7 Tips for Solid Risk Management at E-Commerce Start-ups

We speak to many entrepreneurs at different stages of launching e-commerce businesses who turn to us for credit card processing services. Typically we are contacted when the website is already built and are asked what should be done next. Invariably, the inquiry is about the technical steps that need to be taken to connect the newly-built website to our system, which happens to be a fairly straightforward process.

What we are rarely asked, and what is far more important than the technical questions, is what are the risks that the new owner or manager of an e-commerce website should be aware of and how to mitigate them. The effectiveness of your risk management procedures will eventually determine the long-run success of your new venture. Let’s take a look at what the biggest threats to your e-commerce business are and how you should begin to address them.

3 Biggest E-Commerce Risks

Here are the three biggest risks you will be dealing with throughout the lifetime of your e-commerce business:

1. Fraud. E-commerce fraud comes in many shapes and forms, the most common of which are:

• The use of stolen credit card account information to make a purchase.
• A false customer claim that a shipment has not been received.
• The breach of your credit card processing system by a hacker who then issues credits to his credit card(s).

2. Customer disputes and chargebacks. There are many potential issues that can lead to disputes and chargebacks, including:

• A customer claim that a product and service is not as described on your website.
• The processing of a payment before shipping the purchased product.
• The processing of a non-authorized payment.
• A disagreement over a return and / or refund.
• A double billing for the same order.
• The customer does not recognize your name on her credit card statement.

3. Stolen account information. This can be done in various different ways, such as:

• Payment information is intercepted during transmission to or from the e-commerce website.
• Account information is stolen from your payment processing system.
• Files containing sensitive data are stolen from your physical storage facility.

Industry regulations, not to mention common sense, require that you are prepared to address these risks before you begin accepting payments on your website.

How Start-ups Should Manage E-Commerce Risks

Here is what you should do before you open your e-commerce website for business:

1. Educate yourself on e-commerce risks. There are plenty of resources available for information on e-commerce risks, not least on this blog. The more you know about the potential threats to your business, the better prepared you will be to devise adequate business policies and operational practices.

2. Implement fraud prevention procedures and tools. Fraud prevention begins with the processing of each transaction. Learn how to do it properly and do it every time. Use the Address Verification Service (AVS) and obtain an authorization approval for all of your transactions. You may also want to consider using Verified by Visa and MasterCard SecureCode for additional protection.

3. Understand what causes chargebacks. Chargebacks can have many causes, but can typically be traced to one of the following issues:

• Customer disputes.
• Fraud.
• Processing errors.
• Authorization issues.
• Non-fulfillment of transaction copy requests.

4. Keep customer disputes to a minimum. You have more control over customer disputes than you may realize. It all begins with designing a customer-friendly e-commerce website. Prominently disclose your policies, provide clear descriptions of your goods and services and do not process payments before shipping a product. Make available a customer service phone number, make sure it is answered quickly and the issues are addressed professionally.

5. Understand your responsibilities for remedying and preventing chargebacks. We have written extensively on chargeback prevention to get you started. Your merchant processing agreement will typically spell out your chargeback liability, so read it carefully.

6. Learn your re-presentment rights. Charged-back transactions can be resubmitted (re-presented) if supporting evidence can be provided to prove that they were legitimately processed in the first place.

7. Achieve and maintain compliance with PCI DSS. The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for security management, policies, procedures, network architecture, software design and other protective measures, developed to protect account information from following into the wrong hands. Compliance is mandatory, so work with your PCI DSS vendor to achieve and maintain it. At times all the requirements may seem excessive to you, but your web host provider, if it is any good, should have no problem resolving any issues the vendor may uncover.

The Takeaway

Everyone in your organization who is involved in business on operational level should have a complete understanding of the risks associated with the processing of e-commerce transactions. They should be well versed in your risk management procedures and be able to implement them. Ultimately, the long-term success of your business will depend on that.

Image credit: Tistory.com.