Retailers moving into the online space for the first time face risks that don’t exist in the bricks-and-mortar world, says Brendon Williamson, GM of business development at payment services provider PayGate – and they need to ensure they are well protected.

Merchants selling virtual goods like airtime or vouchers are the most vulnerable, he says. “I’ve quite literally seen people start up a website selling airtime and go bang within a fortnight. The more quickly your product is delivered, and the easier it is to resell, the more careful you have to be about your payment security.”

“Different kinds of business may attract different kinds of online threats, but nobody is completely safe,” says Williamson. “Even if you’re selling a physical product, somebody may buy goods with a stolen card, have them shipped to a temporary address and then to resell them before anybody’s worked out what’s going on.”

This is not particularly hard, says Williamson: “Even if a card holder blocks their card the moment they know it’s stolen, there still remains that initial window period. It is almost impossible for a database to keep up with the millions of cards and millions of transactions happening around the world every second.”

Websites that use affiliates to drive traffic are susceptible to their own set of scams, as are accommodation establishments. “Even if you don’t sell anything more valuable than cupcakes, you may find your site targeted by criminals who run through lists of stolen credit cards to make sure they’re working before selling them on,” he says. “The financial loss may not be that big, but it can take a lot of time and resource that small business don’t have to sort things out.”

The first step to take in protecting your online business is to know your customers and their buying habits if possible, says Williamson. “A simple welcome call once they’ve registered, if your volumes allow it, can tell you a lot. And obviously the longer a customer has been with you and the more often they’ve made purchases, the more you can trust them. Don’t automatically relax the rules for accounts over a certain age, though – fraudsters are wise to that one. “

Limiting your exposure by imposing a transaction limit for new customers, or waiting a day or two before shipping, can also help, he adds. The art to managing your online risk is ensuring you are not over exposed, but at the same time gaining maximum return from your valid customers.

Then there is the 3D Secure system from Visa and Mastercard, he says – but it is not right for everyone, and can’t be used as the only security measure. “Some customers hate it and will abandon transaction when the 3D Secure page comes up, so you may need to do some education,” he says. “And it doesn’t apply to US credit cards or even to commercial Mastercards, so you need other protection as well.”

Reputable payment gateway providers should offer extra levels of fraud protection, he says. “It’s essential to have a conversation with your supplier about what they offer, what risks they can protect you against and whether they can give you access to more specialised third-party protection services if your need warrants it.”

Whatever you do, he says, don’t just set up a website with a shopping cart and assume all will be well. “Fraudsters are smart, brazen individuals – they’re not be underestimated.

Reputable payment gateway providers should offer extra levels of fraud protection, he says. “It’s essential to have a conversation with your supplier about what they offer, what risks they can protect you against and whether they can give you access to more specialised third-party protection services if your need warrants it.”