Iconic broadcast journalist and Nightline anchor Ted Koppel recently proclaimed that cybersecurity is one of the greatest threats facing the world.
“We are arguably facing more dangerous threats than we ever faced before,” he told attendees of a recent retail-industry conference, “with a more difficult conundrum confronting whoever the next president of the U.S. is going to be.”
These dangers lurk for institutions beyond government. Online security for e-commerce sites-and combating online fraud-is an increasingly critical component of the retail industry. This is particularly relevant to e-retailers serving global markets.
We briefly spoke with Eric Watson, a Global Online Strategist for MotionPoint’s Global Growth team, about the topic.
“Fraudulent orders are a very real worry for global e-commerce retailers,” Eric says. “The amount of fraudulent orders can vary wildly from market to market. This means companies that offer their products abroad must be able to identify and deal with these orders in a sustainable way.” Many African and Latin American countries are often singled out as being hotspots for fraudulent online activity. But this activity is far from rare in Europe and the U.S., Eric says.
How can companies protect themselves from online fraud and other security risks? For starters, make card verification value codes mandatory for transactions, Eric says. "This is the three-digit 'CVV' code on the back of the card that ensures that the person entering the information on your website does have physical possession of the credit card," he explains. "This goes a long way to mitigate the risks of people using credit card numbers that they have digitally stolen."
And speaking of credit card numbers: never store them, Eric says. One of the best ways to do this is avoid using offline credit card processing as a payment option. This allows merchants to manually process credit card orders later. Those fully-readable card numbers are risky to keep, even if you intend to delete them later (as you're obligated to do).
In fact, don’t store any sensitive data, advises one expert. “There is no reason to store thousands of records on your customers, especially credit card numbers, expiration dates and CVV2 codes,” he told CIO.
Another method to avoiding fraud is to require that cross-border customers’ delivery addresses match their billing addresses, Eric says.
"This isn't a fool-proof solution, since some consumers may have recently moved, or are ordering a gift for delivery to another address," he admits. "These exceptions often persuade most companies to ignore this recommendation. But we believe you turn on this sort of feature. So how do you go about doing this without alienating consumers? This segues to our next point: leverage your data to protect your business."
Indeed, there are many aspects of e-commerce orders that companies can examine to better inform its security decisions. "Unfortunately, for a company seeking to expand internationally, simply blocking orders from entire countries or international orders in general-as a significant amount of retailers do-may not be viable," Eric says. "Proactively managing a multitude of signals is critical for ecommerce companies operating internationally."
Some data points to examine include:
- Has expedited despatch been selected? Does this exceed or nearly match the value of the order itself? ("This is highly suspicious and could indicate someone planning to initiate a 'chargeback' fraud," Eric says.)
- Does the e-post address appear to be associated with a reputable e-post provider, or is the name following a logical pattern? ("Bear in mind that for retailers selling products overseas," Eric advises, "an e-post address may appear random to someone who is not familiar with the local language.")
- Has this customer, or a customer using the same information such as address, made multiple orders prior to this one?
"Ultimately, being proactive by setting thresholds-meaning, a definition of under what circumstances the orders need to be confirmed by a human-can greatly make sense of this data," Eric says. "And it can help avoid blocking legitimate users, which automated 'blanket' methods may accidentally lead to."
Most importantly, by collecting and aggregating this data over time, your company will be able to better understand the particularities of these international markets. It will also better refine your ability to deter fraudulent activities.
“Tracking how each market operates and understanding what the data is telling you is critical to preventing fraud,” Eric says.