Image: G.I. Barone Image: G.I. Barone

After a string of highly publicised data breaches at big businesses over the last 12 months, it’s easy to understand why large corporates are concerned about cyber security.

But blue-chip companies aren’t the only ones that worry – small businesses, some of whom have already suffered a data breach, are also fully aware of how damaging cybercrime may be.

We recently conducted a study, which found that in the last year alone, almost half (48%) of small and medium-sized enterprises (SMEs) have been hit by some form of cybercrime, the most common being online payment fraud –worryingly experienced by a third of small businesses.

Fortunately, there are simple signs SMEs can look out for to identify attempted or actual online payment fraud. Once spotted, a few tried and true techniques can mitigate against cybercrime and the financial and reputational damage it can bring – keeping you and your customers safe.

Know your enemy

Through our experience of working with small businesses for the last 50 years, here are the five main motives we’ve seen behind online payment fraud:

  1. Obtaining goods - Quite simply, many fraudsters want to purchase something and use someone else's details to get it
  2. Account testing - Fraudsters have stolen card data and want to check whether it still works for making payments online. They will often make low-value transactions, as small amounts are less likely to raise suspicions if the transaction is declined
  3. Money laundering - Fraudsters generate cash or commodities that can be traded for cash by using stolen card data, for example, they may try topping up multiple SIM cards to sell to third parties using someone else's money
  4. Fraudulent services - Fraudsters act as middle men or 'ghost brokers', luring unsuspecting people into paying up front for services, such as insurance policies, that the fraudsters buys for them with stolen card data. When the policy is cancelled, the fraudster keeps the clients' cash
  5. Affiliate fraud - Affiliate networks send customer data to a merchant so they can target new customers, in exchange for a referral fee. But fraudulent networks send fraudulent data, and the fraudsters take the money from their commission and disappear before the merchant realises
Know when to raise the alarm

Understanding what to watch out for can help SMEs identify a fraudulent transaction before it’s too late. Although the definition of ‘business as usual’ varies from business to business and each merchant knows their customers best, some common ‘red flags’ that may warrant further investigation include:

  • A high frequency of orders which have a delivery location that is different to the cardholder's address
  • New customers that keep returning to your site in a short space of time. While they may be genuine, it could be a fraudster returning to making another purchase. To automatically block transactions which could be fraudulent, businesses can determine how many times they will allow a card to be used in one day before it is declined
  • Any other activity that is out of the ordinary, such as high-value transactions or a spike in sales, as a fraudster may have identified a weak point in an online business and followed a low-value transaction with a substantial order
  • Suspicious activity around high-risk products and services, for example, those that may be prime for money laundering
  • Affiliate networks that fail to deliver the results you've agreed. To rule out fraudulent activity, always track and monitor affiliate activity.

By Paul Clarke, product director at Barclaycard