For merchants who have decided to move beyond the traditional “brick and mortar” storefront, there are many opportunities to enhance customer relationships, attract new customers, and increase sales revenue. Along with the opportunities, however, come a greater level of risk and stronger need for strategic actions to help effectively control fraud and better safeguard cardholder account information. Unlike merchants who operate in the physical world, you do not have face-to-face contact, a card-in-hand, or an actual signature. You also do not have a physical door with a lock and key or a security guard posted 24/7 for protection. Cyber-thieves know all of this and are always on the look-out for merchants who have hung up a virtual shingle, but have let their risk management guard down. It’s up to you to understand the unique issues of running a virtual storefront and take a strategic approach to proactively address these issues and position your business for success.
Internet transactions are classified as card-not-present (CNP), which means you can be held responsible for a charge the cardholder claims he/she did not commit, even if the authorization was approved by the Issuer.
The cost of Internet fraud and/or security breaches make it imperative for merchants to clearly understand the risks of doing business online.
Typical Risks for E-Commerce Merchants
- Fraud due to Customer uses a stolen card or account number to fraudulently purchase goods/services online.
- Fraud due to Family member uses bankcard to order goods/services online, but has not been authorized to do so.
- Fraud due to Customer falsely claims that he or she did not receive a shipment.
- Customer Disputes and Chargebacks due to Goods or services are not as described on the Web site.
- Customer Disputes and Chargebacks due to Customer is billed before goods/services are shipped or delivered.
- Customer Disputes and Chargebacks due to Customer doesn’t recognize the merchant name on statement because merchant uses a service provider to handle billing.
- Customer Disputes and Chargebacks due to Customer is billed twice for the same order and/or billed for an incorrect amount.
E-commerce merchants can minimize their fraud exposure with the proper risk management mechanism.
When more than one of the following indicators is present in a transaction, it may indicate potential fraud. E-commerce merchants need not be concerned when only one of these signs is present, but when several appear in an Internet purchase, they must take care to avoid becoming a victim of fraud.
- First time shopper: Criminals are always looking for new victims.
- Larger-than-normal orders: (This requires knowledge of what a “normal-sized” order is). Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase.
- Orders consisting of several of the same item: Having multiples of the same item increases the criminal’s profits.
- Orders made up of “big-ticket” items: These items have maximum resale value and therefore maximum profit potential.
- Orders shipped “rushed” or “overnight”: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren’t concerned about extra delivery charges.
- Orders from Internet addresses making use of free e-mail services: For these services, there’s no billing relationship and often no audit trail or verification that a legitimate cardholder has opened the account.
- Orders shipped to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the country.
- Transactions on similar account numbers: This is particularly useful if the account numbers being used have been generated using software available on the internet (e.g., CreditMaster).
- Orders shipped to a single address but made on multiple cards: These could also be characteristic of account number generated using special software available on the Internet, or a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: This could be an attempt to “run” a card until the account is closed.
- Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses: This could represent organized activity, rather than one individual at work.
- Multiple cards used from a single Internet Protocol (IP) address: More than one or two cards could well indicate a fraud scheme.
Build internal fraud prevention
By understanding the purchasing habits of your Web site visitors, you can protect your business from high-risk transactions. The profitability of your virtual storefront depends on the internal strategies and controls you use to minimize fraud. To avoid losses, you need to build a risk management infrastructure, robust internal fraud avoidance files, and intelligent transaction controls.
Apply fraud screening
Fraud-screening methods can help you minimize fraud for large-purchase amounts and for high-risk transactions. By screening online Visa card transactions carefully, you can avoid fraud activity before it results in a loss for your business.
Avoid unnecessary chargebacks and processing costs
For your business, a chargeback translates into extra processing time and cost, a narrower profit margin for the sale, and possibly a loss of revenue. It is important to carefully track and manage the chargebacks that you receive, take steps to avoid future chargebacks, and know your representment rights.
- Shown to control fraud to as little as 0.5%
- Automatically identifies whether an order is valid or potentially fraudulent in real time
- Continually and automatically updated with transaction activity (tracks individual and global, multi-merchant patterns)
- Allows businesses to set risk thresholds
- Detailed, web-based reports
- Detect more single-event fraud as it occurs
- Detect fraud trends more quickly
- Convert more valid orders, automatically
- Minimize time, cost of manual review (risk profile codes speed review)
- Minimize customer service inquiries resulting from valid order rejection
- Control fraud risk tolerance
* Extracted and summarized from VISA e-Commerce Merchants' Guide to Risk Management - Tools and Best Practices for Building a Secure Internet Business