In the first part of this article, I outlined some frightening statistics regarding credit card fraud and chargeback fees to merchants. It's worthwhile reviewing if you haven't read it as yet.

Protecting your online business from fraud.

One of the great things about the Internet is anonymity. One of the worst things about the Internet is anonymity - especially if you're an ecommerce merchant. If you utilize payment gateways for credit card transactions or are considering doing so, it is important
to ask the gateway provider about their screening features (this precedes actual credit card payment processing). Some offer none at all! Many payment gateway providers use the Address Verification System (AVS). AVS provides a degree of protection by comparing some
of the billing details on the order to those held by the cardholders bank.

– But :

The transaction may be approved even if the address verificationinformation does not match! The merchant faces the possibility ofchargebacks if the payment gateway decides to continue with thetransaction on a questionable match. If you have AVS features inplace, check the settings in your interface. AVS should just be usedas an indicator of a possible attempt at fraud; a flag to help determine if an order should be more thoroughly investigated.CVV2 takes things a step further. A CVV2 number is the three lastdigits located on the back of a credit card, or the four stand-alonedigits on the front of an Amex card. It's certainly very useful forfurther minimizing fraud, but fraudsters can get hold of this information, so again, don't rely on this alone. Fraud screening really needs to be approached holistically. The following anti-fraud strategies are worthwhile considering whether you're using offline facilities for payment processing or third party credit card processing systems

Request information.

While consumers value their privacy and require quick checkoutprocesses, it is of the utmost importance that you gather sufficient customer identity details during the ordering process. The customers name, credit card number and expiry date is not enough. Tell your customers why you need the information and what you will do with it - after all, it's in their best interests too.
The fewer chargeback fees you have to pay, the cheaper you can offer goods and services.

Check the IP address

It's important that each order processed from your site alsocontains information regarding the IP address of the person placing the order. An IP address is a unique network identifier issued by an Internet Service Provider to a user every time they are logged on to the Internet. The IP address can be easily traced using free tools such as DNS Stuff. If the order has a billing address of the USA, and the IP originates in Africa, you can be fairly certain it's fraud. While this is a very good anti-fraud mechanism and useful for tracking fraudsters, be aware that IP addresses can also be forged.

Email address awareness.

Fraudsters rarely use their own email address and with theproliferation of free email services, it is quite easy to establish a fake email account - it can be done in under 2 minutes Some online businesses now refuse to process web site orders that llist free email address services as the primary point of contact, opting to request from customers their ISP or business emailaddresses. You can check an email address quickly by going to the originating domain and seeing if it provides a free email service.

Shipping addresses.
If the shipping address is different to the billing address, be wary; although it is not uncommon for people sending gifts to others to request a different shipping address, or if the billing address is a post office box. You'll rarely find a fraudster sending goods to the legitimate cardholders address; although this has been known to occur on occasion.

At the point of ordering, request a telephone contact number from the purchaser. State that you need this number in order to contact them if there are any problems. Many cardholders of compromised accounts have been alerted in this way. The fraudster more than likely won't give you his own phone number as he/she can then be traced. If an order is suspect, email the customer or call them to confirm the authenticity of the transaction. Fraudsters hate merchant
contact of any kind.

Log analysis.
There's plethora of site traffic tracking services and softwareavailable now that will not only return very valuable demographic data, but can also assist you in pinpointing the origins of frau d. Still one of the best ways to analyze your log files is manually. By examining your logs carefully, you will be able to find out a suspect order's originating Internet address if it's not included on your order receipts. This tracking is made easier if you include a Time Stamp on each submitted order. If you find that an order originating from Russia states a billing address of Sydney on the order form, make further enquiries. Most web hosts will have a server log available for your account. It's basically a text file that records every single request to the site, including images. Contained in every request is an originating IP i.e. the ISP issued address of the computer that "asked" for the file. If you aren't sure about how to access your raw server logs, enquire with your hosting service. Learn more about interpreting server logs.

Overseas orders.
Can be risky, but an important part of your online business - by refusing to ship outside your country, you may be leaving a lot of money on the table. It is very difficult to retrieve goods or apprehend fraudsters once the goods have left the country, so don't hesitate in making further enquiries with the customer or credit card company if an order seems suspect. Unfortunately, Eastern Europe is still a very high risk region for the origin of credit card fraud, with some online business owners refusing to process orders from that region. Other high risk regions are Indonesia, Egypt, Turkey, Pakistan, Malaysia, Vietnam, Africa and Israel.

Unusual orders.
Unusually large orders requesting express delivery definitelywarrant further investigation, especially if the customer has notpurchased from you before. Customers are pretty cautious, and will tend to place small orders in the first instance to test the efficiency and integrity of your online business, or they'll make some sort of contact with you prior to ordering.

When in doubt, call the cardholder or bank.
I can't stress this enough - call the relevant credit card company BEFORE attempting to process the order if in doubt... that extra 5 minutes may save you big dollars! Even if the order has been
processed through automated systems, it's not too late to follow up before shipping the goods or providing the services. The idea is to deal with the situation before the cardholder is issued a statement, notices something on it that they didn't purchase and then contacts
their bank.

Ask for photo identification
If you're dealing with high value items, I don't think it's overkill to ask for photo identification to be emailed to you if an order seems suspicious. You just need to weigh up the risks -
possibly lose a couple of hundred dollars profit from a disgruntled client not willing to provide photo ID, or lose the couple of hundred dollars, plus the product, plus the chargeback fee if you decide to go ahead with the transaction.

Make your anti-fraud policy visible.
Visual deterrents are still one of the most effective ways of minimizing crime. In a bricks and mortar store, signs and cameras do prevent shoplifting to some degree, especially amongst amateur criminals. Why not use the strategy on your site?

Add bold notices to the checkout pages stating your stance on fraud and that systems are in place to monitor all transactions. Not only will this decrease attempts at fraud, but will also demonstrate to your clients that you take transaction security very seriously.

Utilize specialist anti-fraud services.
Like so many online business owners, perhaps you don't have time to carry out rigorous screening. With the increase in fraudulent transactions, many companies have sprung up to act as screening services to help minimize credit card fraud risks to merchants. As with anything else related to online business security, nothing is guaranteed 100% effective, but the above strategies will definitely assist in decreasing the amount of credit card fraud you experience, or help you track down credit card fraudsters.

Further learning resources

Payment Gateways and Merchant accounts - a beginners guide

Michael Bloch

Taming the Beast

Tutorials, web content, tools and software.

Web Marketing, Internet Development & Ecommerce Resources

No comments: