Preventing On line Fraud
With ecommerce, merchants who trade on line need to aware of potential for fraud. Being on line and not actually seeing or dealing directly with the customers means there are new opportunities for those not so honest people to try and defraud merchants.
However armed with awareness and knowledge it is easy to protect yourself by putting in place processes and policies which will prevent you becoming a victim.
Note the following information is focussed on New Zealand clients but can with minor adjustment be applied to merchants worldwide.
Credit card fraud.
This is the most common form of fraud likely to be encountered by a merchant. Since you are not seeing the customer face to face, is can be harder to identify if the customer is valid. Note that although credit card holders usually have limited liability, a merchant will shoulder the cost of a fraudulent transaction and any related fees.
There are other types of fraud for example:
- Identity theft.
- Phishing of information via fake web sites or emails.
- Bad cheque scams.
- Fake postal orders.
|
However most of these can be avoided easily by following two simple rules:
|
Signs of Credit card Fraud.
For merchants to protect themselves from credit card fraud. They need to be on the look out for common signs of fraud as follows:
Look for orders which are:
- Large and beyond the average size.
- Shipping to unusual countries (see more later).
- Customers using delivery address which is different from billing address.
- Ordering multiple numbers of the same item.
- Seem to be out of the ordinary.
Look for customers which fall into the following areas:
- Use free/ anonymous email address.
- Don't provide a phone number or invalid number.
- Seem to be using an usual address or only a postal box number.
- Don't want to pay in full up front.
- Have usual shipping requirements i.e. quick delivery or immediate shipping.
- First time buyers.
- Fail in any credit or identity checks procedures you have in place.
- Placing orders to be delivered to different addresses.
Look for credit card numbers:
- Which are different numbers but ship to the same address.
- Which are the same number but shipping to different addresses.
- Generate many orders in a short time frame.
Note none of the above are signals that fraud is occurring, but the merchant should have procedures in place which mean orders which meet these circumstances are likely to be checked out in more detail.
Preventative measures.
Delivery:
- Don't deliver until payment is verified and cleared.
- Don't accept "Cash on Delivery" payments.
- Use courier tracking services - not straight postal service.
- Use courier service which requires signature on delivery.
- Don't ship to high risk countries without double checking order and customer details.
- If order is in question, don't ship until additional identity and payment checking is complete.
Orders:
- Keep records of orders to build up a picture of "average" order.
- Validate all details of order.
Customers:
- Where possible confirm customer actually exists (phone book, internet searches are a start)
- If possible use an address verified system, where you send information to a given address and receive acknowledgment that information has been received.
- Where billing and delivery addresses differ, ensure they are valid.
- Record all contact you have with customers.
- Confirm phone numbers (e.g. via on line directories) and addresses.
- Where possible confirm email addresses.
- Where on line order is questionable, consider ringing customer to verify order and details.
- Ensure all orders and payments are authenticated (and customers are aware this forms part of terms and conditions of trade).
- Maintain records of customer purchases to establish their buying patterns.
Credit Cards:
- If questionable request independent copy of customers signature and credit card front e.g via fax.
- Check credit card number and confirm issuing bank and country of origin of the card to ensure they match details supplied by customer.
- Call issuing bank and confirm customers details.
- Consider keeping a record of credit card numbers (OFF LINE !!) you have problems with have suspicions about. ** See credit card processing section **
Countries to watch.
The following are potential high risk locations for on line fraud. This should not prevent merchants trading with these locations, just take additional care.
|
|
|
|
Credit Card processing.
Although on line transactions can be processed manually, 4success strongly recommends merchants consider this only as a last resort. It is much safer and efficient to have credit card payments validated and processed in real time. This helps avoid potential problems with credit card details being stored or transmitted, as these can be hacked or intercepted.
When accepting credit card transactions 4success recommends:
- Use real time verification and processing service. (Via well proven suppliers such as DPS).
- Do not store credit card numbers on web site database. Once transaction has been processed or transaction has been declined, ensure card numbers are deleted. It is better to have customer replace an order than for merchant to be liable for loss due to stolen card numbers retrieved from a site.
- Use secure link when collecting and processing Credit Card transactions.
- If Credit Card numbers must be stored or transmitted, use strong encryption.
If you require a web site which accepts on line transactions - contact 4success now.
