Denver, Colo.-based SSNet, an online merchant that sells downloadable software, was losing as much as a quarter of its revenue to online card fraud in the late 1990s, so the company established many new policies for online credit card acceptance that slashed its fraud losses, and established a subsidiary, AntiFraud.com, to help other merchants faced with the same problems, according to SSNet president T.J. Walker.
One of the most effective ways to generate long-term business from merchants is to build relationships with them. Help their businesses grow, which in turn, helps your business grow. As they grow, they will handle more transactions and will need more advanced services, which adds to the ISO's bottom line.
One way to do this is to keep the merchant aware of what fraud can cost him and how to protect himself from it.
All forms of payment are subject to fraud. Cash can be counterfeited, though it's much harder to do with the newer bills. However, there are plenty of older bills in circulation that don't have as many of the anti-fraud features. Cash is also more susceptible to theft from the register.
Check fraud runs more than $10 billion annually, according to a Cap Gemini Ernst & Young report. That amount doesn't include the "innocently" bounced check, which typically costs the merchant not only the amount of the check unless the amount is later collected but also bank charges. This is the major reason why numerous merchants don't accept checks.
Nationally, online fraud losses continue to grow, Walker said, because criminals are getting more sophisticated and because many small merchants become enamored with e-commerce and start accepting card payments online before taking all the necessary security precautions.
"You see a lot of novices get hit with too many charge-backs and get blackballed (put on the MATCH file) by the credit card companies," Walker said. (See cover story, MATCH, Transaction World Magazine, April 2002 issue) "It's hard enough here in the states to get the proper authorities to do something about credit card fraud," Walker added. "Try getting the authorities in a foreign country to pursue such a matter."
Taking these additional screening precautions will help reduce fraud, but won't noticeably affect online sales, according to Walker.
ISOs can help strengthen their relationships with these merchants by passing along the following fraud prevention tips, courtesy of AntiFraud.com:
- Don't accept any orders unless complete information is provided, including full address and phone numbers.
- Refuse orders originating from free, Web-based or e-mail forwarding address. There are more than 3,000 domains providing such services. The customer should be required to provide an ISP or domain-based address, one that can be traced back to a "real" person. Some legitimate customers have nothing more than a free e-mail account (e.g., Hotmail). Allow these customers to place phone orders.
- Check e-mail addresses. Use a browser; enter "www" in front of the domain name. This can uncover mass e-mailing services, which are likely to generate fraudulent orders.
- If in doubt, call the phone number listed on the order. The called party may never have heard of the "customer." In such cases, call the issuing bank to alert the fraud department.
- Use codes that can be obtained from electronic forms handlers to trace orders, including the IP address of the potential customer's Internet Service Provider. Contact the ISP about any suspected fraud attempts.
- Use the above precautions for online virtual checks. Call the account holder's bank to verify the account number, account holder's name and funds available before clearing the check.
- Be wary of real-time ordering services, which process orders while the customer is logged on to the site. Many of these processors don't do any pre-screening of orders.
- Be particularly vigilant in following the above advice if shipping orders to other countries. Think twice about orders from foreign countries with credit cards from all but the largest U.S. banks. Walker emphasizes: "Regardless of the circumstances, regardless of the proof you may have, regardless if you have a signed confession from the crook who stole your goods through a fraudulent order, if your order went across the border, you can kiss it good-bye."
There are also several ways a merchant can help reduce the incidents of offline fraud. The merchant should share this information with any of his employees who handle payment card transactions:
- Make sure the card has the expected features, including embossed numbers, expiration and effective dates and the Visa or Mastercard hologram.
- Inspect the expiration and effective dates.
- Check the signature on the back of the card against the signature on the receipt. Don't accept a credit card that hasn't been signed.
- Inspect the card for physical alterations, especially on the back of the card, where the signature, and the embossed numbers and hologram on the front of the card.
- Be extra careful if the customer tries to rush through the processing, particularly if it's on a large sale.
- While an Internet customer may have a perfectly good reason for requesting that an item shipped to an address other than his billing address (e.g., gift for spouse shipped to office), such transactions may warrant additional scrutiny.
- When in doubt, get more verification. If a signature is questionable, ask for a driver's license. If an Internet order raises an eyebrow, call the cardholder's bank or delay shipment until funds are actually received. While the customer may not like the additional time in line or online, those few extra seconds may be the difference between a good transaction and a fraudulent one. With many merchants operating on tight margins, it's more important to make sure that sales are good ones, not ones that will be subject to chargebacks in the future.