The Green Sheet Online Edition
February 22, 2010 • Issue 10:02:02
Managing your fraud risks
As time passes by, technological changes are inevitable. New technologies come with new vulnerabilities, and data thieves nimbly locate and exploit weak spots at every turn. Fraud scrubbing, a term widely used in the payments industry, refers to the many techniques and systems being deployed by e-commerce payment providers and online merchants to help fight fraud.
Criminals relentlessly employ new technology to steal credit card, bank account and other personal information. Fraud prevention capabilities must also evolve to protect customers' information. A primary challenge online businesses face today is to always remain one step ahead of fraudsters.
In the midst of the global financial crisis, the biggest fear of Americans is being victimized by credit and debit card fraud. According to the Unisys Security Index, concern about fraud supersedes fears of terrorism, computer viruses, health viruses and even lack of personal safety.
Also, Forbes magazine claims the majority of credit cards are still stolen the old-fashioned way - by unethical retail store clerks, as well as restaurant employees using skimmer devices. Merchants must develop techniques to combat fraud without making honest customers jump through too many hoops. That truly is the hardest aspect of managing fraud.
According to a Javelin Strategy and Research 2009 study, the number of U.S. identity fraud victims increased 22 percent in 2008, to nearly 10 million adults. The total annual fraud amount jumped just 7 percent to $48 billion. Wonder why? It is because consumers and businesses are detecting and resolving fraud more quickly.
Javelin reported that 71 percent of fraud incidents "began occurring in less than one week from when the data was first stolen, up from 33 percent since 2005." To combat this, cardholders need to constantly check statements
and pending transactions. The most successful way of combating fraud is catching bogus transactions before they are posted.
What steps can merchants and ISOs take to reduce fraud? Roy Derby, a veteran law enforcement official and the current Director of Risk Management for America's BankCard Alliance LLC, said, "The credit card processing industry is based on risk, and it's our duty and obligation to mitigate the risk for our merchants. One of the most overlooked and basic ways to help your merchants is prevention through education."
But most retail sales personnel receive only entry-level instructions on how to use credit card processing equipment and how to detect fraud. However, ongoing training is essential, along with established policies on steps to take when suspicious activity occurs.
The small price of keeping staff updated on the latest scams and trends can have a positive impact, not only on your profit margin but on a store's reputation for zero tolerance.
When Derby stresses the importance of keeping staff informed, he tells of when he was a detective assigned to paper crimes (forgeries, bad checks and unlawful use of credit cards). He knew where the most fraud would occur simply by noting which stores had street reputations for being easy marks.
"Don't be that easy target; be the one the criminal decides to skip," Derby said.
Take these steps
Here's what you and your merchant customers can do to get the jump on fraudsters:
- Watch out for multiple orders from the same individual with different "bill to" and "ship to" addresses. Check the Internet-protocol (IP) geolocation, and compare it with the billing address to help verify the validity of the charge.
- Establish a database for detected fraud attempts, and whenever you find a fraudulent charge, enter the details about the incident in the database.
You will want to have customer names, shipping/billing address(es), phone numbers, IP addresses and e-mail addresses. Make sure to leave a section for comments.
- Detect patterns. Multiple orders shipping to the same address but paid for with different credit cards should throw up a red flag.
Also, fraudsters may have the credit card number but submit it multiple times with different expiration dates because that information is what they are missing.
- Suspect free e-mail accounts. The majority of fraud is initiated from free e-mail services. Many businesses today refuse to accept orders from any free e-mail account or non-Internet service provider of e-mail domains.
Depending on the value of the purchase, call or request more information before the order can be further processed.
- Use payer authentication programs, such as Verified by Visa and the MasterCard SecureCode, which utilize user passwords to confirm cardholder identities.
When merchants employ such programs, card issuers may incur some of the losses for online fraud that were originally entirely on merchants.
- Check bank identification numbers. You can use the first six digits of the credit card to determine if the issuing bank and the cardholder are in the same country.
However, this method should be verified prior to canceling a transaction since some legitimate transactions occur when people make purchases while traveling in foreign lands, for example.
- Use the Address Verification System (AVS). The AVS is available only in the United States and in four European countries. The AVS checks whether the cardholder's address and ZIP code match the information at the issuing bank.
This, too, should be reviewed before cancellation, as the AVS can fail because of certain issues, such as an address change.
- Call the customer. With the high volume of transactions today, it may not seem like the best use of your time, but phoning a customer on occasion can benefit a company in many ways.
A phone call gives you an opportunity to welcome the customer and develop a relationship with him or her for future ordering.
Also, if a customer you call claims to never have authorized the charge in question, you can simply cancel the order and let your customer know to call his or her credit card company so a new card can be issued. This will solidify your relationship with your customer and prevent further fraudulent charges.
Nicholas Cucci is the Marketing Director for Network Merchants Inc. He is a graduate of Benedictine University. Prior to joining NMI, Mr. Cucci worked in the payment processing division for a Fortune 500 company and has advised several large retailers on credit card fraud protection, screening and risk assessment. Nicholas can be reached at email@example.com or 800-617-4850.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.