Minimize Online Fraud, Maximize Profits

Credit card fraud is a growing threat to online merchants, with losses up more than 33% in 2013 compared to the previous year. Worldwide, about 75% of credit card fraud involves online transactions. If you sell online, you are going to get burned by credit cards now and then. But there are steps you can take to minimize your losses…

Avoiding Online Fraud

You want to sell stuff online, but that means trusting faceless customers who may be out to get something for nothing. If you’ve ever been scammed by a customer using a stolen credit card, or had to deal with unfair chargebacks, you know the banks usually take the side of the merchant in disputes. That’s why it’s important to analyze every transaction for signs of fraud. Here are some best practices:
Use a two-step fraud detection system. Software should vet all credit card customers for warning signs of potential fraud, and decline transactions in which there is a high probability of fraud. Questionable cases should be kicked up to a human investigator trained to tell the difference between an attempted fraud and simply an anomalous situation.
Minimize Online Creidt Card Fraud
One clue to potential fraud is when the customer is attempting a transaction from a location that is unusually far from his billing address. There are geo-location databases of IP addresses, and every Web site can detect the IP address that a visitor is using. If the customer’s billing address is in Chicago and his IP address is in Pakistan, you probably have a fraudster. If the IP address is in St. Louis, further fraud tests are warranted.
Customers whose IP addresses belong to Web proxy services are also suspect. A proxy server relays a user’s request to the target Web site, and relays the site’s responses back to the user. Therefore the Web site can’t tell where the user really is, geographically. Someone using a proxy server may just be unusually privacy-conscious, but chances are higher he or she may be a fraudster.
Fraudsters like to obscure their locations, or sometimes they just make up order data and get it wrong. Compare phone numbers and billing address ZIP codes; are they valid and in the same geographic area? Also compare the card-issuing bank’s location to the billing address; are they reasonably related? VoIP phone numbers, such as those issued by Google Voice, are somewhat correlated to higher fraud.

Other Steps You Can Take

Speaking of phone numbers, it’s not a bad idea to verify that the number given matches the name of the customer. You can look this up with a quick search at Whitepages.com. And you can always call the customer to get a feel for whether they are legit, or to verify that they placed an order with you.
If there’s a card or gift message, does the sender’s name match the name in the billing address? Another tell-tale sign of fraud that I’ve encountered over the years is the use of ALL CAPS or all lower-case letters on the order form.

For further reading, the “Global Visa Card-Not-Present Merchants Guide to Greater Fraud Control” (PDF) is an in-depth discussion of this subject.

The CCV2 number on the back of a card should be required of every buyer; it provides stronger evidence that the buyer actually possesses the card and not just the account data associated with it, which anyone (it seems) can steal from a major retailer.
There are quite a few such tests that can be applied to online credit card transactions before they are processed; here is a list of ten fraud tests.
If you’re wondering how on Earth you can process orders rapidly while doing all these tests for fraud, relax; technology has your back! Most e-commerce software includes light to moderate fraud-detection modules; you should familiarize yourself with what’s already available to you via the software’s documentation or a talk with the vendor. If you need deeper fraud-detection analysis, there are third-party services that specialize in that sort of thing.
Maxmind offers a proxy detection service that can be integrated into your online store. It will check an IP address against a database of anonymous and open proxies. Open proxies are compromised computers that allow traffic to be routed through them. They also have a more comprehensive minFraud service that calculates a risk score based on IP address and other factors.
CyberSource Risk Management Services is a subsidiary of Visa that can augment your in-house fraud-detection capabilities. Third-party payment processors such as Authorize.net have add-on fraud-detection services that cost as little as $10 a month. If you use a payment processor, it’s almost certain to offer enhanced fraud-detection; just ask.
Are there other steps you take to minimize fraud in your online store? Your thoughts on this topic are welcome. Post your comment or question below…


More Posts about Ecommerce:

  • Yes, You Need an Ecommerce Platform

  • New Square Reader Does Apple And Chips

  • Are You Paying For Ads That Nobody Sees?

  • Improve Sales With A/B Testing

  • Are Trust Logos Worth It?

Comments

  1. Hello Bob,
    We are based in the UK, my sons have a business and supplied goods to the value of £7500 to a local builder who placed the order over the phone and paid by card, the card went through and an authorisation code was issued by the card company and the funds were then paid into the kids bank account.
    One month after the transaction the card company rang to say that the card which was a Canadian card had been stolen and that they would be recovering the funds from the kids account.
    What I don’t understand is why the card company’s security checks did not pick up on this fraudulent transaction and instead issued an authorisation number.
    It turns out that if the customer pays over the phone with a card instead of calling in to the showroom and paying using a PIN number then you take all the risk if the card is stolen.
    This makes a complete nonsense of accepting payments online.
    My kids did everything they were supposed to and yet they have fallen foul to a thieving scammer.
    The police have been informed but I am not holding my breath.
    EDITOR’S NOTE: Phone orders are even more risky than online orders, because you have no way of verifying the identity or location of the caller. You say the customer was a “local builder” — why can’t you go after him for the fraud?

  2. Hello again Bob,
    When I say he is a local builder, he is supposedly based approx 30 miles away.
    The goods the kids sold to him are specialised and they are the only agent in the area.
    As I said, the police have been informed , it may turn out that the goods were delivered to a fake address and that the fraudster has ordered in the name that was on the stolen card.
    When we question the card company about why after giving an authorisation number they intend to recover the funds via the kids bank account they will no doubt point to their terms and condition and wriggle out of their responsibility.
    If we then find it in their terms and conditions it will no doubt be buried in 100 pages of micro print.
    The kids didn’t know about this condition and I bet there are lots of other merchants who don’t realise the risk they are taking when they accept payments over the phone.
    IN THIS CASE SELLER BEWARE
    Graham

  3. Mac 'n' Cheese says:

    Hi, Bob,
    Did you mean to say, “you know the banks usually take the side of the merchant in disputes”? Or do the banks usually take the side of customers?
    EDITOR’S NOTE: Yes, they usually do take the side of the customer. It’s amazing what you can get away with if you’re a good liar.

  4. In the list of anti-fraud measures, number 6 refers to a mail box etc. A lot of Canadians who live close to the US border will us a mail box in the US just over the border in order to save a lot in postal fees for items ordered on the Internet from the US. I once ordered an item which was on sale for $18.00 instead of its usual $36.00. Plus free shipping to the US compared to $34.00 shipping to Canada. When I got the email to say it had arrived I drove down and collected it, including border controls both ways it probably took between 1 1/2 and 2 hours – definitely worth it. The dollar amounts might not be exactly correct but are pretty close.
    So number 6 might not be a good indicator.

Join the Conversation! Leave Your Comment...

*


Free Small Business Tech Support -- The Rankin File
Subscribe to The Rankin File: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.