Protecting merchants against fraud

 

Fraud Prevention for Merchants

   Home Page  |  Read the Blog |  MEMBER LOGIN  |  JOIN US  |  Merchant Resource Center  |  Testimonials |  Press |  Privacy |  FAQ |  Articles | 

Fraud Articles |Fraud Prevention

FRAUD PREVENTION FOR MERCHANTS

Card number generators, hacked e-commerce sites, dumpster divers, skimmers, hand held mag stripe readers available on e-Bay , dishonest store clerks and waitstaff. They are all out to take money, goods and services from YOU - the on-line merchant by credit card fraud. And let's not forget the card companies themselves who make money on charge back fees when the sale goes bad - over $557 MILLION last year in charge back fees alone. There is a real incentive for them to NOT be careful about credit card fraud!

With all the ways there are for merchants to be scammed by credit card fraud, you might think there's nothing to be done but throw yourself at the mercy of the card companies and transaction processors. Fortunately there are steps you can take to prevent credit card fraud.

The time you can spend taking your own steps to avoid fraud depends, to some extent, on the number of transactions you do. Only you can decide what steps are economical, but if you process only a few transactions a day, you can spend an extra 5 minutes per transaction to be fairly certain that you have a good card. The question is not whether you can afford to take these steps, it's whether you can afford NOT to. Do NOT, as many small on-line business owners do, get caught up in the trap of wanting to make that sale in the worst way. Charge back fees can put you out of business!

Your efforts depends on how much information you get from your processor. I've heard of processors that don't give their merchants the originating IP of the transaction, and in some cases, even the full card number. My suggestion, in this case, is to find another processor or acquirer. Others, such as Authorize Net, and Intellipay offer an option to "Auto-authorize and capture funds." Turn this option off or you lose all control over your money!

First and foremost, follow the procedures recommended by your payment processor and the card companies themselves. Failure to do so can get your merchant account pulled. If you've never done so, make yourself familiar with the contents of the Visa Merchant Resource Center. I haven't found a similar set of pages on the MasterCard site but I'm sure the Visa suggestions apply.

A quick look at all the details of a transaction should give you a good initial screening for red flags associated with credit card fraud. Consider ANY of the following a red flag worthy of further investigation: Free/anonymous E-mail; different ShipTo and BillTo addresses; foreign orders or shipments; all lower case information; larger than normal orders; rush orders; high ticket orders; and multiples of the same item.

Even if everything in the initial screening looks good, merchants need to remember that an authorization number received by the credit card means only that there is an account with that number and, at that moment, the funds are available. It does NOT mean that the transaction is valid. Therefore, you should take the following steps whenever possible.

  • Be sure you obtain the CVV2 number even if your system doesn't use it. This is the 3 digit number to the right of the printed card number in the signature panel. If your customer provides a CVV2 it's an indicator that the card is good and they have the card in hand. If your system includes CVV2 service, use it but do NOT rely on it. Industry estimates are that it is effective less than 80% of the time.
  • Trace the IP number. This can be one of your best tools, especially if the shipto: and billto: are different. Take a good look at origin of the order and compare it to the card holder information. They should be similar. Visual route provides both an on-line demo and a PC version for download.
  • Cross reference the card holder's telephone number and address. This can give you an indication that the cardholder actually exists and lives where they say they do, but remember that if the cardholder has an unlisted number the cross reference will come back as no record found. Consider the cross reference only as a verification. There are numerous cross reference web sites including SmartPage, Langenberg.com, and others.
  • Verify the cardholder address. This is the most difficult step, but remember that any address verification provided by your processor is probably not as current as the one at Visa/MC or the issuing bank, and CVV2 is not always working at all.

By taking these four steps, you should have a much better idea of the validity of the transaction. Remember that none of the steps outlined above are a clear indicator but, taken together, they give you some valuable information that you can use to evaluate the transaction. Never hesitate to contact your customer to resolve an issue but take the approach that you are protecting THEM. Their attitude alone can speak volumes.

Lastly, knowledge is your best defense! Join a merchant advocacy group. You aren't alone in this fight against fraud. As a small business owner you are vulnerable but there are organizations out there to help. Take a look at CardCops, Merchant 911, and others. Some are free, some are not, but the fee-based groups have a lot of good free information. When considering the usefulness of these groups, see what, if any, advertising they do. If the Card Companies and payment processors are advertising on the sites, you should keep that in mind. They have some excellent information on these sites but be aware of the sponsor slant.

All the tools, tips and tricks above can be found in the member area of Merchant 911

Copyright 2000, 2001 - Thomas C. Mahoney; Merchant 911 All rights reserved

 

 

 

 

 
     Copyright 2001-2006 Merchant911, LLC All Rights Reserved   |  MEMBER LOGIN  |  Email Us   |  Site design courtesy of ClassyThemes.com