Home-based business owners have many challenges to face and one of the most serious ones is online fraud. This type of fraud occurs in two different manners:
⦁ When your own website is hacked and a fraudulent third party gains access to your customers’ accounts and starts placing orders using their credentials;
⦁ When a person places an order and pays it using stolen credit card data.
In both situations, your business will lose money and even face inquiries from the authority. This will cause further losses, because bad news spreads fast and you will face increasing distrust from other potential customers.
Of course, there is no 100% effective method of securing your business against online fraud. But there are ways in which you can prevent and block many attempts by applying a set of best practices in securing your website, by using your own instincts, and by using caution and your business sense when dealing with various would-be customers.
Before we move on to the tips and advice for securing your home-based business against cybercrime, we would like to say a few thing in connection with ecommerce websites. Most home-based businesses operate as ecommerce stores, accepting online or mobile payments for products or services. If you want to process payments directly through your website, then your website needs to be PCI compliant. PCI stands for the Payment Card Industry, and its basic set of rules and regulations can be found here.
And now let us move on to the best practices you should apply to mitigate the risk of falling victim to online fraud:
1. Secure Your Website
Your website needs to be equipped with antivirus and anti-phishing solutions, even if you are not processing payments or storing customer data on it. If you require your customers to create accounts and store their personal and financial data, it is absolutely mandatory to purchase and maintain these solutions which prevent hacking into your website and stealing your customers’ data.
2. Use a Separate Computer for Banking and Payment Processing Activities
This is a key recommendation especially if you have children who may access by mistake websites which install viruses or malware on computers. Your business computer must be off limits to anyone else in your family. The most frequent situations of hacking occur from within – when your own computer is infected with a virus able to access your login credentials to the backend of your website and your payment processing platform.
3. Identify the Warning Signs of a Potentially Fraudulent Transaction
It is very important to understand how scammers operate, at least as far as the authorities already know and advise business owners. These are the top warning signs you should pay attention to before you accept any transaction:
⦁ A fairly new customer who has only made a few purchases of small to average value (for instance, under $100), suddenly places a large order of over $1,000 or more;
⦁ A new customer starts with an initial large purchase;
⦁ The shipment address is different from the billing address;
⦁ The goods are purchased with a US card but the shipping address is overseas;
⦁ The shipping address is a PO Box;
⦁ Verify the credentials of the card holder and run the card number through the Address Verification System (AVS) to check if it was stolen.
Some of these warning signs may be legitimate situations; for instance, if the delivery address is different from the billing address, perhaps the purchaser wants to offer your products as a gift to a relative or friend.
4. Require Customers to Input the CVV Number
The Card Verification Value (CVV) is a three or four digit number printed on the back of the card which can never be stored on a customer account together with the rest of the card details. When a transaction is initiated, the final step for authorization is inputting the CVV number. Unless the scammer stole the card itself (in this situation the cardholder would have it immediately blocked) they cannot know this number.
5. Implement a Strong Password Policy
Many people still use passwords such as “1234”, “admin” or even “password” for various accounts, including on ecommerce websites. As a website owner, you can implement a strong password policy, requiring people to pick a password which includes at least a capital letter, a number and a special character (such as $ or #).
Finally, every time you ship an order, remember to send a notification to the customer by email. Sending this notification will only take a minute and will save you a lot of potential troubles.