Yahoo! store books, training videos and consulting

HOME

PRODUCTS

Learn how to run your Yahoo! store better! Our monthly newsletter is jammed packed with tips, tricks and advanced marketing strategies.

Members receive access to eBusiness articles, online training videos and more...

Signup today and receive 25% off your Merchant Solutions account and a setup fee waiver.

Member Login

Become a Member

You must be a member to view articles. Sign Up

10 Things to Do When Your Internet Service Provider - Doesn't

A Penny Saved Is A Penny Earned

Preventing Online Fraud

A World of Shopkeepers

Dying Is Easy - ECommerce Is Hard

Get A Plan Man! Part One

Guerrillas in the Mist

Reach Out and Touch Someone_Grow Your House List

Sugar & Spice

The 10 Ways To Drive Customers Away From Your Site

The 7 Cardinal Virtues of eCommerce

The Secret of eCommerce Success-Imitate Don't Innovate

A PENNY SAVED IS A PENNY EARNED: PREVENTING ONLINE FRAUD

By Frank Fiore

Many years ago when I had my own computer mail order company, I finally reached the end of my patience. I was fed up with the credit card fraud that was perpetuated against our company. So we complained to our bank, our credit card clearing house, and Visa and MasterCard themselves, but all we got for our troubles were shrugged shoulders and the attitude of “Well, don’t take credit cards”. Yeah, right!

As with the Net today, that option was no option at all since you can’t run a successful mail order business without taking credit cards. We realized that if we were to stay in business we needed to protect ourselves.

And if you have an e-commerce company today that takes orders over the Net – that’s what you have to do too. But more of that later.

Now times have changed since my little run in with the credit card companies. Before the onset of e-commerce, credit card companies preferred not to give merchant accounts to companies that were deemed MOTO - Mail Order/Telephone Order companies. Trying to get any cooperation or help from Visa and MasterCard was like trying to get blood from a stone. America Express was better. They took the side of the merchant first and the cardholder second. Not so with the other cards. If a MasterCard or Visa card holder had a problem with a mail order company, that company was deemed guilty until proven innocent and the business had little or no recourse getting their money – or even their product - back!

When the dot-coms hit the Web, Visa and MasterCard decided to treat them the same way they treated other MOTO’s. But their tune quickly changed. Companies like First Virtual and CyberCash created the first forms of web based use of credit cards and fired a warning shot across the bows of the credit card companies. All of a sudden, they saw themselves being ‘Amazoned’ by these online upstarts. In response they scrambled to respond.

Now, you have Visa and MasterCard actively promoting the use of their cards online. And for good reason - there has never been a recorded incident of an individual having their credit card stolen while being securely transmitted over the Net. In fact, there is more of a risk having your credit card stolen off line than online. Recently, <a href=http://www.emarketer.com/enews/030199_fraud.html>Internet Fraud Watch</a> estimated that in 1998-1999, the majority of fraudulent payments - a whopping 93% -were made off line by check or money order, and actually encouraged consumers to use credit cards online for payment in order to diminish security risks.

All well and good. But when the Internet was booming, media headlines were screaming about consumer safety and the possibility of their credit card numbers being stolen during the online purchasing process. As you can see this is not true. With all of the systems being put into affect in order to ensure consumer safety, the credit card companies have neglected to address the risk of the merchant's safety from the consumer.

Where is the protection of consumers defrauding merchants? Unfortunately, there STILL is none. You have to take responsibility for that yourself.

Building an online business takes a lot of work. Nothing can be worse than seeing all your hard work lost through credit card fraud. Why doesn't your bank protect you against fraud? Because your merchant agreement with them says it can't. It’s that MOTO thing again. Transactions by merchants on the Net fall under the heading of MOTO. Most credit card merchant account agreements leave you, the merchant, 100% liable for fraud committed at your web site. And that's not all. You're also required to pay the $15- $25 charge – the chargeback fee - that the bank hits you with when the charge on the customer's stolen card is reversed by his or her bank. If you accrue too many chargebacks, your merchant account can be terminated. After one is terminated, it's nearly impossible to get another merchant account.

Not a pretty prospect when you think about it. Just know, that it’s pretty much guaranteed that you will experience an attempt to defraud you either sooner or later. So, how do you protect yourself? Follow these steps. Though each one in themselves may not be a red flag, if you see more than a few, then your fraud ears should go up.

Don't make the assumption that just verifying a credit card - getting an authorization number - is sufficient fraud protection. All this verification process does is to check that the card has not been reported stolen and that it has sufficient free credit available to fund the purchase.
The first level of fraud protection is AVS. AVS stands for Address Verification Service. But it has its limitations. AVS compares the billing address of the customer with the records held by the card issuer. If the card number and billing address match, AVS gives it a thumbs up. The problem is, the card could still be stolen and a thief can ask that the order be shipped to another address. AVS has other problems too. AVS only works for addresses in the United States. So, if you have an international order AVS will not help. If you sell software or information that can be downloaded instantly, AVS provides no protection. All a thief has to do is to obtain a valid billing address that corresponds to a stolen credit card number an your instant buy becomes and instant fraud!
If you don’t use AVS, then make sure the customer’s billing address matches up to the shipping address. If it does not, then you need to find out why they want the products shipped to another address or have a credit card with different contacts.
Ask for TWO phone numbers – work and home. Do a telephone number search on suspected fraudulent orders. You can purchase a database of phone numbers on a CD or you can use services such as <a href=http://www.anywho.com>Anywho.com</a> where you can do a reverse search on a phone number. This will allow you to confirm the contact information for the phone number that the customer has provided.
Place fraudulent notices, buttons and images on your order forms and your web site content that lets consumers know that fraudulent orders will be pursed to the fullest extent of the law.
Look at the products being ordered. Does it match similar frauds you caught in the past? We discovered most orders for US Robotics modems were fraud orders. We guessed it was a very popular modem and could easily be re-sold at swap meets. Be wary of big orders, especially for brand-name items like three MP3 Players at once.
If the customer demands over night delivery, this too can be a sign of a fraudulent order. Since the scam artist isn’t paying for it, he or she doesn’t care how much it costs.
Look at the email address they are providing. The majority of thieves will use a free email address to hide their identity. With fraudulent orders, the customer's email address is often one of the free email services like Hotmail, MSN, or Yahoo! You can find a list of free email domains on the <a href=antifraud.com/redflag.htm>AntiFraud</a> web site that are used most frequently in fraudulent transactions along with an very extensive list of domains that have been used for fraud.
Another clue is a suspicious billing address such as 123 Main Street. You can check to see if an address is real by using <a href=http://maps.yahoo.com>Yahoo! Maps</a>.
And finally, if someone places a very valuable order and asks that it be left at the front door, be suspicious. It could be a sign that a thief is using an innocent person's house as a drop-off point. If an order is for a high-priced item, request that it be signed for.

If you suspect fraud, then what do you do? Follow these steps.

Call the customer. Use the phone numbers you requested and collected from him. When you contact him, don't automatically assume that you're dealing with a thief. The customer could have entered incorrect information and you don't want to offend him and lose the sale. In general though, a thief will not want to have a long conversation with you.
If the phone number is wrong, then try contacting them via email for a valid phone number. Be very suspicious about this though, because most people usually don't give out wrong phone numbers unless it was mistyped.
If the billing address doesn't match or is incorrect, ask him to give it to you again. If the area code doesn't match the billing address's city, ask him why.
Ask the customer for the name and phone number of the establishment that issued the card. Both are usually printed on the back. If the customer cannot supply it, this is a sign that he doesn't physically have the card - just the number.

If you still feel uncomfortable with an order even after talking to the customer, ask him for payment in advance. And if you’re hit with a fraudulent order, document all contacts. This will give yourself greater protection and a better fighting chance of getting your money or product back. Keep all voice mails and emails, along with caller ID in order to prove your case.

Remember it takes a lot of orders to replace just one order lost to fraud. So, it's better to pass on the ones that you're not 100% certain about. So follow these tips and protect your business. No else will!