Minimizing Credit Card Fraud – For Online Retailers

Well-organized criminal organizations steal credit card numbers in many different ways (especially virus programs) and use these numbers to purchase products from Internet retailers using stolen Internet accounts or through anonymous proxies.

Often these transactions go unnoticed by the actual cardholder until they review their account statement, which can be a few months after the transaction was made. These gangs arrange for goods to be delivered to temporary addresses that are quickly vacated after a couple of weeks to avoid authorities.

Once the cardholder discovers the transaction, they will file a claim with their bank to have the transaction reversed. You, as the merchant, will have no choice but to allow the bank to reverse the transaction and you will ultimately lose that money.

If your dream is to work for yourself in your own business, and that business involves having consumers pay for your products using credit cards over the Internet, then beware.

I have been in the internet business for a few years now. One of my businesses is an online store that sells memory products at http://www.ramcity.com.au. Over the years I have been busted multiple times resulting in losses close to $2000 total. I have been one of the lucky ones, and fortunately, thanks to careful diligence, I have not encountered any fraud incidents in over 12 months.

This is what I learned about fraud prevention if you have an online business:

1. Be VERY suspicious of anyone who places an order and provides a free email account with their contact details. Out of every fraudulent transaction I’ve had, they’ve all provided email accounts with hotmail.com or yahoo.com addresses, or Fastmail.com.

2. If you receive an order and someone provides a free email account address, check the white pages or phone book to see if the address is listed. If not, give them a call to confirm that they placed the order. Many times, if I can get someone on the phone and ask them to confirm their credit card CVV code, I’ll be satisfied that the order is legitimate. If they’re evasive, I insist they fax a copy of your credit card statement and your driver’s license so I can verify credentials. If the order is bogus, they probably gave you a fake phone number anyway.

3. Some credit card gateways like Eway now have the ability to identify the bank and country of origin that issued the credit card. This is useful as you can ask the person placing the order which bank issued your credit card. It is unlikely that they will have this information if they are using a stolen card number.

4. Always send confirmation emails to the email address provided in the order. If a thief uses an email address that belongs to someone else, there is a chance that the actual owner of the email account will reply saying that he does not know anything about the request.

5. Never deliver products to PO Box addresses, especially if you deal in electronics. Always deliver your merchandise through a courier, with the requirement that someone must sign for the order. This can be a hassle for some of your customers, but doing it alone will eliminate a lot of fraud right away. Many criminals will set up a PO Box under a fake name for a month, receive the goods, and then disappear with no way to trace them.

6. If you are an Australian retailer, think carefully about doing business internationally. If you sell “real” retail products, such as computer equipment or electronics that are easily resold on the black market, you will be targeted by scammers. If you sell software or other “soft” products, then sell them internationally if you want, but expect to cancel a certain amount of business due to fraudulent transactions involving orders placed with stolen credit card numbers. Alternatively, you could require international buyers to always pay via direct deposit.

7. Assume that each order you receive is potentially fraudulent. Look out for misspelling, lowercase names, fake or disconnected phone numbers, and especially free email accounts.

Here’s what you can do if you think you’ve received a fraudulent order:

1. If you have a real-time credit card clearing service, the order money would normally be deposited into your bank account the next day. In my opinion, you should cancel the order and reverse the transaction immediately. Personally, I always store or pre-authorize the transaction so that I can manually inspect the order before processing it. This saves you future accounting problems with managing reversals and refunds, since you can simply cancel the transaction if it’s fraudulent.

2. Call your commercial bank or credit card authorization center to report as many details about the order as possible. Here’s the catch: the bank will not provide you with any information about the transaction to confirm if the cardholder’s name matches the card number due to the Privacy Act. If the bank is convinced that the transaction is fraudulent, it will report the card as stolen so that all subsequent transactions will be declined.

3. If you are unfortunate enough to receive a chargeback notice from your bank due to a fraudulent transaction, report the matter to the police as soon as you find out. The best place to do this is at your local police station. Provide them with a copy of the order, the transaction details from your credit card clearing portal, the IP address of your blogs, the time and date of the order, the signed waybill, and anything else you have, including the details of the reversals, and the contact details of the person you reported the matter to at your bank.

Keep in mind that if the transaction was for a few hundred dollars, it will be a low priority matter for the police, but don’t let that discourage you. If everyone reports fraud, then someone may recognize a pattern and possibly catch one of the bad guys.