COVID-19 UPDATE: How Data Doctors is preparing & responding. Learn more >

As a merchant, how do I protect myself against credit card fraud?


As a merchant, what are the risks in taking credit cards over the Internet for my products?



This question was answered on August 25, 2000. Much of the information contained herein may have changed since posting.

We have all heard about credit card fraud from the standpoint of the consumer Stolen credit card numbers are used on a daily basis, both on-line and off-line The untold story about credit card fraud is in most cases the merchant is left “holding the bag”

When a fraudulent order is placed with the proper information, the merchant will still get an authorization from the credit card company, but the product is actually shipped to the thief, instead of the cardholder When the cardholder realizes the charge is fraudulent, they notify the credit card company, which notifies the merchant of a “charge back” The merchant is out the sale, the product and any transaction fees including charge back fees, even though the credit card company authorized the transaction Law enforcement is incapable and in most cases, unwilling to pursue the thieves, especially if the amount is not large or if it involves multiple states or countries.

How then, can a merchant feel comfortable taking a credit card over a website? Here are some issues when doing business with a credit card customer:

- Where you ship your product to: A crude fraud screening method is using a customer’s billing address as the only acceptable shipping address While this does not guarantee that a purchase is legitimate, in does reduce fraud to an extent, since most fraudulent purchases use different billing and shipping addresses But, since many legitimate purchases are gifts and therefore require a separate billing and shipping address, this method will also turn real customers away.

-Be wary of any orders placed with a free e-mail account, such as Hotmail, Yahoo, Juno, etc The incidence of fraud is much higher when a free-mail account is used, because it’s easy to create an identity on these systems

-Be very wary of an order that is much larger than usual Thieves pray on small companies that are so jubilant about the size of the order, that they forget to do the homework or don’t have the experience in dealing with fraud.

-Don’t assume that a credit card authorization will protect you; the merchant is ultimately responsible for the fraud If in doubt, don’t ship the product A lost sale is a lot less painful than a fraudulent sale in which you lose the product and the sale!

More sophisticated systems are now available to on-line merchants that will do a much better job of screening for fraud Among them is CyberSource <a href=""><font color="#003399">(</font></a>, which in conjunction with Visa have created the IFS (Internet Fraud Screening) system that is based on information that is known about legitimate on-line buyers as well as the digital signatures that tend to expose the criminals “Most criminals use the same method of “hiding” themselves while on-line and this is one of the many aspects of a merchants transaction that CyberSource examines” according to CTO, Tom Arnold Everything from IP addresses, domains, country of origin and even the series of credit card numbers used are crossed referenced to set a “score” for each customer The merchant can then look at the score and the associated detailed information such as “changed names 3 times” in order to determine the risk factor then make better decisions.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!


Posted by Ken of Data Doctors on August 25, 2000