Sure, the shadow knows what evil lurks in the heart of man, but many an e-merchant have also seen it in the form of credit-card fraud. E-commerce fraud is an expensive problem for any business. According to a study conducted by Celent Communications, an e-commerce research and consulting group, online merchants lost an estimated $300 million this past holiday season and approximately $1 billion over the entire year. Fortunately, there are a growing number of information resources and some preventative measures that merchants can take to limit the likelihood that fraud will occur.
In order to encourage online commerce, credit-card companies limit customer liability to only $50, and some cards don't hold the customer financially responsible at all. Merchants, on the other hand, carry the full burden of online credit-card fraud. Because they don't collect a record of a physical signature, the merchants assume full liability for losses if customers claim transactions are fraudulent. Like telephone order catalog outfits, e-merchants collect their fees in what are known as non-face-to-face transactions. In the event of a fraud claim, the credit-card company will assess a fee against the merchant, called a chargeback fee, which, can range anywhere from $10 to $45 per incident.
In December, nine months after expanding her six-year-old business to the Web, Lori Kelly's Las Vegas-based NevadaCorporations.net was hit with its first fraud incident. An individual from the former Yugoslavia contracted with Kelly to incorporate his business, but limited the contact to e-mail exchanges, over a free account from the domain millennium.com. To charge the customer's credit card for the $1,360 fee, Kelly logged onto her merchant account to access his information. "I looked at the name of the credit card person, and in this case, it had this guy's name on it, so there was no red flag for me to know that it was different than the actual cardholder's name," she recalls. Once the credit card cleared, she processed his paper work to incorporate his business in Nevada.
A month later, out of the blue, a Maryland woman called Kelly to contest the charges. While checking her post-holiday credit-card bill, she found a series of charges from Nevada businesses. Apparently the thief had used her Mastercard to incorporate a series of companies in Nevada, using several incorporation services. Several weeks later, Kelly was still waiting to hear from her merchant bank to find out whether the Maryland woman's claim was legitimate, and whether her business would be reimbursed for the fraud. The answer is likely to be no.
Ray Verzera knows what it's like to deal with credit-card fraud. Verzera's company, E-commerce Solutions, has been selling software and electronic media for other companies for several years. "When we first started about five years ago, we were very naive when it came to fraud." Verzera says. "We were under the assumption that no one would want to steal a $30 piece of software. That was really dumb."
After E-commerce Solutions hit a 2.5 percent fraud rate, dangerously close to the three percent point at which their bank would have cut off its merchant account, Verzera began to take a hard look at the chargebacks the company was receiving. Orders from certain countries, like Pakistan and the former Soviet Union and Eastern Bloc states, were more prone to be fraudulent, as were orders coming from free e-mail accounts. Employees began double-checking these orders before processing them, but once the volume of orders rose to 100 orders a day, Verzera had to find a way to automate at least part of the process. Two years ago Verzera hired an employee to build a proprietary program that would assess a series of elements of a given order, then assign a score of potential risk.
According to Verzera, of the 190,000 submitted orders the company received in 2000, 4,000, or just over 2 percent, were attempted frauds. Only 900, or .4 percent, resulted in chargebacks. "Of $8 million dollars in revenues, the chargebacks cost us $36,000 dollars in chargeback fees, as well as another $50,000 in actual lost sale dollars," he says. But if all the fraud attempts had gone through, "we would have lost $320,000 in actual sales, and another $150,000 in chargeback fees."
Take a Bite Out of Crime
Most businesses won't have the resources or interest to build their own software to prevent fraud, but they don't have to. There are several companies out there who sell services and software that will automate the process of assessing the risk potential of credit-card transactions such as Cybersource and Clearcommerce. In addition, there are some basic steps that you and your employees can take to reduce the incidence of fraud.
* When you take an order, make sure you have all the information, including the address and phone number, needed to contact the customer. Credit-card companies urge businesses to take advantage of the Address Verification System, which checks whether the address provided matches with the information contained in the credit card number digits. But this system isn't foolproof on its own as it is limited to addresses in the U.S.
* If you receive an order with different "Bill To" and "Ship To" addresses, be wary. You should ask the buyer to fax copies of both sides of the credit card and a signature for extra protection. K&P Games, a Manhattan-based electronic game seller, will ship to a separate billing address, but only as long as they speak to the buyer over the phone. "Usually when someone is perpetrating fraud, they try to avoid any contact with an actual person," says K & P internet manager Michael Vu.
* Be very careful with orders that come from free e-mail services such as Hotmail, Juno, or Yahoo. There are more than 900 of these services and more are added all the time. Many e-merchants now refuse to accept orders from these services.
* Look for orders that are significantly larger than your typical order amount, especially those that require fast delivery. A thief won't care how much it costs to ship, since they won't be paying for it. "Someone in New York or on the East Coast orders a few Playstation 2's, a bunch of software and accessories, and they want it delivered overnight -- that's a red flag," Vu says.
* With international orders, do everything possible to validate that the buyer is legitimate. Call the buyer or the issuing bank. Do not fill orders with different "Ship To" and "Bill To" addresses.
* If the worst happens and you are scammed, immediately report the incident to your merchant account provider, the issuing bank, and the authorities.
Finally, get on the phone if you're suspicious. Call the customer. Call the bank. It's worth it. And, above all, use your common sense. No one else can protect your interests as well as you.
The following organizations provide advice on credit card fraud prevention:
Offers information on types of e-commerce credit card and steps to prevent it.
Houses a frequently updated listing of free e-mail accounts to be wary of.
Provides credit card processing software and services.
Offers real-time payment and credit-card processing software.
You should also check your merchant account's Web site to find out what prevention services and tips they can offer:
Visa Merchant Resource Center
Mastercard International Merchant Center
Discover Card Business Services