Best practices for small businesses to help prevent online fraud

Understanding online fraud that could impact your small business

First, it's helpful to understand common types of fraud to watch out for, including:

• Phishing or email fraud: Fraudsters send deceptive emails to trick people into sharing sensitive information. These emails might be sent to your customers, making it look like it came from your business. Alternatively, the messages could be sent to members of your team, encouraging them to reveal company information that might lead to a hack. Learn more about phishing and spoofing and how to protect your business and prevent online fraud.

• Online shopping fraud: Scammers set up fake e-commerce websites to accept payments. Customers make purchases but receive either counterfeit items or nothing in return. While a small business might not need to worry about this impacting them directly, the existence of such sites can make customers more suspicious of online shopping. It may also potentially hurt the reputation of your small business, which could result in customers not trusting or ordering from your company.

• Identity fraud: Hackers steal personal information and then use it to commit a crime or make an unauthorized purchase.

• Tax scam: Fraudsters pose as IRS agents or debt collectors to steal financial information.

• Invoice fraud: Fake invoices are submitted to deceive businesses into issuing an unjustified payment.

• Check fraud: Criminals may forge or alter checks to steal funds from business accounts.

• Payroll fraud: This can include ghost employees — where fictitious workers are added to the payroll — or altering timesheets to inflate hours worked. This sort of fraud could be perpetrated by or on behalf of the employees being overpaid.

• Contractor or vendor fraud: Vendors request advance payments for goods or services they never deliver.

• Return fraud: Customers return used items and request refunds for full value.

• Employee theft fraud: Employees steal cash, inventory, or sensitive information for personal use or resale.

• Company theft fraud: Employees use stolen company information for personal gain or to commit fraud.

• Data breaches: Cybercriminals gain access to sensitive customer and business data, potentially leading to financial and reputational damage. In addition, data breaches can lead to substantial network downtime, causing lost productivity and income.

Common signs of small business fraud

Identifying the potential signs of fraud is crucial for small business owners to protect their operations and finances.

When it comes to how to detect and prevent online fraud, here are some common red flags and warning signs of possible small business fraud:

• Unexplained financial discrepancies: Sudden drops in revenue or profits without a clear explanation and/or discrepancies between financial records and actual cash flow may point to fraud. If this sort of indicator appears in your books, you may want to find an unbiased third party to check your company’s books for you. This scenario may be due to a lack of oversight, like when one individual handles multiple financial roles without external review of financial transactions and records.

• Missing or altered documents: Financial records, invoices, receipts, or contracts that are missing or appear altered can be a sign that someone within the company is perpetrating fraud.

• Inconsistent inventory levels: Frequent discrepancies between recorded inventory levels and physical counts may mean that employees are stealing from the company, either for resale or for personal use.

• Customer complaints: Frequent customer complaints about billing errors or unauthorized charges might indicate a bad actor inside your organization or could be attempts to defraud the company by the customers themselves.

What is business fraud prevention?

Wondering how to prevent online fraud in small business? Fraud protection for businesses typically includes several proactive measures and strategies to mitigate the potential risk of fraudulent activities. It may involve risk assessment, internal controls, employee training, background checks, audits, cybersecurity measures, and vendor due diligence.

The goal of this sort of activity is to help protect assets, finances, and a business’s overall reputation by deterring, detecting, and addressing possible fraud risks early and effectively. While it may seem unnecessary or costly, preventing online fraud is essential for small businesses.

Best practices to help prevent fraud in your small business

Looking for fraud prevention and detection strategies? Here are some potential tips to implement in your business to try and prevent online fraud:

Use strong and secure passwords

Hackers use sophisticated programs that can run through many different versions of a single password in seconds. In other words, they have the tools to easily guess your passwords and access your accounts.

That's why many websites prompt you to create a strong password of at least eight characters, including at least one capitalization and one special character (for example, “P0r$che9!!"). If you're struggling to come up with a secure password, you can also use a strong password generator to help. Request all of your employees change each of their passwords quarterly. Keep a list of employee passwords so the owner of the company always has access to all accounts.

Stop phishing in its tracks

Train employees to spot phishing emails and fraudulent messages. For example, phishing emails might ask you to update your payment details for a certain site or submit your information to receive a government refund.

As a rule of thumb, employees shouldn't open any links or attachments from unknown sources. And if an email address, subject line, or message seems suspicious, tell them not to click or respond — but to report it to you or your IT team.

Protect your computer

Make sure everyone on your team is running the latest version of their computer’s operating system (OS), as OS providers continually update their software with security patches to protect you from newly discovered vulnerabilities, as well as the latest viruses and malware.

Also, install and regularly update business-grade anti-malware and anti-spyware software to prevent attacks that exploit outdated software programs. Keep in mind that free, limited-feature, or consumer-strength anti-virus software options are insufficient, even for small businesses.

Set limits to your e-commerce

Yes, you want to make money — but not at the expense of your safety and security. That's why you should set limits for the number of purchases and total dollar value you'll accept from one account in a single day.

If you sell casual boots, for example, and one customer tries to make 10 purchases worth thousands of dollars in under 24 hours, something suspicious may be happening. You may be able to set up your e-commerce site to flag these types of transactions for you.

Use the address verification system

When a customer pays with a credit card on your site, they should be prompted to enter a billing address for that card. That's where an address verification system (AVS) comes in.

The AVS compares the customer's entered billing address with the address on file at the credit card company, verifying the cardholder's information. This AVS check is an online fraud tool included in most payment processing solutions, but check with your payment processor to be sure they support it.

Require the card verification value

The card verification value (CVV) is the three- or four-digit security code printed on the back (or sometimes the front) of credit cards. According to Payment Card Industry (PCI) compliance rules, merchants can't store the CVV as part of a customer's credit card information.² It's one of the most effective forms of fraud protection because customers must enter their CVV every time they check out. Plus, it's virtually impossible for hackers to get that number unless they've stolen the person's physical credit card.

Most payment processors include a tool to require CVV as part of their checkout templates, so make sure to use it.

Connect to a secure Wi-Fi network

Hackers can use unsecured Wi-Fi networks to tap into devices and steal information. That's why it's so important to make sure you're using a secure home or office Wi-Fi network.

You can do this by installing a firewall, setting access restrictions and guest permissions, and creating a secure password for your wireless network. Also, when you're not at home or in the office, be cautious about connecting to a Wi-Fi network that's unknown or publicly accessible.

Effects of fraud on small businesses

The effects of possible fraud on small businesses can be significant. Here are some examples:

• Financial loss: Fraud can result in direct financial losses, including stolen assets, funds, and inventory, as well as decreased profits.

• Reputation damage: Small businesses may suffer reputational damage, losing customer trust and loyalty.

• Operational disruption: Fraud incidents may disrupt day-to-day operations, especially if the system is breached or taken down by hackers.

• Increased costs: Implementing fraud prevention measures and recovery efforts can increase operational costs. Plus, insurance claims due to security breaches or fraud can increase the cost of insurance coverage going forward.

• Credit challenges: Fraud may impact a business's ability to secure credit or loans.

• Legal consequences: Fraud can lead to legal issues, including lawsuits, fines, and regulatory penalties.

How to report a suspicious message

When you do spot a suspicious message, report it right away to help stop the threat and minimize your risk of fraud.

You can report fraud to government agencies, credit bureaus, and financial institutions. For example, the FTC has a website dedicated to reporting fraud, and PayPal provides businesses with clear instructions for reporting suspicious messages.

How PayPal helps buyers

We know how important security and peace of mind are in online business and how important it is to prevent online fraud. Learn more about PayPal Seller Protection here.³

So go ahead and set up shop. PayPal fraud protection has got your back when it comes to ecommerce fraud prevention.