|
|
Fraud is one of the biggest threats to e-commerce today. However, before merchants can protect themselves against fraud, they must first understand it. In the most simplest terms Credit Card Fraud to a merchant is defined as: The withdrawal of a payment by the bank that issued a purchaser's credit card from the merchant's bank, also known as a chargeback, even if the merchant had completed the terms of the transaction with the purchaser and assumed cardholder. The History Of Fraud Brick and mortar merchants have been battling fraud for years and, in doing so, have developed methods to deter fraud. These merchants train their staffs to perform a few simple checks to ensure the validity of the consumer's identity. Clerks can compare the signature on the back of a credit card against the signature on the credit card receipt. Clerks can may ask the consumer for a picture ID for further verification. Merchants are further protected from the pitfalls of fraud by the nature of the card present environment. Card present means the credit card is physically present during the purchase. When a dispute occurs in this environment, and the merchant has properly collected the consumer's signature on the credit card receipt, the consumer's credit card company will most likely absorb the disputed amount based on the rules established by the credit card institutions. However, in the Internet arena, merchants don't have the advantages that physical world merchants enjoy. First, it is impossible to collect a valid and acceptable signature of a consumer, let alone a photo ID. In fact, it is almost impossible to perform any of the "physical world" checks necessary to detect who is at the other end of the transaction and to conform to the protections in the card institution's rules. This makes the Internet extremely attractive to fraud perpetrators and a huge problem for Internet merchants. Purchases made over the Internet are considered by financial institutions to be card not present transactions. This means the credit card is not physically present during the purchase. This type of transaction is similar to a MOTO (mail order/telephone order) transaction. If a dispute occurs over a charge in this environment, and the transaction is found to be fraudulent or does not conform to the chargeback rules of the card institutions, the merchant, not the bank, is responsible for reimbursing the entire disputed amount to the consumer or the consumer's credit card company. In addition to reimbursing the cost of the purchase to the consumer, the merchant is also responsible for the cost of replacing the lost merchandise, shipping costs, and any incurred bank chargeback fees and transaction fees. A chargeback is the cost of transferring financial responsibility to the merchants involved in cases of disputed charges--usually $20 to $35 per transaction. It seems unfair that Internet merchants are treated so harshly when it comes to fraud. Unfortunately, it is the nature of the business, since fraud is so easily performed on the Internet. It is the explosion of fraudulent transactions over the Web that contributes to how fraud is handled. According to the GartnerGroup, the rate at which Internet fraud occurs is a rate twelve times higher than physical world fraud. The monstrous cost of Internet fraud has to be assumed by someone. Since credit card issuers are most concerned about pleasing their customers and protecting the integrity of their brand names, they will continue to penalize anyone who jeopardizes these two things. In the eyes of the credit card companies, this is the responsibility of the merchant. To compound the problem, financial institutions have begun cracking down on merchants who have high occurrences of chargebacks. Because of this, many merchants are quickly finding themselves in situations where they are required to pay higher transaction fees and, in some cases, are being charged costly fines of anywhere between $5,000 and $50,000 per month. The worst result of this crackdown is the loss of merchant account privileges for merchants considered to be high risk (usually with a chargeback rate of 2.5% or more of their total transactions). This is frequently a fatal blow for merchants, because it is extremely difficult to get a merchant account reinstated once privileges are lost. Visa ChargeBack
Rules and Fees
MasterCard
ChargeBack Rules and Fees
Who Is At Risk? Unfortunately, occurrences of online fraud are only increasing. According to a survey done by the National Consumers League (NCL), there was a 600% increase in reports of Internet fraud between 1997 and 1998. And, according to NCL records, there were nearly as many complaints of Internet fraud in the first half of 1999 as there were in all of 1998. Although all Internet sites are at risk of fraud, there are certain categories that are targeted more often than others. Companies who sell digital goods or memberships are more at risk for fraud because no postal address is required to complete delivery. These purchases are downloaded to the consumer's computer. According to a study performed by the GartnerGroup, the average chargeback rate for Internet merchants who sell digital goods is 15% of their total transactions, with the rate for some merchants reaching as high as 30%. Also, goods easily traded for cash (such as electronic devices and computer equipment) are popular targets for fraud.
How Is Internet Credit Card Fraud Being Performed? The most common way Internet fraud is committed is through the use of credit cards. This is because approximately 98% of online transactions originate from credit cards. Because of this, many different ways to perform online credit card fraud have been devised. The most common methods used include identity theft, stolen credit card numbers, and credit card number generators. Although these are the most popular methods today, fraud is constantly evolving and fraud perpetrators are becoming more sophisticated as merchants create new ways to combat fraud. IDENTITY THEFT. By acquiring basic personal information, fraud perpetrators can impersonate consumers and apply for credit cards in their names. From there, email accounts using one of the free email providers (such as Yahoo! and MSN Hotmail) can be created to strengthen the impersonation. The new card numbers, along with matching email addresses, can then be used to make fraudulent purchases on the Internet that seem legitimate. STOLEN CREDIT CARD NUMBERS. Stealing credit card numbers is probably the easiest and most common way fraud is performed. Surprisingly to some, there are no known cases of credit card numbers being stolen in transit over the Internet, but rather the majority of the stolen card numbers used on the Internet come from the physical world. Fraud perpetrators can pick up old receipts or statements, or can even be a waiter or waitress who processes your dinner check. Also, in many cases, not only is a customer's credit card number available, but also various verification information, such as the consumer's billing information. This information, coupled with the stolen number, can make for a seemingly legitimate purchase. CARD NUMBER GENERATORS. These are free programs that are widely available on the Internet. Card number generators are used by perpetrators to generate credit card numbers. These synthesized credit card numbers pass the majority of merchant and bank checks. Again, combined with free email accounts, these numbers can be used to make fraudulent purchases seem legitimate. What Can Be Done? With all the obstacles that merchants face--financial and product losses, fines, indifference and outright opposition from financial institutions, growing instances of Internet fraud, and technological advancements in perpetrating fraud--it's easy for merchants to feel victimized and helpless. It is these obstacles that are driving merchants to become more wary of fraud, and more interested in finding solutions to combat fraud. More and more merchants and merchant-focused companies are creating solutions to help cut down on fraudulent transactions and lower merchant chargeback rates. Some of the more popular solutions include manual order review, simple rule systems, Address Verification System (AVS), and negative databases. Unfortunately, there are several problems with these methods that many solution-seeking merchants are unaware of. These methods allow the merchant to think they are "doing something" to eradicate fraud, leading to a false sense of security and an unintentional increase in the number of valid purchases rejected. It is easy to eliminate fraud if the merchant is willing to sacrifice sales. MANUAL ORDER REVIEW. This method consists of reviewing every transaction by hand for signs of fraudulence, and involves an exceedingly high level of human intervention. This can prove to be extremely costly, as well as very time consuming. Moreover, manual order review is unable to detect some of the more prevalent patterns of fraud, which involve the use of a single credit card multiple times on multiple sites in the span of a few minutes. Also, as the merchant's business grows, this solution is not scalable, since it requires the addition of more man power and more man hours (and the increased costs associated with these additions) to be devoted to the solution. SIMPLE RULE SYSTEMS. Simple rule systems involve the creation of if...then criteria that a merchant can compare against incoming transactions. For instance, a merchant using a simple rule system might decide to reject orders originating from free email services or from a foreign country. The disadvantage of this solution is that it can increase the probability of rejecting valid transactions. This not only causes loss of sales, but can also cost the future patronage of disgruntled consumers. AVS. AVS matches the first five digits of the street address and the ZIP code information from the cardholder's collected billing address to the corresponding billing information on record with the card issuers. A code representing the level of match between these addresses is returned to the merchant. However, AVS codes are not returned to merchants until after they have completed processing an authorization. This means that in order to reject the transaction based on the AVS response, the merchant must reverse the authorization, which results in additional processing fees and additional human intervention. AVS is not available for international cards and some domestic card issuers. NEGATIVE DATABASES. Merchants who maintain negative databases create a log of credit card numbers involved in past fraudulent transactions on the merchant's site. The negative database can also keep track of other information, such as physical or email addresses previously used in fraudulent transactions. This information is then compared against incoming orders. Unfortunately, if a credit card is established as stolen or it is used in a fraudulent transaction, it will most likely have been canceled, causing the negative database to be constantly out of date and consequently not of much use to the merchant. Another drawback of negative databases is that the only information entered and acquired is information supplied from the merchant. This means before a merchant can identify fraudulent behavior, a perpetrator must first attempt fraud at the merchant's site; little to no information outside the merchant's site is utilized. What Are The Solutions? If merchants were left to devise a solution to the problem of fraud, it would probably consist of the ability to identify and rule out fraudulent transactions (keeping their chargeback rates low) without ruling out any legitimate transactions (keeping their revenues high). This solution would have the ability to detect and rate the risk involved in accepting a transaction using real, tangible data. Merchants could then decide, based on that data, if they want to accept the transaction. This solution would also utilize an extensive database of information to identify fraud, and have the ability to learn fraud trends and apply that knowledge to improving the solution. In addition, this ideal solution would encompass a system where hundreds of thousands of merchants, across multiple providers, would share fraud data. For example, if a fraud perpetrator were to use a credit card at Site A, it would be ideal if Site B knew about the transaction in real time, before the perpetrator had a chance to move on to Site B.
 |
||
|
|
|
© 1999-2001 FraudScreening.com. All Rights Reserved.