ReveNews
Is Online Credit Card Fraud on the Rise?
Fraud definitely is on the minds of online merchants this season. In fact, a survey sponsored by the Merchant Risk Council (MRC) conducted by the 41st Parameter Inc., revealed that 84% of the respondents believed that there will be a slight or substantial increase in online fraudulent activity this holiday season.
When asked about some of the largest challenges in fighting this type of fraud, two-thirds of the respondents stated that the increase in fraud ring activity and botnets (computers used to commit eFraud) are of utmost concern. Further, a full 30% of the respondents stated that a lack of money for the technology to fight online fraud is another formidable challenge.
With respect to these figures, Ori Eisen, the Chief Innovation Officer at 41st Parameter had the following to say:
“As the Global economy continues to slow down, organizations are slashing budgets across the board, including vital IT needs designed to help protect the bottom-line. What’s particularly alarming about this counter-intuitive strategy is roughly one-third of e-commerce fraud investigators surveyed said their number one challenge is not receiving adequate funding to procure proper fraud prevention technology, thereby leaving their online channel a key target for cybercrime.”
Quite an interesting statement indeed.
What Can You Do to Avoid or Prevent Fraud Altogether?
There are a number of tangible steps that a business can take to reduce the incidence of fraud. Here a few ideas for you:
- Display the fact that you have a strong “anti-fraud” policy on your website as this warning alone may deter potential fraud incidents.
- Ensure that providing a credit card verification code is mandatory on your website.
- Carefully scrutinize any emails from Hotmail, Yahoo, and other free email accounts as fraud perpetrators prefer to use these types of anonymous emails.
- Scrutinize any orders with a different “bill to” and “ship to” addresses. While these addresses may differ if consumers are sending a gift or are dropshipping an item, in many cases, it can be a sign of fraudulent activity.
- Be vigilent when it comes to overseas orders.
- Take advantage of technology and use an account verification system (AVS). This type of technology works to ensure that the zip codes or the postal codes of credit cards match the billing addresses.
- On very large and/or questionable orders, call the customer and/or the credit card company to verify the information.
- Employ the services of a company that specializes in fraud prevention.
With these steps you are now well on your way to keeping your business from falling victim to the rising tide of online fraud
Good tips there, but unfortunately for all of us the ultimate responsibility lies in the hands of the card holders themselves. And as long as they keep downloading keyloggers, shopping on unverified sites, and generally being foolish credit card fraud will continue to rise
Amex & Discover’s CID (Card ID)/Visa’s CVV2/MC & EC’s CVC2 was supposed to be never stored nor to be requested over the phone, but that didn’t work out. Merchants should at least destroy that information, once the transaction went through. It is not required for refunds, disputes etc. You should also have received with the original transaction where the code was used, if it matched, not matched or wasn’t possible to verify.
The expiration date information is pretty much worthless in electronic card processing, because it is actually not verified (a expiration date in the future is all that is needed to pass through, with no flags raised by processors and card issuers if it does not match the actual expiration date printed on the card)
The Address Verification Service (AVS) is usually bundled with the Card ID (cost/way of processing/activation), thus it does not hurt to check if the billing zip code (5 digit zip only) matched the credit card account holders zip code, at least for US customers. I don’t recommend the use of the street address verification option (separate from zip code verification), because the service requires that the street address entered by the customer in the billing information is spelled EXACTLY like the street address in the AVS validation record of the card issuer, which is supposed to match the way the street address is printed on the users credit card statement. This is not always the case, I experienced it first hand. Keep in mind that street address can be spelled differently in almost every case. e.g. “1234 NORTH 1ST STREET”, might be spelled “1234 N. 1ST St.” or “1234 N First St” or… …you get the picture.
You can also check, if you had orders in the past with the same shipping address (also the billing address can be checked). People often let stuff ship to their office or work place. You can have the customer indicate that. It helps with your refinement of your detection patterns and it is also a useful information if you are using FedEx or UPS to ship your products. Both carriers allow the specification, if the recipients address is a business or a home address and process shipments differently according to this info, which not only could impact your shipping rates, but also the delivery times by the carriers.
As Larisa already stated, there are also services (provided by most credit card processors and independent third parties) that run the credit card information and/or shipping information against database with reported fraud cases in the past and also do those risk level evaluation based on the factors stated above and by Larisa as well.
Additional Information to how to protect your infrastructure and Website can be found at WeSecure.net. Also check out the PCI DSS (Payment Card Issuers Data Security Standard).