Magazine Article | June 1, 2001

E-Liminate Fraud

Source: Innovative Retail Technologies

Electronic payment processing has its own set of challenges when it comes to battling fraudulent transactions. Together with the credit card companies, e-tailers can reduce the risk involved with Web sales.

Integrated Solutions For Retailers, June 2001

Online shopping carts are filling up. According to the Forrester Online Retail Index, 13.5 million households now spend an average of $260 in one month. More consumers than ever before have access to the Internet and online shopping. But increased online activity inevitably means a higher chance for fraudulent transactions. E-tailers who have still not armed their sites with the latest fraud protection devices should be aware that technology is not the only thing to evolve on the Internet - so have thieves.

Electronic Transactions Make For Risky Business
Since profitability is a main concern for e-tailers, fraud prevention and risk management are key. Online retailers need to know how to identify potentially fraudulent transactions, therefore minimizing the loss involved. Julie Fergerson, VP of emerging technologies and co-founder of ClearCommerce, suggests one way retailers may arm themselves against repeat fraudsters is by establishing a negative file. This is a list of those who have committed fraud against the retailer in the past. "This isn't just a list of credit card numbers and billing information," Fergerson said. "It should be the credit card number and the shipping information. A billing address might be legitimate, but if the shipping address was fraudulent, then the chances of it popping up again are high. Even thieves are creatures of habit and will use the same address again."

But, before retailers can identify repeat offenders, they have to weed out the legitimate transactions from the fraudulent ones. Since online retailers do not have the insurance of a physical credit card swipe or a signature with each purchase, business automatically becomes riskier than in a brick-and-mortar environment. "There is a higher cost for card-not-present transactions and a higher incidence of loss to the merchant in terms of charge backs," said Ray Moyer, CEO of Electronic Payment Exchange (EPX). "It is a risky transaction, and the rules that govern disputes considerably favor the consumer as opposed to the merchant." This has opened the doors to fraud schemes that cost merchants time and money. Each time a customer disputes a credit card charge, the retailer has to conduct a charge back (a reverse transaction). "Merchants get fines, which range from $10 to $25, for charge backs, and they have to do paperwork that could take 10 to 15 minutes for each one," Fergerson said. "An e-tailer might think it made $100,000 one month, until $10,000 worth of charge backs come through. This is a nightmare for the accounting department that is trying to manage cash flow and recognize revenue for a business."

Protection On The Front Lines
Moyer divided fraud into two categories: friendly and non-friendly. They might not sound very threatening, but neither is welcome in the retail world. Friendly fraud involves a consumer who uses his own credit card to purchase items on a Web site, and then when he receives the bill, claims that he did not authorize the transaction or receive the merchandise. "It takes considerable effort on the merchant's side to track down this type of fraud and prove that it was the consumer who initiated the transaction," Moyer said. "The merchant knows that the consumer visited the site because it has gathered a significant amount of information about the consumer including his e-mail address. But a lot of this information is not usable in a charge back dispute." Visa and MasterCard are trying to move at Internet speed to develop fraud prevention strategies, but the changes don't seem to come as fast as the industry is growing.

One such system is called the Address Verification System (AVS) which enables an e-tailer to ask the consumer for the billing address of the credit card. So, while the merchant is asking for credit card authorization, it can also be checking if the credit card billing address matches the shipping address. If the merchant uses a trackable mailing system (such as UPS or FedEx), then it can request a signature upon receipt of the package, which serves as evidence that the product was delivered. If the AVS indicates that the billing address differs from the shipping address, the merchant can refuse to continue the transaction.

Non-friendly fraud occurs when a fraudster obtains someone else's account number and uses it to buy goods and services. A number can be obtained through a non-secure Internet site, stolen credit cards, or even a credit card number generator. To ensure that the consumer got the credit card number off of an actual card, e-tailers can request an additional number built into major credit cards called a CVV2 value. This number is printed on the back of the card and would not be known unless the card was present. Making use of this number requires e-tailers to include additional fields on its checkout page, but gives them an added security measure.

Gartner estimated that the top 150 e-tailers have an average fraud rate of 1.1%. Fergerson said that even if retailers use only basic security and fraud prevention tools, they can decrease that number by almost half. The more prevalent fraud prevention systems become, the better it will be for the retail industry as a whole, as fraudulent transactions are identified and stopped in their electronic tracks.

Questions about this article? E-mail the author at