|
After attending a recent eBIG meeting on this topic I thought I would share my notes. The presenters were Sharon Gillett from www.gilletts.com and Allison from www.giftsaustralia.com.au. As both Sharon and Allison are experienced and successfull online merchants the information was extremely practical. Not all the tips below will apply for every business, but there will be many that will help you drastically reduce the likelihood of credit card fraud.
Look at your orders
There can be a number of things that can alert you to a possible fraudulent order if you take the time to look at your orders. These include:
- Poor spelling
- Bad Grammar
- FULL CAPITALS
- Order Address is different to delivery address
- Delivery name is different to the name on the credit card.
- The nature of goods ordered can be a give away. For example items that are easily converted to cash on the black market such as electronics, jewellry etc. or
- Items that are ordered in unusual quantities and or combinations.
- Orders greatly exceeding the average order value. I.E. a $600 order is suspicious when the average order is only $60
- Items easily available in the country the order is from. I.E. Why would someone order the latest Madonna CD from someone in Australia when they could get it for less from a local supplier?
A good way to double check an order is to see if the name and address of the person placing the order matches that on www.whitepages.com.au or www.anywho.com for U.S orders.
BEWARE of orders from the following countries.
It might not be diplomatic to say DON'T SEND ORDERS TO THESE COUNTRIES but many people experienced in online sales will tell you thats their policy.
Listed in order of notoriety
- Indonesia
- Romania
- Nigeria
- Ukraine
- Yugoslavia
- Lithuania
- Egypt
- Bulgaria
- Turkey
- Russia
Check the I.P. Address
An I.P. Address is what identifies users on the Internet, It doesn't tell you their name or address but it certainly tells you what country they are from and that's enough to assist with fraud prevention. Websites log the I.P address of visitors and ideally your website should check to see that the country of the person placing the order corresponds with the address that they say that they have. This would detect an order where it says that the order is being placed by someone in the US but is actually entered by someone in Nigeria with a stolen credit card.
BEWARE of people requesting 'Fastest Possible Shipping'
People experienced in online sales laugh at this one because it almost guarantees it's a fraudulent order. Sometimes the freight costs more than the item, the fraudster doesn't care because it's not them that has to pay for it.
Ask for the CVV
The CVV is an anti fraud feature designed to prove that the person placing the order is in fact in possession of the card. It's a 3 digit number for major cards except for American Express where it is 4 digits.
(last 3 digits on the back)
|
(4 digits on the front, above the number)
|
Confirm Bank Details
If you are unsure of an order, call the credit card issuer and ask that they call their customer to confirm that it is an authorised use of the credit card.
Address Verification Systems
These systems actually check to see if the address of the order is the same as the authorised user. For most fraudulent orders they are different. Whilst the fraudster may have stolen or used software to generate a fake credit card number, they are less likely to know the address of the owner of the card, so they make something up. Address Verification Systems are quite expensive and out of reach of most small businesses. They also don't work in Australia due to privacy policy. However you can still consider saying on your website that you are using such a system as a deterrent.
Request Identity Information
If you are unsure of an order try asking for a faxed or scanned copy of both sides of the credit card and or driver license. You can say that your bank requests you to verify identity to avoid embarrassment.
Post a Warning Message
On your order page you may want to consider warning people of the following security measures.
- You are logging I.P. addresses. (even if you aren't, its a deterrent)
- You are using an address verification system. (even if you aren't, its a deterrent)
- You dont accept order form Indonesia or Nigeria. (you can be diplomatic and say its due to difficulties with shipping)
Verify Charging Information
If you are unsure of an order, advise the customer that you require them to contact their credit card provider and request the exact time that the order was processed. Again you can say your bank requires you do this to avoid embarassment. Credit card companies require callers to identify themselves before releasing that information. Therefore to get it the customer would have had to of gotten through the credit card companies security checks. If you don't hear back from the customer it's likely it was a fraudulent order. If they do get back to you with a time, you can cross check that with the time you put the order through.
Request Signature on Delivery
Not always possible, depending on what sort of business you are in.
Record Fraudulent Orders
Fraudsters are notoriously persistent trying to place orders at the same sites, just because they didn't get through the first time certainly won't stop them trying their luck again and again. Ideally, your website will store the details of orders you have previously identified as fraudulent so that if someone tries to place another order with the same ip address, credit card number, name or delivery address your website will automatically identify them.
Advise Customers What Will Appear On Their Statement.
Avoiding charge backs is what it's all about. The last thing you want is someone who has placed a legitimate order with you contacting their credit card provider to dispute a charge because the name on their statement doesn't clearly indicate that it was a purchase from your store. This can be a trap if your merchant account is in a trading name. For example, how is a customer to know that a charge by xyz pty ltd was for the widget they bought online 2 months ago? This can also be a problem if you use a payment gateway that processes your cards as it is likely that it will be their name that appears on your clients account. In these cases you may need to advise customers what will appear on their statement to avoid unnecessary charge backs.
Train Your Staff
Whatever procedures you put in place to prevent fraud make sure that the appropriate staff are trained in them. It's advisable to have them written down and easily accessible.
Offer Alternative Payment Methods
You don't have to take credit cards. Some alternatives to consider are:
- BPAY
- EFT (Electronic Funds Transfer via the customers Internet Banking)
- Pay Pal (used by millions of buyers and sellers worldwide, preferred method of sending and receiving payment on eBAY)
- COD.
If You're Not Sure...Don't Do It.
If after doing your checks you are still unsure, then it's better to politely decline the order and lose the sale rather than run the risk of losing your stock to thieves.
If you have any comments or questions feel free to contact me.
|
