Fraud detection software systems are now readily available to help merchants minimise the risk of fraud, Sharon Wild writes
Merchants must arm themselves with defence mechanisms to reduce their exposure to losses from online credit card fraud.
If a merchant fulfils a fraudulent order, not only can they loose their merchandise, they face charge-back bank fees, being black listed by their bank and administration hassles.
Cost-effective fraud detection software systems are now readily available to help merchants minimise the risk of fraud.
Services such as the Maxmind credit card fraud detection system use a series of checks to determine a fraud risk rating for each online order received.
Checks used in the Maxmind system include:
- IP address country and city detection
- comparison of the IP address country with the billing address country
- comparison of the credit card issuing bank's country with the billing address country
- whether a free e-mail address was used
- whether the country is a ‘high risk' country
- whether an anonymous proxy server was used to place the order.
The system then generates a risk rating (between zero and 10) and a corresponding fraud risk description from ‘extremely low risk' to ‘very high risk'.
In addition to the paid subscription service, Maxmind also offer a free service called the ‘online fraud screener' suitable for businesses with a low volume of Internet sales.
In addition to specific fraud detection software, you can use other techniques to screen your Internet orders.
CVV numbers
Credit-card verification numbers (also known as CVS, CVV2, CVC, CVN) are three-digit special security codes printed after the credit card number on the back of a Visa or Mastercard.
Many online credit card processing systems now accept CVV numbers and will check them as part of the payment authorisation process.
Alternatively, you can ask your customer for their CVV number and then use it when telephoning your merchant bank for authorisation.
Fraud hot list
Below is a list of the top-20 countries that generate the highest levels of Internet fraud.
Orders received from, to be delivered to, or with an IP address from these countries should be thoroughly scrutinised.
As a minimum precaution, you should request identity information for such orders. Alternatively, you can implement a policy that prohibits fulfillment to these countries.
Merchants can also include special software detection in their shopping carts that prevent people with an IP address from this fraud ‘hot list' from being able to place orders through their website.
Different billing & shipping addresses
It is best to implement a policy to only deliver to the billing address of the cardholder.
Otherwise, a shipping address in the same or neighbouring suburb as the billing address may be legitimate, however an address in another state or country may not.
Type of products
Some products such as electronic goods and brand-name goods are easily resold, making them a more attractive target for fraudsters.
With experience you may be able to profile particular products that attract fraudulent orders.
Multiple items
If multiple of the same item is ordered, beyond normal consumer levels, it may raise a red flag.
Fast shipping
Fraudulent orders will often request the fastest possible shipping method.
High value orders
Orders with high value should attract greater scrutiny.
Interactive voice response terminals (IVR)
IVR terminals are a technology that is reported to reduce charge backs and fraud by collecting a ‘voice stamp' or voice authorisation and verification from the customer before the merchant dispatches the order.
Company name on credit card statements
Let your customers know what company name will appear on their statements. If you have a third-party credit card processing company's name appear on the customer's credit card statement, the customer will then know what the charge is for, and not request a charge back.
Free e-mail address
A small red flag should rise when you see a customer using a free e-mail address when ordering (eg Yahoo, Hotmail, etc). A free e-mail address may be appropriate for small consumer orders, though not for business transactions.
Signature on delivery
If possible, use a delivery carrier that requires signatures on delivery and provides copies of the signatures for your records.
Asking for confirmation of the time the order was placed
After processing a card payment, email your customer asking them to tell you the exact time, date and amount that you charged to their card. The customer will then telephone their bank. The bank will only provide this information to a person if it is satisfied that the person is the true cardholder.
Warning message
A simple website warning message advising that IP addresses are recorded can act as a deterrent.
Notices that you will not deliver products to your specified list of ‘hot fraud' countries will also assist.
For all orders that you consider to be suspicious or that fail a test on your fraud checklist, you should contact the customer by phone and/or e-mail to attempt to verify the order.
For our business, if an order is suspicious we use two techniques:
- require a direct deposit bank payment before proceeding with order fulfillment
- send an email to the customer requesting them to fax or email to us a photocopy of their drivers licence and both sides of their credit card. We also request their CVV number. If we do not receive the right information, we do not process the order.
Fraud hot list
- Indonesia
- Romania
- Nigeria
- Ukraine
- Yugoslavia
- Lithuania
- Egypt
- Bulgaria
- Turkey
- Russia
- Pakistan
- Malaysia
- Israel
- Hungary
- Mexico
- Philippines
- Belarus
- Estonia
- Latvia
- Macedonia.