Blog

Basics Business Guide – Online Fraud Prevention

posted by: Paula Boyden date: Jul 16, 2020 category: All, Expert Explanations comments: 0

Online fraud is one of the growing threats for businesses with a digital presence. Costing millions of dollars every year, this attack type is definitely something to watch out for, so online fraud prevention is a must. Learn what you can do to prevent online fraud, and how to recover if you become a victim of it.

Online fraud is a type of cybercrime, in which criminals mislead or deceive victims into providing their personal details, which they then use to steal money or carry out fraudulent activity. There are different ways to perform online fraud, such as selling fake digital gift cards, offering fake tickets to concerts and sport events, and of course, running scams on social media platforms.

According to research, in 2017 alone, victims lost over $1.4 billion to online fraud. This figure is steadily growing, leaving business owners with little choice but to implement an online fraud prevention plan within their organisation.

Most online fraud can be divided into two main scenarios:

  1. Targeting the client – This scenario is usually done via phishing attacks against clients, stealing their information and using it to take over their accounts to make fraudulent purchases or obtain their financial data.
  2. Targeting the business – This scenario requires changing something managed by the business, such as the website. A notable example of this is ‘Magecart’, a cybercrime group targeting retail websites with a credit card stealer script inserted into the website source code.

But how can businesses successfully tackle online fraud? And can it be completely prevented? Well, in cybersecurity there is no such thing as 100% fool-proof protection, but some protection, is better than none.

There are several measures businesses can implement on their websites to minimize the risk, monitor fraud attempts and greatly improve their online fraud protection:

  • Restrict the number of credit card entry attempts. If a client tries to insert different credit card numbers more than a couple of times it is suspicious, and implies a fraudster is behind the purchase.
  • Perform additional checks. Run extra checks on purchases where the billing address differs from the shipping address, especially if the client chose fast shipping. This is not a definite sign of a fraud, but it is worth contacting the client with the details you have (phone number, email etc.) to verify. This also applies to other suspicious transactions.
  • Always update the software you are using to the latest version. Bugs and security holes are discovered in all software, so updating regularly minimises the chances that hackers can exploit vulnerabilities in your website.
  • Regularly check your site’s source code. Careful analysis of your website’s source code should be done on at regular intervals to see if anything new has been inserted into it. As explained above, this is the preferred method of the notorious Magecart cybercrime group and is used by other cybercriminals as well.

How much is the business of online fraud worth to cybercriminals? Statistics show that it’s quite a lot. In Australia, for example, nearly AUD$5 Million was stolen in 2019 as a result of 10,000 separate incidents of online shopping scams.

In the United States, 77% of merchants say they have been a victim of some type of online fraud and that fraudulent transactions account for an average of 27% of their annual online sales.

Globally, the estimation is that cybercrime will cost around US$6 Billion by 2021, with online fraud taking a big slice of the pie.

So, let’s recap what businesses can do to improve their online fraud prevention:

  • Restrict the number of credit card entry attempts.
  • Perform checks on suspicious transactions by verifying identity.
  • Update software regularly.
  • Check your site code for changes done by unauthorised parties.

To protect your brand and clients from online fraud, FraudWatch International offers a monitoring service using proprietary software. Our tools look for fraudulent incidents on the internet and we perform takedowns, when applicable. In fact, we have some of the fastest takedown times globally with a 100% success rate.

Comments are closed.