E-Commerce Glossary
E-commerce and small business
terms explained.
Search
Search | Careers | Contact us
Home Small Business Electronic Commerce Frequently Asked Questions Services
A wealth of information
Lupra.com is a non-profit website that contains hundreds of articles about doing business online and many other business-related issues.
... thanks for visiting us, Brian Lupra!
 Internet Security
 Internet Security
 How To Be Web Ready
 Shop Online Safely
 Shopping Online
 Tips for Safe Banking Over the Internet
 Safe Internet Banking - Protect Your Privacy
 The Federal Trade Commission's Approach to Online Privacy
 Privacy Online: A Report to Congress
 Children's Privacy
 Dialing Up to the Internet: How to Stay Safe Online
 High-Speed Internet Access
 Reducing Risks to your Computer
 Spyware
 Securtiy Products
 Privacy: Tips for Protecting Your Personal Information
 Privacy Choices
 Credit Card Fraud Prevention
 Media Ratings Systems
 Avoiding Web Service Scams
 Cramming: Mystery Phone Charges
 Modem Dialers
 International Telephone Scams
 Understanding Identity Theft
 Information Compromise
 Protecting Against Identity Theft
 When a Criminal's Cover Is Your Identity

 

 

Internet Security

SSL Encryption

In order to improve internet security of your site, you should use standard 128bit SSL encryption to encrypt credit card details while they are being transmitted from the customer to the website. 128bit SSL is regarded as bank grade encryption and is the highest level supported by a standard web browser.

Data Security - Deleting Credit Card Numbers

If you are accepting offline payments, it is important that you delete credit card numbers from the server as soon as payments have been processed. This should always be done in order to improve sensitive data security.

Fraud and Disputed Credit Card Transactions

With online stores it is usually the merchant who takes the risk. Because the merchant often does not have proof that a transaction has been authorised, it is easy for customers to have transactions reversed by their bank, without any recourse for the merchant.

Fraud is part of the cost of an online business. Every online business will at some stage experience fraud. The amount of fraud depends on your industry. Every industry has a different risk profile. Fraudulent transactions often have one of these attributes:

  • They are received unexpectedly, or “out of the blue”.
  • The order value is extraordinarily high.
  • The shipping address is located in a high-risk country such as Eastern Europe or South-East Asia.
  • The customer has requested the fastest (and most expensive) shipping option. Freight costs don’t matter to somebody who intends to defraud you, because they don’t intend to pay for the order.

When considering internet security and anti-fraud measures, it is important to strike a balance between risk and returns. In many industries the fraud rate is very low. It may be better to accept a low fraud rate, rather than to implement anti-fraud measures that will turn off a large part of your loyal customer base.

Here are some things that you can do to detect and prevent fraud:

  • Know your customers. If you are suspicious, call the customer to confirm that an order is genuine.
  • Log the IP address of the server from which the order was placed. There are some sites that allow you to do a reverse lookup of the IP address to see what country (or even state) the server is located in. For example, if you found out that the server was located in Moldavia, but the credit card comes from a customer who is located in the United States, then the order would be suspicious.
  • Make sure that all order details match. For example, does the area code of the phone number match the city to which the order is to be shipped?
  • If possible, ship the order by registered post. If the credit card transaction is later disputed you will at least have proof that it was shipped and accepted. Again, it is a matter of striking a balance. If registered post is significantly more expensive, it might be better to accept a slightly higher fraud rate in return for a significant cost reduction when shipping by standard mail.
  • For high-value items, ask for a bank cheque or payment by direct deposit. This may also be a good strategy if you suspect an order to be fraudulent. Genuine buyers normally don’t mind to negotiate about the payment option. On the other hand, if you never hear from the customer again, the chances are that he was a potential fraudster.
  • Ask the customer to send through a signed copy of the order by mail or fax.
  • Some payment gateways support additional anti-fraud measures:
    • Requirement to enter the CVV value of your credit card. For Visa, MasterCard and Discovery this is a 3 digit number that appears on the right of the card number at the back of the card. For American Express cards, this is a 4 digit number that is printed above the card number.
    • Validation of the customer’s address by comparing the order’s shipping address with address of the credit card account holder. In some countries, such as Australia, this option is not available because of privacy laws.
    • The payment gateway company may maintain a database of cards that have frequently been used for transactions that have later been charged back. In high-risk industries, it may be an option to reject these transactions automatically.

Employee fraud is another common problem. With your website, you should be able to lock down the permissions of each user. It is recommended that you assign each user only the required permissions.

 
Home  |  Small Business  |  Ecommerce  |  Glossary  |  Country Information  |  Network Marketing  |  Internet Security  |  Intellectual Property
Business Immigration  |  Equal Opportunity  |  Occupational Safety and Health  |  Marketing and Advertising  |  Industry Information
Copyright © 2004 All rights reserved.

Disclaimer: This website is not intended to provide professional advice or be a substitute for professional advice concerning specific questions or situations. It is our intent to provide general information for educational purposes only. If you have a specific question or situation, we strongly recommend that you seek advice from a properly qualified professional such as a lawyer or accountant. While we take reasonable care, mistakes can happen and we cannot guarantee the accuracy of information on this website. Furthermore, laws are constantly changing and information on this site may not be 100% up-to-date. Laws also differ from country to country and even from state to state. It is thus imperative that you do not rely in information presented on this site, but always check with a qualified professional.