Stand Guard! 10 Tips For Businesses To Combat Online Fraud
----------------------------------------------------------
Have you been wounded by online credit card fraud? Chances are
that you have, if you've been online for a while. This battle
rages on around the world and the enemy is hard to defeat.
"More than $700 million in online sales were lost to fraud in
2001, representing 1.14 percent of total annual online sales of
$61.8 billion". (Source : GartnerG2 www.gartnerg2.com)
The problem is especially costly for online merchants who end
up eating the charges because there is literally no way for them
to prove to the credit card company that the person who bought
the product or service was legitimate. "CNP" (Cardholder Not
Present) transactions leave the merchant totally responsible for
the cost of online fraud. Not only do you end up refunding the
purchase price, you also have to pay a $15-$30 charge back fee.
In addition, you risk losing your merchant account if the charge
back rate is deemed excessive by the bank!
Based on my experience as an e-commerce developer, I have
come up with 10 tips to make sure your web site is "Battle
Ready". Regrettably, while you'll never totally eliminate this
harsh cost of business, you or your web developer can reduce
your chances of becoming another victim by studying the
following list :
1. Be suspicious of orders from "free" email accounts,
especially if you are a merchant who sells digital products.
Since anyone can obtain a free e-mail account, most criminals
will use these "throw-away" accounts to get your product. Two
examples of these free accounts are "yahoo.com" and
"hotmail.com". Most legitimate customers will have a valid email
account provided by their ISP and can use that to do business
with you. You may want to reject any order that comes from
someone using one of these accounts. If a customer only has a
free email account, then you will need to do business with them
using traditional methods : mail, phone, or fax.
2. Watch out for orders from foreign countries. The internet
provides you a world market, but presents you a challenge in
filtering out fraudulent orders. There several countries that
have been reported to be "hotbeds" of activity, namely the
Philippines and Eastern Europe; however, you must be wary of all
orders outside your border. It's seller beware - once your goods
have been delivered/shipped, you will not have any recourse when
that dreaded letter arrives from your merchant bank.
Here's one tip to follow: Contact your credit card processor
or merchant bank and give them the card's first 6 digits. If the
country of the customer and the country of the bank don't match,
you need to do more follow-up with the customer before you
fulfill their order.
3. Be on guard for all orders where the shipping address does
not match the billing address. If a thief has a wallet in hand,
he/she can easily and accurately fill out a billing address and
then have the product shipped elsewhere. Many companies are
taking the approach of only accepting and shipping to verified
credit card billing addresses.
4. Never accept orders without collecting full name, address,
and phone number from the customer (and don't be afraid to
confirm the information with a quick phone call.)
5. Use the Address Verification Service provided by your
Gateway. At the time an order is placed, most reputable credit
card gateways will allow you to automatically verify a credit
card holder's billing address and zip code against what they
entered on your order form. If a match is not detected, you
should have the option to reject the transaction automatically.
6. Use the technology provided by the Cardholder Verification
Method. A code called the CVV2 code appears on the back of most
credit cards (front for AMEX). You can request the customer
enter this value on your order form and use it as another
validation attribute when you pass the transaction to the credit
card processor.
While this is not a fool-proof method, it does increase the
likelihood that the customer is holding the credit card in
his/her hand when the order is being placed. Obviously, a stolen
wallet means a criminal has the card in hand, but many people
who lose their wallet or purse will report this to their credit
card company in enough time to stop unauthorized charges.
7. Consider using some of the advanced Fraud protection
services some processors offer. Companies like Authorize.Net
will "score" each transaction with a numerical value based on
complex algorithms. That value can then be translated to a fraud
threshold that is determined by each merchant. This is a complex
service, so you should contact your Credit Card processor or
gateway for more information.
8. Record the IP address and Hostname of every successful and
failed order. If you receive a charge back notice, you will have
a record of the connection with which the fraudulent transaction
was made. In some cases, the identity of the criminal may be
obtained through her/his ISP and will be valuable information
for the police if you intend to file charges.
9. Consider filing criminal charges against any customer that
purchases goods from you and then later claims to not have
ordered them. This is a direct intent to commit fraud. If the
customer signs for a package, or there is a material witness
that will confirm the customer's intent to defraud you, pursue
them by filing criminal charges in the city where they live.
10. Consider posting and highlighting your tough stance on
credit card fraud prominently on your web site within the
ordering process. Simply warning the criminal that you are
actively monitoring for fraud (and will take action if a crime
occurs) may be enough of a deterrent to make them move on from
your site. (Just like a car with alarm - you may not stop the
thief, but you may make them move on to another victim).
The battle is real and the stakes are high. Don't risk lost
revenue by putting up a weak defense. Follow some of these
simple tips and you will greatly reduce the chances of being
another victim of fraud.
================================================================
This article may be freely re-distributed as long as this
resource box remains in tact :
================================================================
Bob Regnerus has been in the Information Technology field since
1988 and dedicates his services to clients who want to succeed
in their e-commerce ventures.
Information on Bob's services, clients, and products can be
obtained by visiting http://www.RJRComputing.com
================================================================
