If you are selling something on the Internet, whether through product downloads or physical delivery, most likely you are accepting payments through credit cards. Credit cards provide a convenient way for buyers to pay, and thus form an integral component of doing business online.
However, you need to watch out for a number of things when accepting credit card payments online. Just because a person expressed interest in your product and placed an order, does not necessarily mean that the person is willing to pay for it. They can use credit card fraud to steal it from you.
Credit card fraud has become pervasive on the Internet. According to MasterCard International, account takeover fraud has increased by 369% since 1995. It has become one of the fastest growing types of fraud, and one of the more difficult to combat. In 2000, Celent Communications estimate that U.S. retailers alone lost an estimated $1 billion to online payment fraud.
Even if the credit card company has given you authorization as to the validity of the card, there are several ways fraudulent cards can be used on your site. The card may have been lost or stolen, but the card owner is yet to report its loss. Or the number on the card (and not the card itself) may have been lifted without the knowledge of the owner. There is also a scam called identity theft, where the card has been issued under false pretenses using someone else’s identity and data.
As an online merchant, you need to have a system to check the veracity of orders placed to safeguard your business. While the effort may require additional time and money, it can save you the cost and stress caused by charge-backs for fraudulent orders. Your product is gone; you lose the sale price; and you will be fined an additional $10-$15 charge-back fee. If you have a high percentage of charge-backs, your card services company can even cancel your merchant account. You will also spend time looking up the order and provide the requested information to your card services company. All of these hassles are things you can surely do without.
How can you protect yourself from credit card frauds? Here are a few steps that can be taken to ensure that the transaction is being requested by the cardholder.
1. Subscribe to checking systems (e.g. AVS) if offered by your merchant bank.
This system checks whether the billing address given by the buyer matches the address on file for that card with the credit company. While it may cost you more, it is a powerful tool to help minimize losses due to credit card frauds. Note, however, that the AVS system does not work with addresses outside the United States.
2. Manually verify the address.
If you do not have the AVS system, check the address given by the buyer by going to any of the mapping services available online (e.g. Google Maps). If the card is stolen, the thief is unlikely to know the owner’s address and will most likely not provide his or her own address. Thus, there is a strong probability that the buyer submitted a fictitious address. If the mapping services indicate that the address does not exist, that should raise warning flags for you.
3. Call the cards’ bank.
An effective means of verifying buyer information is to call the cards’ bank, particularly for questionable international orders. Call your card services company and request a bank telephone number. Then, call the cards bank. In some countries such as United States, Canada, China, India, etc., the bank will ask you to tell them what information you have and then they will tell you “yes it matches” or “no it does not”. A few countries, however, such as Australia, Scotland and the United Kingdom, have laws against providing any information, including yes or no answers, to merchants.
4. Watch out for the email addresses.
Be careful of buyers that used e-mail addresses from free services such as Gmail, Hotmail and Yahoo Mail. These email addresses are very easy to obtain and people can sign up for these services under a false name and made-up addresses. If used for fraudulent orders, tracing these addresses can lead you to nothing. For orders placed by a buyer with domain name e-mail, check out Internic’s WhoIs service at http://www.internic.net/whois.html to find out more about the customer.
5. Call the cardholder.
If you have any doubt that the person you are sending your merchandise to is not the cardholder, the best thing to do it to call them. Ask to talk to the buyer, and explain that you are confirming the address and contact numbers on the pretense that it might be needed if there is any problem with the delivery.
6. Be cautious of unusual bulk orders.
Before you clap with glee upon receiving 100 orders of your product from an individual, stop and think for a moment. Bulk orders are part of the normal transaction for businesses, but not for a private individual. People out to con you will place any number of quantity, since they do not intend to pay for the product anyway (or someone else — the real owner of the credit card — will pay for it).
7. Shipping and billing address should match.
In business, it is normal to send the product to one address and the bill sent to another. However, when dealing with individuals, insist on sending the product only to the billing address, particularly if you are dealing with expensive items.
If you are uncomfortable with the order, you can always cancel it or ask for payment in advance. You can also opt to accept orders within your country if you are not yet ready for international customers; or outright say that orders from countries with high fraud incidence will not be accepted.
Trust your gut instincts. It is always important to be careful and ensure that you are not going to lose the money and the merchandise in a charge-back.