skip to Main Content
Ecommerce Fraud Transactions – How To Defend Your Website

Ecommerce Fraud Transactions – How To Defend Your Website

For many Australian businesses, inflation and the cost of living have impacted sales, revenue and, ultimately, profit. On top of this, the last thing you want is fraudulent transactions on your website. 

 

I get asked about fraud transactions a lot from website owners who have experienced it before.

 

The majority of this article will talk about WordPress and WooCommerce, although the types of fraud and solutions are applicable to all websites. 

 

Contents:

 

Ecommerce Fraud Transactions - How To Defend Your Website 

Why do websites fall victim to fraudulent transactions?

Prevention is the best cure. However, as a business owner, you don’t know what you don’t know. 

 

Imagine a website is like a house, the front facade of the house looks appealing, but the backdoor or back windows have no locks! It might look great, maybe you go a few years without an incident, but it’s certainly not secure and only a matter of time.

 

There are several layers of security and protection that can be added to a website to minimise fraudulent transactions. 

 

When we design and develop an online store, we have a 160-point checklist we run prior to launch; items in our checklist include a web application firewall. 

 

Often, low-cost websites that have been rushed by overseas developers or DIY website builds are more commonly affected by fraud. It’s not to say that DIY or low-cost options are a bad thing, but it is more common. 

 

 

Ecommerce Fraud Transactions - How To Defend Your Website 2 

 

Types of fraud transactions:

 

Bot Attacks:

Bot attacks on checkout pages. I have had a few clients over the years who use eway as their payment provider. Unfortunately, a bot can try to attack a checkout page and spam random credit cards. Some cleints have reported eway charging them hunreds of dollars in fees. 

 

From my experience, I have only ever seen this with Eway, and this does not appear to be a problem with other payment providers such as PayPal, square or stripe. 

 

Stolen Credit cards: 

Credit card theft is still a major issue for online store owners. 

Many of these orders will appear as normal; you receive the order, ship it out to the customer and then, within a few days or weeks, you receive a chargeback. The bank or payment processer will advise you the card is stolen and offer limited to no compensation. 

 

The orders may be shipped to rental houses, PO boxes, airbnb houses, etc. Stolen credit cards are a huge risk, but luckily, there are ways to minimise the theft. 

 

types of ecommerce frauds

As of the 2021-22 financial year, card fraud in Australia, which involves unauthorised use of credit, debit, or EFTPOS card details, affected an estimated 8.1% of individuals, equating to about 1.7 million people. This rate was a notable increase from the previous year’s figure of 6.9% – ABS.gov.au

 

 

How to minimise Fraud Transactions, including WordPress & WooCommerce:

 

Install & configure a web application firewall.

A web application firewall (WAF) acts as a gatekeeper for your website, filtering and monitoring HTTP traffic between a web application and the Internet. It helps protect your site from malicious attempts, such as SQL injection, cross-site scripting, and other OWASP Top 10 threats.

 

For our WordPress & WooCommerce readers, Wordfence is a web application firewall (WAF) that is specifically designed for WordPress websites and provides a range of security features to protect against threats. Wordfence includes an endpoint firewall and a malware scanner that are built from the ground up to protect WordPress. The firewall filters and blocks malicious traffic to the website, and the scanner checks for malware, bad URLs, backdoors, SEO spam, malicious redirects, and code injections. Additionally, Wordfence often includes a live traffic view, showing real-time activity on the site, which can be useful for monitoring and identifying potential security breaches. 

WordPress & Woocommerce Fraud Detection and Prevention

 

Add Google ReCaptcha that protects your checkout page:

Implementing Google ReCaptcha on your checkout page adds an extra layer of security. It helps distinguish between human and automated access, effectively blocking bot attacks and reducing the likelihood of automated fraud.

 

Google Recaptcha for WordPress and Woocommerce

 

Utilise CloudFlare bot protection:

CloudFlare provides advanced bot management solutions that identify and mitigate automated threats. It helps protect your site from credential stuffing, carding, scalping, and more, ensuring only legitimate users access your checkout process.

 

cloudflare bot protection 

Choose a Payment Provider that offers 3D Secure:

Opting for payment providers that support 3D Secure technology adds an additional authentication step for online payments. This reduces the risk of unauthorised card use and increases the security of online transactions.

For WordPress / WooCommerce readers, a common payment provider with 3DS secure is NAB transact.

NAB Transact WordPress Woocommerce

The NAB Transact gateway supports pre-authorization checkouts – Woo.com

 

 

 

Use a 2FA/MFA on your checkout page:

Implementing Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) ensures that the person making the transaction is authorised to use the card. It typically involves a combination of something the user knows (like a password), something the user has (like a phone), and something the user is (like a fingerprint).

 

Multi Factor Authentication Ecommerce security

 

Increase your Stripe fraud prevention threshold:

Adjusting the settings in Stripe to increase the fraud prevention threshold helps in identifying and stopping potentially fraudulent transactions based on their risk level. This reduces the incidence of chargebacks and fraud.

 

Utilise Stripes 3D Secure feature:

Similar to point 4, using Stripe’s 3D Secure feature ensures an additional layer of security for card transactions, requiring cardholders to complete a verification step with the card issuer when making a payment.

 

Remember, no system is entirely foolproof, but taking these steps can significantly reduce the risk and impact of fraudulent transactions on your e-commerce website. Regularly updating your security measures and staying informed about new fraud techniques are crucial in this ongoing battle against online fraud.

 

stripe fraud prevention

3D Secure 2, an authentication standard that reduces fraud and provides additional security – Stripe

 

Let Masters of Digital Audit and increase your Online Store’s Fraud Protection:

 

In the ever-evolving digital landscape, safeguarding your online store against fraud is not just important—it’s essential. Masters of Digital, a Melbourne-based website design and development company, offers comprehensive audits and solutions tailored to enhance your online store’s fraud protection. With over 15 years of experience in the industry, our team specialises in identifying vulnerabilities and implementing robust security measures for WordPress and WooCommerce platforms. From configuring web application firewalls to integrating advanced fraud prevention tools, Masters of Digital provides the expertise you need to secure your business in the digital world. Protect your online presence and ensure your customers’ trust with our expert services. Contact Masters of Digital today to fortify your store against the risks of online fraud.

0/5 (0 Reviews)