How to Protect Your WordPress eCommerce Site From Holiday Fraud
Last updated on
Are you looking for ways to protect your WordPress eCommerce site from holiday fraud?
According to a recent report, the average number of suspected digital fraud attempts between Thanksgiving and Cyber Monday last year was 82% higher than any other day in 2022, with Black Friday being the most at risk.
In this article, we’ll go over several steps you can take to prevent fraud on your site during the upcoming holiday season.
Protecting Your Site From Holiday Fraud
The holiday season is quickly approaching and for most online businesses, it’s the busiest time of the year. Whether you sell products or services, you’re bound to see an increase in sales. While fraud unfortunately poses a year-round threat, attacks increase significantly for a variety of reasons between Thanksgiving and the first few weeks of January.
Why is fraud more prevalent during the holidays?
- Businesses are busier and less likely to scrutinize each transaction and follow their current fraud prevention strategies.
- Businesses offer faster processing and shipping services, which fraudsters love.
- Credit card holders make more purchases, which makes them less likely to spot suspicious transactions.
- Supply chain issues will continue to limit some of the holiday’s most sought after items, creating an opportunity for scammers to take advantage of the shortages.
Preventing fraud is always important, but you’ll need to take extra steps to protect your business during the busy season. In this article, we’ll show you how.
7 Steps to Prevent Holiday Fraud
Let’s go over some key steps you can take to keep your business safe, and how Stripe supports those efforts.
1. Enable Your Address Verification System (AVS)
AVS is a simple tool that flags transactions as fraudulent if the billing address supplied by the customer doesn’t match the billing address in the bank’s file. Essentially, this forces fraudsters to acquire several more data points (street, city/town, state, and zip code) before they can use a stolen credit or debit card.
If you haven’t enabled AVS through your payment processor, now’s the time. Basic identify verification methods like this go a long way toward halting fraud.
If you’re using Stripe, the best payment processing service provider, you can rely on Stripe Radar to block any payments that fail postal code verification, as well as customize additional fraud protection rules.
Simply log in to your Stripe dashboard and navigate to Payments and then Fraud & risk to see a complete overview of your rules.
We also recommend upgrading to Radar for Fraud Teams because it allows you to write custom fraud protection rules that can allow or block charges based on specific transaction details. The best part? It allows you to test what’s right for your business based on historical rule data.
Additionally, we highly suggest using Stripe Payment Element because newly deployed machine learning models to prevent fraud are provided by default to its users.
With WP Simple Pay, the #1 Stripe payments plugin for WordPress, you can easily enable Stripe Payment Element directly from the WordPress admin dashboard.
2. Monitor Any Express Shipping or Rush Transactions
Fraudsters love to “purchase” products and services with fast turnarounds. This increases the likelihood that they will receive the product or service before the real buyer identifies a suspicious transaction.
Unfortunately, as we get closer to the holidays, more of your customers will choose express shipping and rush options to get their purchases in time. If you take away these options, you will undoubtedly lose business. The only solution, therefore, is to diligently examine each rush transaction for other signs of fraud.
3. Thoroughly Screen Any Charities
Like a lot of businesses, you may generously open your wallet to well-meaning charities during the holidays. A few dollars could buy you some high-quality advertising and support a good cause.
But scammers will use your goodwill against you. It’s not unusual to receive requests from charities who, upon further inspection, don’t really exist or don’t use their funds in any charitable way (i.e., 90% of donations pay for “administrative costs”).
Poke around before you give to any charity. If they send you a letter, call to verify their name, mission, tax-exempt status, and account details. Check how much they actually give toward its cause by using CharityWatch or Charity Navigator.
4. Implement 3D Secure Authentication
3D Secure is a tool used to verify card transactions. It sends more than 100 data points on each transaction to the cardholder’s bank, such as the shipping address, IP address, device information, and the customer’s previous transaction history. The cardholder uses these data points to assess the transaction’s risk.
If the bank thinks the transaction is legitimate, the customer doesn’t even know 3D Secure was used. But if the data isn’t enough, the checkout flow is interrupted by an additional page. On the new page, the user must enter additional information from their bank (like their login credentials).
During the holidays, customers make transactions that would ordinarily seem fraudulent. For example, a New York resident might purchase a gift from a store in Montana with express shipping. This activity triggers 3D Secure to step in and say, “We recognize this is out of character, so we’ll give you a chance to prove you’re the cardholder.” This protects you from fraud without losing the sale.
What’s great about this system is that if the customer is presented with the extra step (the login page), liability for the transaction shifts to the bank. You aren’t on the hook for the money if the customer passes that extra step.
3D Secure is enabled by default in Stripe. We recommend checking to make sure it’s on in your dashboard. If it’s disabled, enable it right away and leave it on forever.
5. Monitor for Early Fraud Warnings
Early fraud warnings are notices your payment processor generates to flag payments that it suspects to be fraudulent. They appear when a cardholder lodges a claim of fraud with their issuing bank, but before an official chargeback.
If you act quickly, you can respond to early fraud warnings by refunding the payment before you suffer a chargeback. You typically have 24 to 48 hours to respond before the issuing bank files a chargeback, but this time frame is entirely up to the bank, so don’t wait too long.
You can easily review your fraud warnings, in addition to payments that have been blocked or allowed by Radar directly in your Stripe dashboard.
You can also watch this video to learn how to respond to flagged payments and disputes:
If you don’t use Stripe, look for your payment processing’s warning system. Set up some kind of alert for yourself when transactions are triggered by that system.
To learn more about why Stripe is our favorite payment processor,
6. Look Out for Attempts to Bypass Your Tools
Scammers know that you have systems in place to automate fraud detection. They can’t fool these tools, so they’ll take steps to bypass them.
For example, a fraudster knows you prefer to ship to the billing address, so he’ll click your “same as billing address” button to arrange shipping. The transaction will go through without raising an alarm. Later, he’ll call or email you to change the shipping address manually because he “forgot to change it” or “entered it wrong out of habit.” In this example, the fraudster is trying to get you to bypass your own fraud system.
In cases like this, remember that your tools are in place for a reason. For example, Stripe Radar, a machine learning fraud detector, is smarter at spotting fraud than any of us, so you’ll want it to evaluate all of your transactions. If a customer wants a manual change that bypasses your tools, offer to cancel the order and let them place a new one.
7. Document Every Interaction with Customers
In order to protect yourself, it’s important to maintain records of all of your interactions with customers. Not just transaction data. Everything.
Let’s say you perform a service for a customer who seems happy with your work. They sign off on mockups, confirm your deliverables, and even compliment the quality of your work. Later, they file a chargeback claiming that the work was “unsatisfactory.”
Sounds frustrating, right? But, just because a customer files a chargeback doesn’t mean they get it. As the merchant, you have an opportunity to defend yourself with evidence. The cardholder’s bank will consider that evidence before they declare a winner of the dispute. Your records and documentation can save you from an unjust chargeback.
The Stripe dashboard offers a list of disputes. Each dispute item gives you an opportunity to respond.
Start Before You Get Too Busy
If you wait until the holidays to prepare for holiday fraud, it’s probably too late. Now’s the time to consider how you’ll protect yourself over the upcoming season. Use the steps we outlined above to secure your business and discourage scammers.
If you found this article helpful, you might also want to check out more of our guides on how to protect your business:
- How to Add hCaptcha to WordPress Payment Forms (6 Easy Ways)
- What You Can Do To Protect Your Business from Credit Card Fraud
- Protect Yourself from Disputes with a Refund and Return Policy
What are you waiting for? Get started with WP Simple Pay today!
Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.