In addition to thoroughly vetting online job applicants and current employees, we are now in the day and age where we have to almost conduct background checks on our customers.
Recently, a small businessman received a phone call from a potential customer who asked about his inventory of a specialty product and wanted to know how quickly she could have 50 of them delivered to an address in Miami. Satisfied that he had them in stock and that they could be shipped right away, she placed the order. Her phone number included a Miami area code. However, the billing address for the credit card she used was in Maryland. This scenario wasn’t completely unusual, but worth a deeper look.
A bit suspicious of the details of this order, the company did a little investigating to find out more about the company name she provided along with her order. They couldn’t find anything. They did a reverse phone number search. Nothing turned up.
Still, they authorized this person’s credit card in preparation for fulfilling her order. The next day a phone call was received from someone with, not so ironically, the exact same name. She asked why there was a credit card authorization on her card. Bingo! His hunch was right.
The small businessman explained to this person that someone had placed an order the previous day using her credit card, and that the impersonator had asked the company to ship more than $1,000 worth of products to an address in Miami, which turned out to be a UPS Store location.
In one year alone, a small online sporting goods company lost close to $10,000 to fake customers. In the particular situation just described with the fraudster in Miami, this business stood to lose more than $800 had we not been notified by the actual cardholder that we were being taken.
The combination of today’s methods for storing data and the prevalence of ethically-challenged people eager to find credit card information to use or re-sell has made this a real issue for owners of online businesses. The anonymity that exists in cyberspace adds to the problem.
For online business owners, here are some things you need to know to protect your business. Merchants who send products to people who are not who they purport to be are certain to incur a loss as soon as the real cardholder notices that a fraudulent charge has been placed on his card and notifies the card issuer. The online store owner is always completely exposed to the risk when this kind of online fraud is committed. Credit card processing accounts typically show no mercy to online store owners who, in good faith, sell items to thieves who appear to be legitimate buyers.
Signs of online fraud
Sadly enough, online businesses have been victimized by credit card thieves enough times that some trends are easily spotted. Here are the most common signs that a customer is shopping your store using someone else’s credit card.
- Multiple quantities of the same item.Most of the fraudulent orders include large quantities of the same item. These people know that they only have a few chances to make good on a stolen credit card, so they try to make it pay off as much as possible on any one transaction. They tend to order multiples of products that don’t seem natural. For instance, someone ordered 20 football jerseys in the same size and color from a sporting goods store.
- Expedited shipping.Someone purchasing with a stolen credit card is likely to use expedited shipping without any apparent regard for the exhorbitant shipping cost. Most fraudulent orders are placed using overnight or 2nd-Day Air shipping. People who are committing fraud typically understand that they need to hurry so as to not be detected before they’ve gotten what they want.
- Billing address and shipping address geographically far removed.Although there are often customers who need to have something shipped to a sister office in their company or who have some other legitimate reason to request an order be shipped to an address that is hundreds or thousands of miles away from their billing address, using geographically disparate billing and shipping addresses is typical of those who are committing fraud.
- Using a Hotmail, Gmail or other non-professional address.This rule applies mostly to customers who claim to be ordering for companies. If the stuff on the right side of their email address (e.g. firstname.lastname@example.org) doesn’t match up with the organization they claim to represent, and instead they use a free email service, there is more likelihood that the person really isn’t associated with the company.
There are several other smaller signals that, when considered together, can help a store owner recognize when someone is trying to commit credit card fraud. For business owners who want to be extra careful, more advanced fraud prevention tactics can be put into place. Usually a business owner is faced with balancing the ability to conveniently sell products to customers with the possibility of being exposed to fraud because of a security policy that is too lax.
Vetting the customer
With the available access to information about people, companies and all sorts of other data, suspicious customers can often be detected through social media or by doing a few Google searches. This kind of research typically increases suspicion about a potentially fraudulent order when there don’t seem to be any online traces of the person placing the order.
Businesses who typically sell products directly to consumers, rather than to other businesses, might have to dig a little more to find out whether their customer seems legitimate. Use Google Maps to look up the address, and in many cases you may discover ship-to addresses that look like they are abandoned houses or that otherwise don’t match up with the rest of the information provided on the order.
Merchant security measures
Merchant providers and online gateways (which allow online store owners to process credit cards) typically have at least some rudimentary protections to keep online store owners safe. One of these protections is the address verification system resource, which allows store owners to match the billing address (typically the street number and/or the ZIP code) provided by a customer to the address on file with the credit card issuer. The security code on the credit card can also be entered by the store owner through a credit card gateway (like authorize.net), which reports whether the security code matches what the credit card issuer has on file for any particular card.
Both of these protections can be circumvented by credit card fraudsters, however, simply by obtaining all of that information along with the credit card number and expiration date for the card they have stolen.
The only true way to make sure that your business is protected when shipping to a credit card owner is to insist that the ship-to address they provide is attached to their credit card account. Credit card companies normally allow cardholders to add shipping addresses to their accounts. A store owner can verify with the credit card company that the address where the goods are going is recognized by them.
Reporting the crime
This part of the process — having lost some amount of money to a credit card thief — can feel like eating crow for a business owner. Those who are willing to spend a few hours filling out a police report (which might as well read “How I allowed my business to get conned”) can report having goods stolen from them through their local police department.
Investigators apparently have more pressing issues to deal with than worrying about online fraud. The best practice is to try to keep this kind of thing from happening in the first place.
This article was summarized from: http://www.ksl.com/?sid=24278768&nid=1014&title=protecting-your-online-business-from-credit-card-fraud&fm=home_page&s_cid=queue-16