| Internet credit card
fraud may be a major obstacle to online purchasing confidence, but the real victim of this
crime is you, the merchant. The incidence of fraud perpetrated by merchants on
unsuspecting customers is miniscule in comparison to the ever-growing rip offs to which
computer savvy pickpockets subject merchants. In most instances the consumer is legally
protected with a maximum liability of $50, whereas you have to bear the total cost of the
order plus a charge back fee of between $15 and $25 imposed by the card's issuing
company. And to make matters worse, there are criminal organizations out there that have
more details about your hapless customer than even their own credit card company.A recent
survey by the Gartner Group Inc. found that as an e-tail merchant, you are 12 times more
likely to encounter credit card fraud than your brick-and-mortar counterpart. Another
survey, conducted by Activmedia, concluded that three percent of all Web businesses are
"regular and substantial" victims of credit card fraud, compared to just 0.08
percent of brick-and-mortar retailers. While credit card issuers are reluctant to provide
specific figures for online as opposed to BAM fraud, the fact that they typically charge
higher transaction fees to online merchants -- 2.5 percent plus 30 cents compared with 1.5
percent plus 30 cents -- makes it clear that they perceive a greater risk associated with
online credit card transactions.
Let
the Seller Beware
As if 100 percent charge backs, higher
transaction fees, and extra tags on fees weren't bad enough, the lack of any physical
interaction between merchant and customer means that the e-tailer is in an extremely
precarious situation if the cardholder disputes the purchase. Internet transactions are
referred to as CNP (cardholder not present) transactions, and as such enjoy none of the
protections of over the counter transactions, where a signature is obtained. If, in fact,
the customer does not recognize your company name on their credit card receipt and decides
to dispute the charge, you will be liable for a charge back fee even if the matter is
subsequently settled between you and the customer.
It's
not surprising, then, that many online merchants feel like they're playing against a
stacked deck when it comes to orders involving that menacing little plastic card. Yet
offering credit card sales is a crucial part of the online sales environment. Most
consumers who wish to purchase online are not going to take the time to mail a money order
when they can just type in a credit card number and expect immediate shipment.
But all is not lost. By being proactive and
implementing a credit card checking system you can reduce the effect of credit card fraud
on your bottom line.
Watching
Your Back
Years ago you could leave your home unlocked
when you went out. Months ago you could see a "transaction accepted" message and
start counting your profits. But times are changing and a few precautions are necessary.
Indeed, according to T.J.Walker, founder and CEO of AntiFraud.com, an e-tailer who doesn't
keep step won't be around for very long. "It will take less than three minutes to do
the necessary checks," says Walker, "three minutes that could save you hundreds
of dollars as well as a blemish on your merchant account record." Here's what he
suggests:
- Make use of the Address Verification Service
(AVS) provided by the credit card acceptance company you are using. With each transaction
on your site, you should receive a three-letter code, which gives you vital information,
such as whether the street and zip codes match the records held by the credit card company
for that account.
- Insist that all fields on your order form be
filled out before the purchaser can process their order. This should include a mailing
address, a zip or postal code and a phone number.
- Do not accept orders that are placed through
free, web-based or email forwarding addresses such as hotmail.com, usa.net or
hotyellow.com. These forwarding addresses are the ideal cover for the cyber-crook -- the
online equivalent of the bank robber's ski mask. It is almost impossible to trace these
addresses back to the real owner. Therefore, you should insist that all orders are placed
through a traceable ISP or domain based address.
- Do a URL search on the domain name provided in
the email address. Simply input the second part of the email address preceded by 'www'
and you should come up with a Web site. If the resultant site has an "under
construction" message or if the contact address for the site is geographically
distant from the address on your order form, take this as a red flag that all is not well.
- If the shipping address differs from the billing
address on your order form follow through with a phone call to the customer for
verification.
- Do not accept a postal box number as a shipping
address. Always insist on a physical address.
- Include a code on your order form that will
provide information about the computer used to send the order. This will allow you to
trace the IP address back to its ISP owner. From there you should be able to trace back to
the order placer. Check the documentation on your form handler or cgi script for
instructions on how to activate this feature.
- Be alert to orders that are out of the ordinary.
An order for an unusually large quantity, for express delivery or for a large ticket item
should be examined more cautiously and in greater detail.
- State prominently on your Web site that you have
an anti-fraud safeguard in place and will prosecute anyone who places a fraudulent order.
Admittedly,
the above precautions have their limitations. AVS checking, for instance, is only
available for orders placed within the United States. Instant purchases, such as Web site
passwords and software, also invalidate many of these checks. The checks also take time to
complete. For this reason you may find it advisable to employ a tiered checking system
based on the amount of the purchase. For smaller orders, for example, you may only go with
the AVS check, whereas for larger purchases, a standard policy of no orders from free
email addresses, checking of Web site or even phone verification could be put in place.
To take away much of the hassle involved in card
verification, a number of automated checking companies have emerged, offering low-cost
services ranging from automatic screening of free Web based or email forwarding addresses
to checking a buyer's address against a list of fraudulent addresses and domains. Just a
few include:
It's also important that you recognize the flip
side of the personal information coin, consumer privacy concerns. Asking for personal
information such as phone numbers and recording ISP addresses can sometimes cause consumer
doubts. However, by prominently placing a solid privacy statement on your Web site or even
better, by being a member of a privacy assurance service, you can greatly reduce the
negative impact of asking for such information. See our Newsletter Archives area for more
information on the privacy issue.
Stopping credit card fraud doesn't have to be
complicated. In fact, according to Walker, by simply not accepting free web based or
email forwarding addresses you can dramatically reduce the incidence of fraud. "We
have never had a fraudulent order placed through a standard, ISP based email
address," he says. By being alert to the warning flags you can save your business
from being savaged by the sharks of the cyber world. |
