplied defaults for system passwords and other security parameters? (This answer should be, "No.")
- Have we encrypted the transmission of cardholder data and sensitive information across public networks?
- Do we use and regularly update antivirus software?
- Do we maintain secure systems and applications?
- Do we restrict access to data by "business need to know?"
- Have we assigned a unique ID to each person with computer access?
- Do we restrict physical access to cardholder data?
- Do we track and monitor all access to network resources and cardholder data?
- Do we regularly test security systems and processes?
- Do we maintain a policy that addresses information security?
For more information on PCI compliance, log onto: www.pcicomplianceguide.org
Entire contents ©2017, Sumner Communications, Inc. (203)
748-2050. All rights reserved. No part of this service may be
any form without the express written permission of Sumner Communications,
Inc. except that an individual may download and/or forward articles
to a reasonable number of recipients for personal,