You receive an email notifying you that an order has been placed on your site. Should you start jumping up and down in glee? You’d better hold that bottle of champagne — until you have confirmed the veracity of the order.
With about 93 percent of all consumer Internet purchases made with credit cards, credit card frauds are on the rise. In fact, a Gartner survey of 100 Web retailers found Internet credit-card fraud to be much more common than offline fraud, making it the “No. 1 problem” in e-commerce.
Think you won’t be victimized? Well, think again. LexisNexis® 2010 True Cost of Retail Fraud Study estimates that merchants in the United States alone — both big and small businesses -= are losing approximately $190 billion a year from credit card fraud. If big sites with their sophisticated credit card fraud detection systems in place can be victimized, how much more the smaller sites?
Internet frauds that victimize the merchants are becoming shrewder, wiser and more sophisticated. In fact, gone are the days when credit-card thieves have to break into Web servers to steal card numbers (although many still do). All they have to do is to download a software on the Internet and a free one at that — to generate a supply of credit card numbers associated with a particular bank.
Thieves are also becoming brazen. Some phone aggressively to get the order approved. Rick Beneteau wrote in his article “The Latest, Not-so-Greatest dot-Con Game” that a cheating affiliate member who submitted orders using stolen credit card numbers even sent an email begging for his commissions! Particularly if you are selling big ticket and high-value items, some credit card gangs may be after you (yes, it is scary!).
When you are accepting online orders, you must make sure that you implement protective measures. While you may not be able to diligently screen out all fraudulent orders, you can greatly reduce online fraud.
10 Signs of Online Credit Card Fraud
Here are ten signs that an order may be fraudulent:
1. Larger than normal orders.
The customer may be using stolen credit cards or phony account numbers that have limited life span. If the customer is looking to conduct fraudulent transactions, he needs to maximize the size of his purchase.
2. Orders for multiples of the same item.
If your products have high resale value like watches or jewelry, be wary of those ordering five items all at once. If a crook intends to resell them, having more will increase profits.
3. Orders made up of expensive items.
While you may be happy that your big ticket items are moving, check and double check before you ship out those items. Expensive items, especially brand name items, have maximum resale value and maximum profit potential. They are especially attractive to thieves.
4. Shipping address differs from billing address.
It is always good policy to only ship to the billing address of the card. If the item is being shipped elsewhere, especially for gifts, you need to take extra steps to confirm the veracity of the order like calling the person who placed the order.
5. Suspicious billing address.
If the order is within the United States, you can use the mapping software in some of the major portals to confirm whether the address exists. If the address cannot be verified, contact the person to make sure that the address was simply not mistyped. However, if the email address or the phone number is still erroneous, then simply forget about the order.
6. Leave at door.
As a rule, never allow your products to be left at the doorstep, particularly if you are selling valuable items. The crook may be using an innocent person’s house as a drop-off point. If you are using the postal system, UPS, or FEDEX, the delivery man will simply leave a notice that a package has arrived and it needs to be picked-up.
7. Orders shipped “rush” or overnight.
Most fraudulent orders specify overnight or 1-day shipping. A thief using someone else’s credit card is not concerned about the shipping expense: the faster he or she gets the goods, the better. Never mind if the shipping costs twice or more than the product. As one netpreneur relates, “Let’s say a customer from Buffalo is buying a video game for a relative in Miami. If it’s P.O. boxes, or it’s FedEx overnight, then you start to ask, “Why are you sending this $6 item overnight? Why are you paying for shipping that’s 3x the price of your item?”
8. Untraceable email address.
Many fraudulent orders originate from a free, web-based, or e-mail forwarding address. Anyone can simply open a Gmail account, without giving his or her personal info. Free email addresses allow thieves to quickly make their escape, and makes it hard for the victim or even authorities to trace them back. It is safer to require the customer to provide an ISP or domain based address, which makes it easier to trace back to a “real” person.
9. Orders that cannot be confirmed.
No order is accepted unless the complete information is provided and can be confirmed, including full address and phone numbers. If you have a suspicious order or has a funny feeling about an order, verify the order. Call the phone provided. Sometimes, you’ll find that the number provided doesn’t ring, or has been disconnected. Set a policy to cancel orders if the phone provided has been disconnected, or if they do not answer the phone after several attempts.
10. Suspect ship address.
According to Yahoo, orders from Romania, Macedonia, Belarus, Pakistan, Russia, Lithuania, Egypt, Nigeria, Colombia, Malaysia, and Indonesia have a very high incidence of fraud, and often have unverifiable addresses. You are taking a higher risk if you are shipping outside of your country.
The cardinal rule should always be to ship only when the order checks out. Particularly if an order exhibits multiple warning signs, you are better off keeping the item on your shelf than sending it to a crook. You will not only lose the item, but the valid credit card owner will not pay for the item they never authorized or received. Worse, you will be slapped with a chargeback fee by your bank, and even lose your capability to accept credit card orders.
How to Protect Your Online Business from Credit Card Fraud:
Now that you know the signs, here are some ways to measures you can implement to make sure that the orders you process are the real deals.
1. Use common sense.
Don’t immediately ring up orders received. Listen to your gut instinct. Forego automatic approval of orders if you sense that something looks phony or fishy with the order. Use a manual system of approving the order instead. Go online to use Google Maps or any mapping services to check if the address even exist.
2. Call to confirm.
Calling your customers to confirm their order is not only a way to detect fraud, but part of good customer service. It will give your customers a sense that you are taking steps to protect their identity. If the card was stolen, your call can alert the customer that their cards are being misused. Even if the credit card number and address check out, the person who owns the card may have not even heard of your “customer.”
3. Use tracking codes in your order forms.
In your form, add a hidden field called the Environment Report field. While it may vary among various form handlers , the syntax is most often:
< input type=”hidden” name=”env_report” value=”REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT” />.
This will allow you to know about the computer used to send the order, including the domain name and the IP address. If you suspect that an order is fraudulent, you can contact the ISP of the “customer” and alert them of the fraud.
Ensure that your shopping cart software has this functionality.
4. Ship only within your country.
You may say that you are on the Internet to reach the global market. But then again, the risks are oftentimes too great when you ship to other countries. If you are a US-based merchants, Address Verification Systems do not work outside of the US so you have no way to check out the validity of the address. If you call to confirm the order, think if the international long distance costs are worth it.
5. Accept orders only from ISP or domain name email addresses.
EVERY fraudulent order has come through the free, web-based, or e-mail forwarding services. It’s not a guarantee, but be sure to double check orders coming from free email services.
If you establish a policy that you only accept orders from ISP (e.g. @aol.com) or domain name emails (e.g. @powerhomebiz.com), you will be weeding out a lot of fraud. Be careful, though: be sure to type in the domain name in your browser to verify if indeed the web site exists or not. Some of the free email providers, Mail.com, allows users to have email addresses using the domains @accountant.com, @techie.com, and others. If the customer does not have ISP or domain name email addresses, ask him or her to call your business (be sure to have caller ID) or fax the order, along with a photocopy of the credit card.
Recommended Books on Avoiding Credit Card Fraud Online:
- Essentials of Online payment Security and Fraud Prevention (Essentials Series)
- E-commerce Get It Right! Essential Step-by-Step Guide for Selling & Marketing Products Online. Insider Secrets, Key Strategies & Practical Tips – Simplified for Start-Ups & Small Businesses
- E-Commerce Blueprint: The Step-by-Step Guide to Online Store Success
- Setting Up and Running an Online Store
- E-Business and E-Commerce Management: Strategy, Implementation and Practice (5th Edition)
- How to Protect Your Online Business from Credit Card Fraud
- How Merchants Can Prevent Chargebacks
- What is a Payment Gateway?
- Point of Sale Devices: Importance of EMV Card Readers
- Operational Requirements of Setting Up a Website