10 Tips For Businesses To Combat Online Fraud
A Top source for info. on the Internet
Copyright:Bob Regnerus
Have you been wounded by online credit card fraud? Chances
are that you have, if you've been online for a while. This
battle rages on around the world and the enemy is hard to
defeat.
"More than $700 million in online sales were lost to fraud
in 2001, representing 1.14 percent of total annual online
sales of $61.8 billion". (Source : GartnerG2
www.gartnerg2.com
The problem is especially costly for online merchants who
end up eating the charges because there is literally no way
for them to prove to the credit card company that the person
who bought the product or service was legitimate. "CNP"
(Cardholder Not Present) transactions leave the merchant
totally responsible for the cost of online fraud. Not only
do you end up refunding the purchase price, you also have to
pay a $15-$30 charge back fee. In addition, you risk losing
your merchant account if the charge back rate is deemed
excessive by the bank!
Based on my experience as an e-commerce developer, I have
come up with 10 tips to make sure your web site is "Battle
Ready". Regrettably, while you'll never totally eliminate
this harsh cost of business, you or your web developer can
reduce your chances of becoming another victim by studying
the following list :
1. Be suspicious of orders from "free" email accounts,
especially if you are a merchant who sells digital products.
Since anyone can obtain a free e-mail account, most
criminals will use these "throw-away" accounts to get your
product. Two examples of these free accounts are "yahoo.com"
and "hotmail.com". Most legitimate customers will have a
valid email account provided by their ISP and can use that
to do business with you. You may want to reject any order
that comes from someone using one of these accounts. If a
customer only has a free email account, then you will need
to do business with them using traditional methods : mail,
phone, or fax.
2. Watch out for orders from foreign countries. The internet
provides you a world market, but presents you a challenge in
filtering out fraudulent orders. There several countries
that have been reported to be "hotbeds" of activity, namely
the Philippines and Eastern Europe; however, you must be
wary of all orders outside your border. It's seller beware -
once your goods have been delivered/shipped, you will not
have any recourse when that dreaded letter arrives from your
merchant bank.
Here's one tip to follow: Contact your credit card processor
or merchant bank and give them the card's first 6 digits. If
the country of the customer and the country of the bank
don't match, you need to do more follow-up with the customer
before you fulfill their order.
3. Be on guard for all orders where the shipping address
does not match the billing address. If a thief has a wallet
in hand, he/she can easily and accurately fill out a billing
address and then have the product shipped elsewhere. Many
companies are taking the approach of only accepting and
shipping to verified credit card billing addresses.
4. Never accept orders without collecting full name,
address, and phone number from the customer (and don't be
afraid to confirm the information with a quick phone call.)
5. Use the Address Verification Service provided by your
Gateway. At the time an order is placed, most reputable
credit card gateways will allow you to automatically verify
a credit card holder's billing address and zip code against
what they entered on your order form. If a match is not
detected, you should have the option to reject the
transaction automatically.
6. Use the technology provided by the Cardholder
Verification Method. A code called the CVV2 code appears on
the back of most credit cards (front for AMEX). You can
request the customer enter this value on your order form and
use it as another validation attribute when you pass the
transaction to the credit card processor.
While this is not a fool-proof method, it does increase the
likelihood that the customer is holding the credit card in
his/her hand when the order is being placed. Obviously, a
stolen wallet means a criminal has the card in hand, but
many people who lose their wallet or purse will report this
to their credit card company in enough time to stop
unauthorized charges.
7. Consider using some of the advanced Fraud protection
services some processors offer. Companies like Authorize.Net
will "score" each transaction with a numerical value based
on complex algorithms. That value can then be translated to
a fraud threshold that is determined by each merchant. This
is a complex service, so you should contact your Credit Card
processor or gateway for more information.
8. Record the IP address and Hostname of every successful
and failed order. If you receive a charge back notice, you
will have a record of the connection with which the
fraudulent transaction was made. In some cases, the identity
of the criminal may be obtained through her/his ISP and will
be valuable information for the police if you intend to file
charges.
9. Consider filing criminal charges against any customer
that purchases goods from you and then later claims to not
have ordered them. This is a direct intent to commit fraud.
If the customer signs for a package, or there is a material
witness that will confirm the customer's intent to defraud
you, pursue them by filing criminal charges in the city
where they live.
10. Consider posting and highlighting your tough stance on
credit card fraud prominently on your web site within the
ordering process. Simply warning the criminal that you are
actively monitoring for fraud (and will take action if a
crime occurs) may be enough of a deterrent to make them move
on from your site. (Just like a car with alarm - you may not
stop the thief, but you may make them move on to another
victim).
The battle is real and the stakes are high. Don't risk lost
revenue by putting up a weak defense. Follow some of these
simple tips and you will greatly reduce the chances of being
another victim of fraud.
==========================================================
Bob Regnerus has been in the Information Technology field
since 1988 and dedicates his services to clients who want to
succeed in their e-commerce ventures.
Information on Bob's services, clients, and products can be
obtained by visiting
http://www.RJRComputing.com