Internet Fraud
by Scott Burke
Published on this site: January 30th, 2006 - See
more articles from this month
Taking transactions over the Internet can be profitable but
it can also bankrupt a small business. Accepting online transactions
means accepting additional responsibilities as a merchant.
These responsibilities include knowing and understanding your
risk exposure and your liabilities.
You are 100% liable for all losses sustained. And, if there
is an excessive amount of fraud or unauthorized transactions
through your merchant account, your fees and discount rate
could be raised, your funds could be held, or your merchant
account could be closed. Be aware that authorization codes
only mean that the cardholder has funds available for that
transaction and does not verify the sale.
When possible, also use CVV2 (Card Verification Value). Ask
the customer for the CVV2 information on the back of the credit
card. If that person cannot supply you with that information,
that is a sign that you may not be dealing with the actual
cardholder.
Be Aware of High Risk Countries
When receiving an order from an International country it
is recommended that you obtain the card issuing bank information
to verify the legitimacy of the person giving you the credit
card. Indonesia, Nigeria and other areas of Africa, and Singapore
are the highest risk areas for accepting credit card transactions
as most fraud is generated through these areas.
Minimize Risk
To help minimize your risk exposure, take the time to learn
about AVS (Address Verification System) if your merchant account
is set up with this feature. If the address does not match,
you may not want to ship any product without verifying through
the card issuing bank.
Also be aware that AVS does not work with International addresses.
Always check the AVS response codes.
Best Practices
Be alert for transactions with several of the following
characteristics:
- First time shoppers
- Larger than normal orders
- Orders consisting of several of the same items or orders
composed of big ticket items
- Orders shipped "rush" or overnight
- Shipping to International addresses
- Transactions on similar credit card numbers
- Orders shipped to a single address but made on multiple
cards
- Multiple transactions on one card or multiple cards with
a single billing address but multiple shipping addresses.
Ask the customer for the preprinted numbers above or below
the first 4 embossed account numbers, name of the card issuing
bank and for the customer service phone number on the back
of the credit card. If they cannot provide this information,
more than likely this is not the actual card holder.
Site Data Requirements
Card Associations have mandated that merchants, who store
account holder data (account information, cardholder information,
and transaction information) in an electronic commerce environment,
keep this information in a secure manner. This is to ensure
that merchants are adequately protected against hacker intrusions
and account data compromises.
Hacker break-in's can have potentially dangerous consequences
on merchants. There could be a disruption in your merchant
service and loss of consumer confidence with your business.
- Do not store CVV2 information.
- Destroy all unnecessary data.
- Use Network Security tools to protect website (firewalls).
Scott Burke; President of iMAX Business Solutions
in charge of sales, strategy, and execution and thus is responsible
for managing all aspects of the company's marketing, communications, new accounts, and support. [email protected]
http://www.cmscreditcards.com/
|
