Share

Six ways to curb e-commerce card fraud

Johannesburg - Credit card fraud is rampant in South Africa, growing at an alarming rate and merchants absorb many of the risks and losses attached to card fraud, according to Donovan Marais, channel manager at Sage Pay.

This is especially true of the "card not present" transactions in e-commerce - the most risky form of card payment for an SME.

Last year losses due to credit card fraud increased by 23% to R453.9m, according to the latest statistics from the SA Banking Risk Information Centre.

"If you’re taking your small business online, it is essential to protect yourself by following best practices and working with a reputable payment gateway," said Marais.

He offers the following tips:

Know your customer

In online commerce, you are not certain of who is sitting on the other end of the internet connection performing the transaction and you don't have sight of the debit or credit card.

For all you know, it could be someone who has stolen the card details rather than the card owner.

For that reason, you need to take every reasonable precaution to ensure the person you are transacting with is who he or she claims to be.

Some steps you can take to this end include:

- Don’t ship to PO boxes, but only to physical addresses;

- Use a reputable delivery stream – that is a courier that checks identification on delivery of the goods;

- For a customer’s first transaction, you could insist on clearing it with the bank if delivery is not to the cardholder’s billing address;
 
- Ask for an ID number and use a service to check that the ID number actually exists and ties to the name of the cardholder;
 
- Once customers are registered, you could send a one-time PIN via SMS or email (in much the same way as the banks) when they transact.

That gives your customers an extra layer of protection in case their passwords are stolen.

Get PCI-compliant or don’t store payment details

Every company that accepts credit card payments must be aware of the Payment Card Industry’s Data Security Standards (PCI DSS) - a regulatory framework from the financial services industry.

Its requirements include protecting data behind firewalls, encrypting cardholder data, staying up to date with virus protection, and controlling who has access to customers' card details.
 
Comply with 3D Secure for digital payments

In a brick and mortar store, customers these days need to punch a PIN code in at the point of sale before their card payment is processed.

Online, you should use the 3D Secure technology from Visa and MasterCard to verify payments.

Customers will be directed to a secure web page hosted by their bank, where they will need to supply a one-use code they received by SMS or email sent by their bank.

That helps to limit fraud, since the fraudster will need more than the basic credit card information to complete an online transaction.

Set a sensible floor limit

One good way to protect your business and your customers from the threat of big financial losses is to set a sensible floor limit.

This refers to the maximum value of a transaction you will allow without calling the bank to verify its authenticity.

For example, you might decide that you will not automatically process a transaction of more than R5 000 without giving the bank a call first to validate it.

Work with reputable couriers

If you’re delivering goods to customers that shop online, you should work with a credible courier company.

When delivering expensive items, insist that the courier verify the customer’s identification by asking to see his or her green ID book.

And the courier must always get the person taking receipt of the goods to sign for them.

Monitor chargebacks carefully

Payments companies (Visa and MasterCard) give cardholders 180 days to dispute any credit card transaction. Verify every chargeback to ensure that customers aren’t disputing valid transactions.

If a chargeback is valid, make sure the customer has returned faulty or incorrectly delivered goods so that you can limit your losses, another reason why you should know who you are selling to and where they are located.

"Banks and card payment firms tend to protect the interests of the cardholder in the event of fraud. If you accidentally deliver to a fraudster, there is no guarantee that you’ll recover the loss. That means it’s up to you to protect your business against card fraud risks," said Marais.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.02
-0.6%
Rand - Pound
24.01
-0.5%
Rand - Euro
20.52
-0.3%
Rand - Aus dollar
12.35
+0.0%
Rand - Yen
0.13
-0.6%
Platinum
900.40
+0.4%
Palladium
998.40
-0.3%
Gold
2,211.77
+0.8%
Silver
24.64
-0.0%
Brent Crude
86.09
-0.2%
Top 40
68,114
+0.6%
All Share
74,310
+0.5%
Resource 10
56,946
+2.3%
Industrial 25
103,653
+0.4%
Financial 15
16,467
-0.3%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders