Fortifying Your Business Against FraudFraud. The word can send direct marketers scurrying to board up the doors and batten down the hatches to protect themselves. Yet, for direct response merchants, fraud is an inherent part of the marketplace, just as homeowners face the threat of robbery.
However, while fraud is an unpleasant fact of life, there are tools and safeguards to assist direct marketers in fortifying their businesses against fraud.
When assessing how much protection is needed, perception can be more than reality. First, a direct marketer should make an honest assessment of the problem. The larger the risk, the more fortifications required. A merchant must consider what components can be built internally and what parts and labor can be acquired externally from a credit card processor.
While many have tried to fabricate a single-point process to fight fraud, no fail-safe solution exists. By leveraging the expertise of an electronic payments provider, direct merchants can accurately assess what fraud prevention materials make an effective and appropriate risk management program. Based on my industry experience and knowledge, I want to review the tools and controls in the fraud prevention toolbox that are useful.
Point-of-order entry is the first place to take a positive approach. Merchants should train their order takers to note anything suspicious in a caller's response. If suspicious, they can prompt the caller for additional data, such as the bank name that appears on the credit card. The fraud perpetrator may know the account number but usually won't have the bank name in front of him. Such initial screening questions often will drive away the perpetrator while he's at the door.
Follow-up questions probe further. Ask for home phone, work phone, billing address, home address -- all data that the "perp" may not readily know or be able to provide. I am always amazed when someone claims to live in a post office box.
In addition to cardholder information, the card associations have placed data on the cards as aids for verifying that the caller actually possesses the card. Order takers can request and use such data as AMEX CID (American Express) and Visa's CVV2. It is a proven fact that most fraud originators are not in possession of the plastic. Your payment processor also must support and transmit such data as part of the authorization attempt to gain full value.
Merchants should use address verification services as part of the payment determination process. Paymentech's research has shown that address verification's value is equal to that of many known negative files in identifying potential fraud. If possible, use caller ID as confirmation. And lastly, look to build and establish internal negative files based on your experience.
Merchant processors also must deliver value-added products to the equation. They must support the card association programs. As mentioned, these include the specific numbers accessible only to the person holding the card, such as Visa's CVV2. Processors can electronically pass address information to the card issuer for validation. Many fraud originators clearly have no knowledge of the billing address tied to the credit card account number. The processor should have the capability to manage the address verification response on the direct marketer's behalf, should the merchant desire.
Automated services that are integrated into credit card processing greatly reinforce fraud fortifications. For example, the processor can automatically decline transactions that don't meet certain matching criteria. The ability to forestall transactions over a predetermined dollar amount prevents possible fraudulent transactions, as they typically exceed your standard average sale amount. The ability to identify and prevent duplicate transactions is another tool for consideration. If you were the crook and one try was good, wouldn't two be better?
Finally, draw on the expertise your processor offers as an architect of several solid fraud defenses. Through educational seminars, face-to-face meetings geared to employee training, and updates on current events in fraud, a payment processor should partner with you in constructing a fraud prevention program. You should seek out a processor that staffs a hands-on, devoted risk management team that can assist in the review of questionable activity. These risk management experts can serve as an extra set of eyes and ears to detect potential fraudulent activity.
Fraud may seem like the wolf at the door, but certainly direct marketers -- working with their payment processor -- can build a prevention program of solid brick. I advise you to look first and carefully at you own shops and then consult with your processor. A strong partnership and the use of appropriate tools can ensure a sense of security as you battle fraud from behind well-placed and cost-effective fortifications.
Larry Bouchard is group manager of direct response for credit card processor Paymentech, Dallas.