Six ways to curb e-commerce card fraud | Fin24
 
  • 'Not Honest'

    What you need to know about the scathing ConCourt judgment against Public Protector Busisiwe Mkhwebane.

  • African Foothold

    American multinational PepsiCo has agreed to buy South Africa’s Pioneer Foods for about R24.4bn.

  • Fin24’s newsletter

    Sign up to receive Fin24's top news in your inbox every morning.

Loading...

Six ways to curb e-commerce card fraud

Jan 13 2015 18:12

Johannesburg - Credit card fraud is rampant in South Africa, growing at an alarming rate and merchants absorb many of the risks and losses attached to card fraud, according to Donovan Marais, channel manager at Sage Pay.

This is especially true of the "card not present" transactions in e-commerce - the most risky form of card payment for an SME.

Last year losses due to credit card fraud increased by 23% to R453.9m, according to the latest statistics from the SA Banking Risk Information Centre.

"If you’re taking your small business online, it is essential to protect yourself by following best practices and working with a reputable payment gateway," said Marais.

He offers the following tips:

Know your customer

In online commerce, you are not certain of who is sitting on the other end of the internet connection performing the transaction and you don't have sight of the debit or credit card.

For all you know, it could be someone who has stolen the card details rather than the card owner.

For that reason, you need to take every reasonable precaution to ensure the person you are transacting with is who he or she claims to be.

Some steps you can take to this end include:

- Don’t ship to PO boxes, but only to physical addresses;

- Use a reputable delivery stream – that is a courier that checks identification on delivery of the goods;

- For a customer’s first transaction, you could insist on clearing it with the bank if delivery is not to the cardholder’s billing address;
 
- Ask for an ID number and use a service to check that the ID number actually exists and ties to the name of the cardholder;
 
- Once customers are registered, you could send a one-time PIN via SMS or email (in much the same way as the banks) when they transact.

That gives your customers an extra layer of protection in case their passwords are stolen.

Get PCI-compliant or don’t store payment details

Every company that accepts credit card payments must be aware of the Payment Card Industry’s Data Security Standards (PCI DSS) - a regulatory framework from the financial services industry.

Its requirements include protecting data behind firewalls, encrypting cardholder data, staying up to date with virus protection, and controlling who has access to customers' card details.
 
Comply with 3D Secure for digital payments

In a brick and mortar store, customers these days need to punch a PIN code in at the point of sale before their card payment is processed.

Online, you should use the 3D Secure technology from Visa and MasterCard to verify payments.

Customers will be directed to a secure web page hosted by their bank, where they will need to supply a one-use code they received by SMS or email sent by their bank.

That helps to limit fraud, since the fraudster will need more than the basic credit card information to complete an online transaction.

Set a sensible floor limit

One good way to protect your business and your customers from the threat of big financial losses is to set a sensible floor limit.

This refers to the maximum value of a transaction you will allow without calling the bank to verify its authenticity.

For example, you might decide that you will not automatically process a transaction of more than R5 000 without giving the bank a call first to validate it.

Work with reputable couriers

If you’re delivering goods to customers that shop online, you should work with a credible courier company.

When delivering expensive items, insist that the courier verify the customer’s identification by asking to see his or her green ID book.

And the courier must always get the person taking receipt of the goods to sign for them.

Monitor chargebacks carefully

Payments companies (Visa and MasterCard) give cardholders 180 days to dispute any credit card transaction. Verify every chargeback to ensure that customers aren’t disputing valid transactions.

If a chargeback is valid, make sure the customer has returned faulty or incorrectly delivered goods so that you can limit your losses, another reason why you should know who you are selling to and where they are located.

"Banks and card payment firms tend to protect the interests of the cardholder in the event of fraud. If you accidentally deliver to a fraudster, there is no guarantee that you’ll recover the loss. That means it’s up to you to protect your business against card fraud risks," said Marais.

NEXT ON FIN24X

 
 
 

Read Fin24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Comments have been closed for this article.
 

Company Snapshot

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

FaceApp has been at the centre of a debate on data security. What is your view?

Previous results · Suggest a vote

Loading...