The US Department of Justice warns against the type of Internet fraud that results when an unsuspecting customer goes online to purchase goods or services and their credit card information is misused or stolen. However, another surprisingly common form of fraud results when an unscrupulous card holder goes online and defrauds a business. Most often this type of fraud takes on one of two profiles. In scenario number one, an individual will go onto a site and order something fairly inexpensive in order to test a credit card to see if the information they have stolen is correct. By going online they do not have to face a company representative if it declines and they are unable to complete the purchase, and more importantly they can try the charge over and over. The second scenario is when an individual goes online to a site and makes a large purchase, provides a valid shipping address, and once the merchandise is delivered they disappear and resell it to make a profit.
While both types of fraud are bad for a company’s bottom line, the larger purchases can be especially harmful, as many merchant account providers (credit card processors) have steep penalties for transactions returned as fraudulent. On top of those fees there is also the added loss of the inventory that is shipped to the fraudulent purchaser.
Do Not Sacrifice Thoroughness For Speed
While it makes it faster and easier to do business by charging customers as they place orders on your site, it can open you up to unwanted risk. If a fraudulent order comes in and the customer is charged immediately by the time you login to view the order, you will have to retroactively fix the situation by issuing a credit and canceling the order. Therefore, it is a much better system to have your transactions merely authorize when the order comes in and then manually review them before you proceed any further. This way if the order appears to be fraudulent you can follow-up and if need be cancel the order at the authorization stage; which will only cost you a few cents in authorization fees rather than a percentage of the entire transaction when it is charged and that same percentage again when it is credited back
Configuring Payment Processing
Check for Legitimacy
When you are looking at an order some important things to note are the following:
-Do the billing and shipping addresses make sense? If the billing address is domestic and the shipping address is outside of the US that order is questionable. Even if an order has two different addresses domestically, you may want to verify the order.
-Where is the IP address from? If the billing and shipping addresses match or are similar (say they are both in New York) but the IP address that the order was placed from is elsewhere (say Tennessee) the order might be suspicious.
-Has the customer placed orders before? If they are a loyal customer obviously there is nothing to worry about but if they have placed several orders that never went through you probably will not want to process that order either.
-Does the email address look legitimate? If the email address looks like one that is completely made up (say firstname.lastname@example.org) or if it is distinctly different from the information on the order (say the order is under James Smith and the email listed is email@example.com) you may want to call the credit card holder to verify.
Let Your Provider Minimize Your Risk
Some providers are not PCI (Payment Card Industry) compliant and only about 550 nationally are CISP (Cardholder Information Security Program) certified. If you are not using a compliant solution you can potentially face lawsuits and crippling fines.
Using a PCI compliant/CISP certified provider is not just a way to protect you; it is also a way to promote your business. Because of the restrictions on credit card data that we have in place, your customers can be assured that you will not be abusing or misusing their information.
One of the best ways to make sure that orders are legitimate is to give customers a call or email them. This allows you to verify order information and also provide a strong sense of customer service. When calling to verify order details to prevent against fraud you can also use the opportunity to confirm product options, quantity, shipping preferences, etc. This can definitely boost the customer’s view of your legitimacy as a business and your care for the company’s products and their individual order.
If you need to issue a credit be sure not to over-issue the credit amount as it can be difficult to recapture the discrepancy in funds afterward. If you have any questions it is best to contact your provider and have them send you instructions or walk you through it.
If you accidentally do process a fraudulent transaction (i.e. authorize and then capture) it is always best to credit back the funds rather than wait for the charge back to come to you. The truth is that most credit card companies tend to side with their cardholders over a business when there is a dispute. Unless you have overwhelming evidence (like a signature proving that a customer did receive the product, etc.) you will likely lose a charge dispute. When the dispute is lost the funds will be taken back from you and you will be assessed various charge back fees.
-Kate Pierce, Ecommerce Specialist