Find What You Are Looking For:

Homepage

November 2000 Newsletter:
Protecting Your Ecommerce Website from Customer Fraud

The security systems installed properly at the server (example: VeriSign) have proven themselves to be effective against online credit card theft. Customer credit card information is just as safe as customer credit card information in a land-based company's records.

One escalating problem for ecommerce websites is customer fraud. There are many ways for credit card information to be stolen other than from the secured server of a particular website (company). Credit card scams in the physical world have been molded for cyberspace. For example, emails supposedly from your internet service provider asking you to again provide your account information or emails announcing that you have won a major prize and all you have to do is pay a miniscule amount on your credit card to collect. How does an online company protect themselves and their customers from these unscrupulous fraudsters impersonating legitimate customers?

A check and balance of customer information in an in-house database can detect patterns of fraud.

PayPal, for example, rates customer identification and credit card information validity on a rating point system (similar to a mortgage rating point system) as to the probability of fraud from the particular customer. Since there is no regulatory agency to monitor the standard for this point rating system, different fraud-check companies may apply different standards in their determination of the final points given. So, this system is not yet a guarantee of spotting fraudulent customer activity. Honorable customers could be denied use of their legitimate credit card at an ecommerce website. This ecommerce website just lost a legitimate paying customer.

When the online fraud-check service rates a customer's credit card questionable, contact the credit issuing bank and verify the name, address of the customer, if this transaction is consistent with the customer's profile, and if this transaction will be approved.

If the credit card issuer raises questions about this particular purchase for this particular customer redirect the customer to the credit card issuer's website where their private information can be confirmed and then the credit card issuer can approve or disapprove the transaction for your website.

Although use of services such as PayPal are economical and time-saving over a period of time, in-house databases are a good back-up to filter the possibly fraudulent customer from the legitimate customer. The in-house database should be consulted when the online fraud-check service and the credit card issuer raises questions about the validity of the customer's credit card. The main in-house database should be a compilation of all fraudulent orders organized by delivery addresses. This is cross-referenced from your customer phone calls with caller id and your customer service log. Compare these to the credit card issuer's list of customers who claim they did not order the particular items charged. A pattern will present itself. Phone numbers and addresses change. Delivery addresses for fraudulent goods remain constant until the fraudster(s) gets a hint that eyebrows have been raised.

If you believe your ecommerce website has been scammed, pay for an investigator to trace the 'Ship To' address. The investigator will be able to explain how to legally determine fraudulent activity and attain the signature in a controlled delivery.

Remember to post your Cyber Shoplifting notices and Privacy Policy link in an obvious location at your website. Let your customers know that you will protect their privacy and prosecute to the full extent of the law for fraudulent activity.

Remember the basic rules of internet safety that considerably reduce your chances of an online problem. Refer to the Safety Guide for a quick review. Make this a family or office practice. Constant repetition will make this chore into an everyday practice.