Forewarned is forearmed: Eight fraud safety tips for online shoppers and merchants

Towards the end of every year, Black Friday transaction data typically illustrates the year’s eCommerce expansion in South Africa. It painted an unmistakable picture of the previous 11 months, with South Africans feeling the cash crunch. However, payment provider PayU South Africa reported a 40% increase in transactions, illustrating that the country saw an accelerated shift in online shopping this year, despite the smaller budgets.

While that is good news for merchants and the economy, 7.8 per cent of South African transactions made between November 25 and 29 were also potentially fraudulent, an increase of 4.2 per cent when comparing those same periods last year, according to TransUnion data released in December. 

Karen Nadasen, CEO of PayU South Africa and Chairperson of the eCommerce Forum of South Africa,explains that some basics for both consumers and merchants can significantly reduce those risks and protect customers – some of which are not widely known.

Consumers

Payment methods: First and foremost, do not transfer funds directly to a merchant bank account; instead, use a recognisable payment method. eCommerce offers many different methods of payment, from credit and debit cardsby Visa, Mastercard, Amex and Diners, to Discovery Miles, Mobicred, RCS and Payflex, to name a few. Use of these payment methods also offer additional security such as 3DS secure in the case of a credit or debit card, additional bank or provider authentication mechanisms as an additional protection layer. You are also generally covered by your bank by using a credit or debit card if certain conditions of the transaction or sale are not met. When using credit or debit cards, do not send emails with your card number and expiry date or supply these details over the phone.

SSL: When you land on the website, look for the small lock in the browser address bar or on the payment page, which will indicate that the payment provider is safe. This padlock symbol is more formally known as SSL, or Secure Sockets Layer, an encryption security protocol or digital certificate that authenticates a website’s identity and enables an encrypted connection between the two parties. Look for the lock!

The source: Some advertising is designed to catch your attention, so be watchful of ‘clickbait’, which will entice you to click on links that appear almost too good to be true. Instead, type the web address into the browser yourself to take you to a website instead of being directed by a link in an email or via social media.

Two-factor authentication: Many providers including banks add a step that verifies who you are through a secondary communication channel, for example, Discovery Miles requires you to authenticate yourself whilst on a payment page to use the Miles payment method. Banks provide separate applications via their mobile application to verify the transaction

Merchant


Integrating to a payment gateway: Customers are usually protected by the law and card schemes, but merchants need support too. Fortunately, there are plenty of solutions on the market, all designed to provide merchants with rich services and security. PayU has developed a trusted reputation in emerging markets, operating in over 50 high growth markets, thanks to its ability to deliver the speed and security that customers need. Look for a partner with a proven track record. 

Recognized payment methods: Work with recognised payment methods. These have been created by credible companies and have done their due diligence in knowing the various threats that cybercriminals employ.


3D Secure: The use of 3D Secure, in whichan OTP (One Time Password) is required to complete the transaction, is an excellent verification step. Interestingly, enhanced 3DS 2.0 puts the user experience and additional security at the heart of its processes. In addition, factors such as biometrics can also be integrated to provide a more robust framework for service providers, cardholders and payment platforms. This reduces the friction currently experienced by customers in the checkout process without compromising on security and, therefore, potentially reducing abandonment.

Privacy: There are regulations that those working within the merchant ecosystem need to adhere to so they can protect their customers’ personal information, outlined in the Protection of Personal Information Act (POPIA). Protection measures need to be implemented to protect both user and merchant from fraudulent activities – seek expertise to guide you through the compliance process, such as IronTree’s POPIA ongoing compliance management tool and training, as one example.

Nadasen concludes, “We need to remember that we have come a long way in the last 21 months. There are entities online today that had no ecommerce experience whatsoever only 18 months ago and today are flourishing online. They have taken advantage of a rapidly growing market and a local appetite for innovative ecommerce solutions, which has met some real market needs. This spirit of innovation in tough times is very much a part of the South African ethos and has shaped uptake and growth. It’s been one of the upsides of the pandemic. However, as we grow, we must continually adapt in this dynamic and ever-evolving landscape.”