All the early fuss about consumers being afraid to use their credit cards over the Internet was misplaced. As it turns out, merchants are the ones that now fret over online credit card transactions — and rightfully so. Credit card fraud over the Web (or e-shoplifting, as it is colloquially known) is on the rise.
E-shoplifting is usually perpetrated in one of two ways: someone steals a credit card number and uses it without the knowledge of the legitimate cardholder; or someone uses his own credit card to buy something and then denies ever ordering or receiving it.
What can you do to thwart these would-be thieves from your site as you enter the busy holiday season?
Use the Address Verification Service.
AVS compares the billing address provided by the customer with the billing address on record for the cardholder. The idea here is that most credit card thieves won’t know the cardholder’s real address. Unless you have an exact match, you should flag the order as potentially fraudulent. However, AVS only works for addresses in the United States. Visit www.workz.com/expert/ts2.asp for more details about AVS.
Make sure billing and shipping addresses match.
Thieves with stolen credit cards usually want their loot shipped somewhere other than the cardholder’s address. True, there are plenty of legitimate orders with different bill-to/ship-to addresses (a common example is someone who wants a personal package delivered at work). But if the addresses don’t match, scrutinize the order more carefully — especially if the addresses are not near each other.
Be wary of free/bogus e-mail addresses.
You should require online customers to provide you with a real e-mail address. An invalid or undeliverable e-mail address should result in the order being personally reviewed. Or, if a customer gives a “free” e-mail address (such as @yahoo.com, @hotmail.com or @juno.com), you should treat it with a little more caution. A database of free e-mail domains is maintained for this purpose at www.antifraud.com (subscription fee required for full access).
Be suspicious of unusual orders.
Most thieves want as much as they can get, as fast as they can get it, and they are not picky about the details. You should, therefore, scrutinize orders where a customer buys a lot of items or expensive merchandise, insists on rush delivery or is not particularly concerned if some of his order is out of stock. Any order that seems out of the ordinary for your business should be checked.
When in doubt, verify by telephone.
If warning flags have been raised on an order, the best thing to do is to call the customer to verify the order. If you were not given the customer’s real phone number — or if the person you call denies the order — that pretty much settles it.
Since most of these calls should be good-standing customers, it is important that they be handled politely. Thank them for their order, and let them know that you are simply verifying for their best service and protection.
Use signature-required delivery services.
You can minimize cases in which legitimate cardholders attempt to scam products by denying that they received the merchandise by offering only signature-required delivery services. This gives you a solid paper trail to refute shady charge-backs.
Take extra precautions for international orders.
Orders from foreign countries often pose the biggest risk. Some online merchants simply do not ship outside the United States. Others require that international orders be prepaid with money orders or wire transfers. If accepting international credit cards, some request a fax of the card with a signature for the order.
At a minimum, many require that the billing and shipping addresses are the same. It is up to you to balance the risk of fraud with convenience for real customers.
This might seem like a lot of work — and it can be. The best way to make it efficient is to set clear guidelines for what constitutes a “suspicious order.”
For instance, while you should carefully review even slightly suspicious orders from new customers, you usually can give repeat customers the benefit of the doubt. (The exception might be if a new ship-to address is given, raising the possibility that the account may have been hijacked by someone else.)
Several services and software packages can help automate fraud prevention and risk assessment, such as CyberSource, www.cybersource.com, and ClearCommerce, www.clearcommerce.com. But even these services should be monitored by an intuitive human being.
Of course, in e-tailing, as in retail, theft can be minimized but never entirely prevented. Even if you take all of these precautions, you should expect some level of credit card fraud. The key is to track that information and constantly refine your protection policies.
If e-shoplifting is less than 1 percent of your overall business, congratulations — you are ahead of the curve. If it is more than 2 percent, you might think about more stringent order review processes.
• Scott Brinker is chief technology officer at i-on interactive, Boca Raton, FL. Reach him at [email protected]