Online Merchants: How to Protect your Business from Identity Fraud Online

As of early January this year, it’s estimated U.S. merchants lose approximately $190-billion per year. If you find that shocking, keep in mind that the official 2014 numbers haven’t been released yet. The estimate I mentioned is nearly double the recorded global losses reported for online fraud in 2010! (source and source)

The problem goes much further than the simple chargeback fraud which so many of you have had to chalk up to an expected “cost of doing business” expense.

In this article, we’ll talk about online fraud prevention from the online merchants’ point of view.  Please consider this as not only a reminder, but a plea to take online identity fraud more seriously – for your own and your customers’ sake.

Online shopping

It’s not just the monetary loss that hurts business owners either

Online fraud losses to merchants just like you continue to nearly (and sometimes literally) double each and every year. And your credit card information and bank data are just as easy to exploit as a private consumers.

But take a moment to consider the loss of priceless proprietary data, or the loss of customers and the reputation you’ve fought so hard for, when a hacker nabs your info in their “phishing” web, stealing your email or contact info and contacting current (and potential) customers pretending to be you, then proceed to scam said consumer on your behalf.


The “why” is really simple. Criminals will always look to exploit weaknesses in your data. Now with the massive rise of technology; first with the Internet itself, and now with devices that can connect to the Web from anywhere, consumer and merchant financial data is ripe for the picking.

It’s truly hard to imagine that anyone’s going to find a way to stop the majority of this fraud anytime soon either.

What’s the solution?

The solution, dear merchant, is for you to take extra measures to protect your data and financial information. Here’s a few fairly simple ways you can prevent fraud from hitting your business.

1. Stop making your passwords easy

Passwords need to have a combination of letters (capital and lowercase), numbers, and special characters. Preferably, they won’t have any distinguishable words of any kind, and lack easily-crackable number combinations such as your birthday, that can be connected to you or your family members.

How NOT to keep your password secured
photo credit: EP Technology

Password managers like LastPass will actually create complex passwords for you, one’s that reach 80% (ie., “strong”) on most password strength indicators. You can go a step further if you want and create a private digital notepad document (that’s password protected), and write out your own crack-proof passwords.

If you’re looking for an easier method that utilizes your memory more, use the first letters of the first and last names of people from your past and combine them with numbers.

For instance:

You could make a complicated password by capitalizing the first letter of each name and typing their last name in lowercase, following with the shortened form of the date you first met them (or last saw them if you like), or another number of significance (in the following example “I-35” which has the additional benefit of a special character – the dash):

  • Your grade two teacher in 1990 was Mary Stark.
  • Your memorable high school math teacher in 1995 was Kevin Strong.
  • Then there’s your great-uncle Tom Janis who taught you to drive by taking you driving every weekend on the I-35 highway.

Finished Password (spaces shown for clarity): Ms90 Ks95 Tj1-35

Using this password tester the easy-to-remember password above would take hackers approximately 10,000 + centuries to crack. By comparison, using the sample password “JoeStrong88” only offered about 7 hours of security (without the capital “J” and “S” only 38 minutes!)

Hopefully, it’s becoming obvious that most of us aren’t as clever as we think. Even if a good hacker knows nothing about you, they and their password-cracking programs will quickly pick up on the combination patterns left by using easy passwords and soon steal your info.

2. Change online passwords often, not just regularly

To truly be safe, you need to change your passwords monthly. This might seem excessive, but how long does it take to change a password versus trying to rebuild your credit and/or business? Enough said on this point. Don’t be lazy!


3. About hacked social logins

If your social account is hacked, it might seem like clicking the “forgot my username or password” button and following the prompts given is the easiest way to remedy the situation.

Sure, this will restore your access, but what if the hacker stole your contacts and added them to another hacking account they have set up to send spam and further their “phishing” efforts? What if they’ve been PM’ing valuable business contacts, clients and family members with lewd or degrading messages?

Report your account as compromised. All social networks have a reporting function, such as this Report Compromised Account link on Facebook.

4. Leave spam in the spam box

We all know that we should ignore spam and never click on any links therein. However, “Rage Responding” to the sender is just as bad and can lead a “Phisher” right through the front door of your online data. Never reply to them, even to scold them or tell them to leave you alone.

If you receive strangely-worded emails from recipients you know and trust, that just don’t seem quite like the normal tone and subject matter they normally send you, send them a newly composed email and inquire about the message they sent, before promptly deleting the suspicious message!

Have any fraud-busting tips to share?

Do share them in the comments below. Protecting against fraud is all about staying out in front of hackers and scammers, before they adapt and figure out new ways to steal our data and hard-earned cash/credit!