E-commerce: selling securely online

Selling online opens up global markets for even the smallest New Zealand company but small business owners need to be prepared to identify fake orders, avoid credit card fraud and other e-commerce issues.


  • Fake orders that cost your business time and money
  • Credit card fraud and customer chargebacks
  • Hacking attempts to access your customer data or payment records
  • Attacks that harm your website or prevent it being used by other customers
  • Reputational harm caused by any of the above

How to avoid e-commerce fraud and credit card chargebacks

There are some obvious signs to look out for when trying to identify fake or fraudulent online orders:

  • International orders from less well regulated countries including Africa and Asia
  • Large order quantities for expensive stock items
  • Popular webmail services where accounts can be set up quickly for free
  • Poor English or grammar in order emails or messages
  • Different credit card and delivery addresses, especially where the delivery is to a different country

If you suspect an order is fraudulent check with your bank and/or payments processing firm for advice on validating a credit card to see if it has been reported stolen.

It may be some weeks before the card is reported so always try Googling the address for delivery as sometimes scammers use standard order instructions to speed up their payment scams.

Check to see if the name and country have been written about online by other retailers.

If you can, call the buyer and ask to speak to the cardholder about the order – do they sound genuine? Go with your gut feeling but also investigate credit screening services offered by your bank or payments service.

Protect your website

Make sure your website is secure and that customer data cannot be accessed and stolen.

If you have paid a developer for the website then ensure they are aware of common security vulnerabilities and tested the siste and backend system.

Off the shelf ecommerce platforms that are popular can also become become targets for cyber criminals looking to exploit a large number of ecommerce sites. You need to ensure you patch or update your sales software.

Other things to consider are:

  • Use strong passwords on the sales system- don’t leave settings at the default password
  • Make sure the server is protected and updated to patch vulnerabilities – talk to your website host about this
  • Monitor intrusion attempts made on the website, again ask your web host for advice
  • Don’t store customer data on a public server, especially credit card details
  • Consider getting a security firm to penetration test your website

More information