by Steve Ma. Reyna
PowerHomebiz Staff Writer
With about 93 percent of all consumer Internet purchases made with credit cards, credit card frauds are on the rise. In fact, a Gartner survey of 100 Web retailers found Internet credit-card fraud to be much more common than offline fraud, making it the “No. 1 problem” in e-commerce.
Think you won’t be victimized? Well, think again. CNN recently reported that the big travel site Expedia.com suffered losses of $4.1 million in credit card fraud. If big sites with their sophisticated credit card fraud detection systems in place can be victimized, how much more the smaller sites?
Internet frauds that victimize the merchants are becoming shrewder, wiser and more sophisticated. In fact, gone are the days when credit-card thieves have to break into Web servers to steal card numbers (although many still do). All they have to do is to download a software on the Internet and a free one at that — to generate a supply of credit card numbers associated with a particular bank.
Thieves are also becoming brazen. Some phone aggressively to get the order approved. Rick Beneteau wrote in his article “The Latest, Not-so-Greatest dot-Con Game” that a cheating affiliate member who submitted orders using stolen credit card numbers even sent an email begging for his commissions! Particularly if you are selling big ticket and high-value items, some credit card gangs may be after you (yes, it is scary!).
When you are accepting online orders, you must make sure that you implement protective measures. While you may not be able to diligently screen out all fraudulent orders, you can greatly reduce online fraud.
Here are ten signs that an order may be fraudulent:
Larger than normal orders. The customer may be using stolen credit cards or phony account numbers that have limited life span. If the customer is looking to conduct fraudulent transactions, he needs to maximize the size of his purchase.
Orders for multiples of the same item. If your products have high resale value like watches or jewelry, be wary of those ordering five items all at once. If a crook intends to resell them, having more will increase profits.
Orders made up of expensive items. While you may be happy that your big ticket items are moving, check and double check before you ship out those items. Expensive items, especially brand name items, have maximum resale value and maximum profit potential. They are especially attractive to thieves.
Shipping address differs from billing address. It is always good policy to only ship to the billing address of the card. If the item is being shipped elsewhere, especially for gifts, you need to take extra steps to confirm the veracity of the order like calling the person who placed the order.
Suspicious billing address. If the order is within the United States, you can use the mapping software in some of the major portals to confirm whether the address exists. If the address cannot be verified, contact the person to make sure that the address was simply not mistyped. However, if the email address or the phone number is still erroneous, then simply forget about the order.
Leave at door. As a rule, never allow your products to be left at the doorstep, particularly if you are selling valuable items. The crook may be using an innocent person’s house as a drop-off point. If you are using the postal system, UPS, or FEDEX, the delivery man will simply leave a notice that a package has arrived and it needs to be picked-up.
Orders shipped “rush” or overnight. Most fraudulent orders specify overnight or 1-day shipping. A thief using someone else’s credit card is not concerned about the shipping expense: the faster he or she gets the goods, the better. Never mind if the shipping costs twice or more than the product. As one netpreneur relates, “Let’s say a customer from Buffalo is buying a video game for a relative in Miami. If it’s P.O. boxes, or it’s FedEx overnight, then you start to ask, “Why are you sending this $6 item overnight? Why are you paying for shipping that’s 3x the price of your item?”
Untraceable email address. Many fraudulent orders originate from a free, web-based, or e-mail forwarding address. Anyone can simply open a Hotmail account, without giving his or her personal info. Free email addresses allow thieves to quickly make their escape, and makes it hard for the victim or even authorities to trace them back. It is safer to require the customer to provide an ISP or domain based address, which makes it easier to trace back to a “real” person.
Orders that cannot be confirmed. No order is accepted unless the complete information is provided and can be confirmed, including full address and phone numbers. As the Sneetch.com guys warn, “You call the number and it doesn’t ring. Every time we have a funny feeling about an order, we call. If they don’t answer the phone or if the phone is disconnected, they get an email saying that the order is cancelled.”
Suspect ship address. According to Yahoo, orders from Romania, Macedonia, Belarus, Pakistan, Russia, Lithuania, Egypt, Nigeria, Colombia, Malaysia, and Indonesia have a very high incidence of fraud, and often have unverifiable addresses. You are taking a higher risk if you are shipping outside of your country.
The cardinal rule should always be to ship only when the order checks out. Particularly if an order exhibits multiple warning signs, you are better off keeping the item on your shelf than sending it to a crook. You will not only lose the item, but the valid credit card owner will not pay for the item they never authorized or received. Worse, you will be slapped with a chargeback fee by your bank, and even lose your capability to accept credit card orders.
Now that you know the signs, here are some ways to measures you can implement to make sure that the orders you process are the real deals.
Use common sense. Don’t immediately ring up orders received. Sean Lungren and Todd Lidvahl, founders of Sneetch.com selling DVDs and videos on the Web, uses a system they call “manual. It is called “two eyes” and we both have two eyes. Well, you just basically look at it and see if it look kinda phoney. Just take it with your gut instinct.”
Call to confirm. Calling your customers to confirm their order is not only a way to detect fraud, but part of good customer service. It will give your customers a sense that you are taking steps to protect their identity. If the card was stolen, your call can alert the customer that their cards are being misused. Even if the credit card number and address check out, the person who owns the card may have not even heard of your “customer.”
Use tracking codes in your order forms. In your form, add a hidden field called the Environment Report field. While it may vary among various form handlers (FormMail, cgimail, etc,), the syntax is most often:. This will allow you to know about the computer used to send the order, including the domain name and the IP address. If you suspect that an order is fraudulent, you can contact the ISP of the “customer” and alert them of the fraud.
Ship only within your country. You may say that you are on the Internet to reach the global market. But then again, the risks are oftentimes too great when you ship to other countries. If you are a US-based merchants, Address Verification Systems do not work outside of the US so you have no way to check out the validity of the address. If you call to confirm the order, think if the international long distance costs are worth it.
Accept orders only from ISP or domain name email addresses. EVERY fraudulent order has come through the free, web-based, or e-mail forwarding services. If you establish a policy that you only accept orders from ISP (e.g. @aol.com) or domain name emails (e.g. @powerhomebiz.com), you will be weeding out a lot of fraud. Be careful, though: be sure to type in the domain name in your browser to verify if indeed the web site exists or not. One of the leading free email providers, Mail.com, allows users to have email addresses using the domains @accountant.com, @techie.com, and others. If the customer does not have ISP or domain name email addresses, ask him or her to call your business (be sure to have caller ID) or fax the order, along with a photocopy of the credit card
by Steve Ma. Reyna
PowerHomebiz Staff Writer