Online Fraud: Protecting Your Small Business

There’s never a better time for criminals to try and invade your privacy than during a national crisis or disaster. Whether it be a hurricane, wildfires, or even a pandemic, online criminals use these vulnerable moments to try and invade your privacy and steal your information. Most susceptible to these attacks are small businesses. While in person fraud is still a very real threat, many small businesses don’t know that online fraud is a greater risk to them and their business. Fraudsters use gaps in security in online storefronts to try and rob not only the business, but individuals as well. Small businesses are at greater risk to these types of attacks for a myriad of reasons, most commonly that they don’t have the resources or tools to combat them from the start. Luckily, the resources and tools they need to put themselves out of harm’s way aren’t all that complicated and are rather easy to use and implement.

“Why Us?”is a common phrase many find themselves saying after they’ve fallen victim to a fraud attack. The answer, while unfortunate, is simple: small businesses just don’t have the resources to safeguard themselves. Many small businesses from the start, feel like that they are too small and unnoticeable to be a target for fraud, and that big box stores are more likely to face attacks. Because of that and their limited resources, they may not be on the lookout for fraud attacks or have a dedicated team to detect and fight against those attacks. So, how do they fight back? What’s the first thing small businesses need to know about fraud prevention? Easy: it’s not about what you sell or what kind of business you run; it’s how you accept payments. Online storefronts are the easiest avenues fraudsters to try and exploit in en masse. One of the biggest methods they use to exploit these sites is one called Card Testing.

If at first you don’t succeed, try, try again. Card testing is exactly how it sounds. Fraudsters use with stolen numbers or card number generators in online storefronts to test their validity. Once they get a hit on a valid card number, they begin to guess the CVV or ZIP code. Those verified working numbers are then sold on the black market for others to use and abuse. What does this have to do with small businesses? The online tools fraudsters are using to verify these numbers are unsecured online stores, and as discussed before, small businesses tend to have the least secured online storefronts. Of all traffic on e-Commerce sites, 22.9% of them are bad bots trying to guess card numbers. When you consider how many online sales are made in a given day, that’s a huge amount of potential fraud. What are you supposed to do to protect yourself?

Should I start panicking and close my online storefronts? Absolutely not! “Panic causes tunnel vision. Calm acceptance of danger allows us to more easily assess the situation and see the options.” Writes Simon Sinek, well-renowned author and motivational speaker. How right he is, because when you take a deep breath and step back, you can begin to see there are many actions you can take to protect yourself and your business. Here’s what you can do:

• Firewalls: adding a firewall to your website and e-Commerce site is a great first step. Firewalls prevent information that is recognized as malicious and prevents it from accessing your site. Information like automated scripts that may be trying to run in your shopping carts to run stolen card data.
• CAPTCHA: Is that a 1 or and ‘I’? A ‘B’ or an 8? While machines are getting better at guessing those kinds of questions, humans always outperform machines on glyph recognition and even more so on object recognition. Using Visual or Glyph CAPTCHA’s on your eCommerce site is a great way to make sure only humans are accessing your site.
• Time-out of user sessions: notice a particular user has been active on your site for a strangely long time? Give them the boot! Most systems give you a setting to time out users and require them to actively log back in and reenter information, kicking out those who maybe shouldn’t be loitering on your site.
• Cross-Site Request Forgery Detection: a more advanced feature that collects data from other websites and cross-references it with a database to determine if someone accessing your site has been flagged in the past, and then kick them out.
• Velocity Filters: These are special filters you can find in your gateway provider settings that allow you to specify how many transactions you want to allow in a given time frame either on your whole site or by user or IP address. You can also set limits like dollar amount filters for a minimum or maximum dollar amount a card can be ran for (for example if the cheapest item in your store is $20, you wouldn’t want to allow transactions lower than that amount.)
• IP Filters: Do you ship and sell only domestically? Do you only service a small region? Filter out folks who may be trying to access your site from abroad or across the country that shouldn’t be. IP filters allow you block entire regions that you know for sure you do not do business with, including IPs that are known to be fraudulent.

Many of these features are available from your payment gateway provider, like PayHub Plus or Authorize.net. Activating are as easy as logging in to your payment gateway provider. At SignaPay, we have always been committed to helping merchants stay safe and secure. If you need any assistance activating any of these features, or want to take advantage of the world-class technology we offer to protect yourself, reach out to one of our team today.