educational

11 Ways to Protect Your Business

Despite the media attention given to the miniscule risks of consumers being defrauded by online merchants, it is usually the merchant who is the victim of Internet credit card fraud. The incidence of fraud perpetrated by online merchants against consumers is fairly rare. Consumers are typically only liable for the first $50 of any fraudulent transaction, and even this liability is often waived by the credit card issuers.

On the other hand, credit card fraud can be important depending upon the online merchant. Some claim they have had no problems at all while others claim significant losses (especially sellers of digitally delivered products). For digitally delivered goods, there is no time to check out the validity of the information provided by the customer, and the e-mail identity and address may be as fraudulent as the credit card number.

Here are some important things every merchant should know about credit card fraud:

The verification process a merchant starts by swiping the card through the terminal or key in the credit card number in the credit card software program does not provide fraud protection. All this verification process does is check that the card has not been reported stolen and that it has sufficient free credit available to fund the purchase. The Internet makes credit card fraud easier in some ways. Lists of stolen credit card numbers and even programs to generate valid new numbers are readily available online. The lack of face-to-face or voice contact on the Internet tends to make a thieves more daring. Also, a thief can keep on trying various combinations until he succeeds on the net without fear of being confronted.

The current techniques for credit card fraud prevention that use signatures on anti-tamper tape, holograms and now even the etched image of a card's owner are of no value when it comes to CNP (cardholder not present) transactions, as the merchant never gets to see the credit card and verify the signature. In offline POS (Point of Sale) purchases, merchants are sometimes asked to call an authorizer (a human being) who asks the merchant some questions or requests to speak to the cardholder, for example, if an "out-of-pattern" purchase tips off the consumer buying habit computer model or other anti-fraud device, such as sophisticated risk models or heuristics.

Unfortunately, none of the Tips above are possible online in "real-time". If an online merchant is willing to forego many purchases by failing to provide for real-time credit card authorization, they could resort to manually checking each credit card request. But this can get very burdensome as an online business grows.

Internet credit card transactions fall under the heading of MOTO (Mail Order / Telephone Order) transactions, also called CNP (cardholder not present transactions). Most credit card merchant account agreements leave the merchant 100% liable for fraud committed via this type of transaction. Thus, any fraudulent transaction results in a chargeback. In addition, many agreements also require them to pay a $15-$25 chargeback fee. Further, if a merchant experiences a high level of chargebacks they are often hit with an increase in the discount rate they have to pay on each transaction or may even have their account terminated. And once lost, a merchant account can be almost impossible to obtain again.

Online merchants that become victims of a fraud will probably receive very little support from the police. The police are likely to view the amount involved to be too small to bother about, or in the case of international orders, to be out with their jurisdiction.

Still want to do business online with credit cards? :)) Well, it is a necessity if you are serious about e-commerce. So, what to do?

Obviously, all online merchants should seriously consider what protections they should take to prevent them from being defrauded - before a fraud attempt occurs. Here are a number of ways to limit your exposure to fraud:

1. Always verify the customer's billing address. This can be done automatically with the Address Verification System ("AVS"). The AVS system compares the statement billing address on file with the credit card issuer with a customer's billing address provided with each order. It gives added assurance that the customer is the legitimate cardholder. Check to see if the processing equipment or software provided by your merchant provider supports AVS. The Address Verification System was developed to help MOTO (Mail Order / Telephone Order) merchants avoid fraud, but is relatively limited in its prevention of online fraud. One of the major opportunities that the Internet brings is the ability to accept orders from all around the world, but Address Verification System only works for addresses in the USA.

Another major advantage of the Internet is that it allows "soft" goods such as software to be purchased and downloaded instantly. Address Verification System provides no protection here as all a thief has to do is to obtain a valid address that corresponds to a stolen credit card number. This is certainly not hard to do. It matters not that the address is not the thief's, as nothing will be physically delivered anyway. And even with "hard" goods there is still a problem as thieves can supply a valid address for a stolen credit card as the "bill to" but then request a different "ship to" address.

2. The shipping address & billing address should match. Some merchants don't accept orders where the "ship to" address differs from the "bill to" address from international customers and some carry out additional checks even for domestic orders. For example, I have had to call the credit card company to verify that it was actually me who wanted a computer shipped to the office, but charged to my personal credit card for which the billing address was my home.

3. Be wary of orders from free e-mail addresses. Once a thief has a stolen credit card number and a stolen address they need one more thing to complete their fraud portfolio - an untraceable e-mail address to hide behind. That's why a high proportion of fraudulent orders come from free e-mail addresses. As a result, many merchants refuse to accept orders from them or at least perform additional checks.You can find a list of free e-mail domains on the AntiFraud Web site at: https://www.antifraud.com/redflag.htm

4. Check out the customer's Web site, where it is possible. It is often possible to determine the URL of a customer's Web site by simply putting "www" in front of the second part of their e- mail address. For example, if a customer provides an e-mail address of "john.doe@somedomain.com" then typing www.somedomain.com into a Web browser usually leads to their Web site. Things to look out for include empty or "under construction" Web sites or sites where the contact information differs significantly from the order information. For example, the Web site might display a U.S. business address but the order requests delivery to be made to Eastern Europe. Some merchants go even further and check out who owns the domain name. Information on the ownership of US domains is available on the Network Solutions Web site at: https://www.networksolutions.com/cgi-bin/whois/whois

5. Watch out for unusual orders. Thieves tend to place orders that differ significantly from what legitimate customers typically order. Things to look out for include orders for "big ticket" items, orders for unusually high quantities and orders where the customer is prepared to pay a lot for expedited delivery. Collect all possible order data: When trying to detect fraudulent orders or trying to recover money lost through fraud, the more data you have available the better.

6. Phone the customer if you have doubt. A quick telephone call can often be enough to establish whether an order is legitimate or not.

7. Collect all possible order data: When trying to detect fraudulent orders or trying to recover money lost through fraud, the more data you have available the better. This includes the customer's address and telephone number, the name of bank that issued the credit card, and the IP address of the computer from which the order was placed. (Of course this conflicts with the concept of asking for no more information from your customer than needed, but you will need to judge how important preventing fraud is for your product and your target audience.)

8. Warn visitors of anti-fraud devices and consequences of fraud. Stating clearly on a Web site that the merchant has anti-fraud safeguards in place and will pursue prosecution for all fraudulent orders can be enough to scare off some would-be thieves.

9. Never process (factor) for someone else. It is illegal as well as a breach of your agreement It could cost you big time.

10. If using a real time service, ensure it's reliable.

11. Contract for a sophisticated anti-fraud service such as CyberSource's ( https://www.cybersource.com ) if fraud is likely to be or becomes a problem. These services can automate many of the checks you might do manually, and reduce your incidence of fraud well below what you could do by yourself. Do not let credit card fraud limit your growth! There are effective ways to manage this risk. Utilize SET (Secure Electronic Transaction ) or the Microsoft Wallet approach with digital certificates which authenticate the web site visitor.

But, are you going to forego a sale if a customer does not have the appropriate software on his computer? Most merchants won't.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
opinion

Understanding the Latest Server Processors

Over the last decade, we mostly stopped talking about CPU performance. Recently, however, there has been a seismic and exciting change in the CPU landscape, due to innovation by a chip company called Advanced Micro Devices (AMD).

Brad Mitchell ·
Show More