10 Tips For Businesses To Combat Online Fraud

A Top source for info. on the Internet

    Bookmark Tell A Friend

Copyright:Bob Regnerus

Have you been wounded by online credit card fraud? Chances are that you have, if you've been online for a while. This battle rages on around the world and the enemy is hard to defeat.

"More than $700 million in online sales were lost to fraud in 2001, representing 1.14 percent of total annual online sales of $61.8 billion". (Source : GartnerG2 www.gartnerg2.com

The problem is especially costly for online merchants who end up eating the charges because there is literally no way for them to prove to the credit card company that the person who bought the product or service was legitimate. "CNP" (Cardholder Not Present) transactions leave the merchant totally responsible for the cost of online fraud. Not only do you end up refunding the purchase price, you also have to pay a $15-$30 charge back fee. In addition, you risk losing your merchant account if the charge back rate is deemed excessive by the bank!

Based on my experience as an e-commerce developer, I have come up with 10 tips to make sure your web site is "Battle Ready". Regrettably, while you'll never totally eliminate this harsh cost of business, you or your web developer can reduce your chances of becoming another victim by studying the following list :

1. Be suspicious of orders from "free" email accounts, especially if you are a merchant who sells digital products. Since anyone can obtain a free e-mail account, most criminals will use these "throw-away" accounts to get your product. Two examples of these free accounts are "yahoo.com" and "hotmail.com". Most legitimate customers will have a valid email account provided by their ISP and can use that to do business with you. You may want to reject any order that comes from someone using one of these accounts. If a customer only has a free email account, then you will need to do business with them using traditional methods : mail, phone, or fax.

2. Watch out for orders from foreign countries. The internet provides you a world market, but presents you a challenge in filtering out fraudulent orders. There several countries that have been reported to be "hotbeds" of activity, namely the Philippines and Eastern Europe; however, you must be wary of all orders outside your border. It's seller beware - once your goods have been delivered/shipped, you will not have any recourse when that dreaded letter arrives from your merchant bank.

Here's one tip to follow: Contact your credit card processor or merchant bank and give them the card's first 6 digits. If the country of the customer and the country of the bank don't match, you need to do more follow-up with the customer before you fulfill their order.

3. Be on guard for all orders where the shipping address does not match the billing address. If a thief has a wallet in hand, he/she can easily and accurately fill out a billing address and then have the product shipped elsewhere. Many companies are taking the approach of only accepting and shipping to verified credit card billing addresses.

4. Never accept orders without collecting full name, address, and phone number from the customer (and don't be afraid to confirm the information with a quick phone call.)

5. Use the Address Verification Service provided by your Gateway. At the time an order is placed, most reputable credit card gateways will allow you to automatically verify a credit card holder's billing address and zip code against what they entered on your order form. If a match is not detected, you should have the option to reject the transaction automatically.

6. Use the technology provided by the Cardholder Verification Method. A code called the CVV2 code appears on the back of most credit cards (front for AMEX). You can request the customer enter this value on your order form and use it as another validation attribute when you pass the transaction to the credit card processor.

While this is not a fool-proof method, it does increase the likelihood that the customer is holding the credit card in his/her hand when the order is being placed. Obviously, a stolen wallet means a criminal has the card in hand, but many people who lose their wallet or purse will report this to their credit card company in enough time to stop unauthorized charges.

7. Consider using some of the advanced Fraud protection services some processors offer. Companies like Authorize.Net will "score" each transaction with a numerical value based on complex algorithms. That value can then be translated to a fraud threshold that is determined by each merchant. This is a complex service, so you should contact your Credit Card processor or gateway for more information.

8. Record the IP address and Hostname of every successful and failed order. If you receive a charge back notice, you will have a record of the connection with which the fraudulent transaction was made. In some cases, the identity of the criminal may be obtained through her/his ISP and will be valuable information for the police if you intend to file charges.

9. Consider filing criminal charges against any customer that purchases goods from you and then later claims to not have ordered them. This is a direct intent to commit fraud. If the customer signs for a package, or there is a material witness that will confirm the customer's intent to defraud you, pursue them by filing criminal charges in the city where they live.

10. Consider posting and highlighting your tough stance on credit card fraud prominently on your web site within the ordering process. Simply warning the criminal that you are actively monitoring for fraud (and will take action if a crime occurs) may be enough of a deterrent to make them move on from your site. (Just like a car with alarm - you may not stop the thief, but you may make them move on to another victim).

The battle is real and the stakes are high. Don't risk lost revenue by putting up a weak defense. Follow some of these simple tips and you will greatly reduce the chances of being another victim of fraud.
Bob Regnerus has been in the Information Technology field since 1988 and dedicates his services to clients who want to succeed in their e-commerce ventures.

Information on Bob's services, clients, and products can be obtained by visiting http://www.RJRComputing.com

Print This Page