|
Online Credit Card Fraud We always try to gain profit or experience out of every transaction; with our early experience with online transactions we certainly gained a lot of experience. We fell into the trap of overwhelming initial sales, and took for granted that the clients buying on our website were honest nice people who were just glad to buy our products…………..wrong
Amongst our early sales there was a small but significant amount of “suspicious transaction”, after reviewing the transactions, we realized that we had delivered goods brought using stolen credit cards. Were did we go wrong? We had bank authorizations, a local delivery address on one of them, but after a discussion with our merchant facility supplier we realized “Huston we have a problem”Most credit card fraud happens in a “card not present” environment, telephone, mail order, and in our case onlineSo, since we didn’t profit out of the experience you may as well profit from our experience Here are few tips we have put together that now make up our online fraud protection policy that we use for our clients 1) Are you dealing with the credit card owner? Authorization of a card checks that the card has not been reported stolen, that account number is valid, and there are sufficient funds, however, the person using the card may have stolen it. It is the merchant’s job to establish that you are dealing with the owner. The easiest way to do this is to establish the relationship, but let’s be realistic; this is the World Wide Web, so plan B.Don’t have a completely automated system, perpetrators look for unsecured pages and automated systemsProcess them manually or use PayPal, as they have already established the relationship 2) Never process a credit card transaction on behalf of another organisation We probably have all received the emails for a genuine looking business in Africa, who can’t get mobile phones or laptops in their country but have a credit card that you can use, and they don’t even mind if you make a commission Get real, wake up, send the details supplied to your bank 3) Where is the order coming from? Avoid dealing with certain countries Africa, Indonesia and South America to name a few.Use a CGI bin look up like http://www.testtown.net/cardinfo/ to check that the card issue location matches the delivery addressAvoiding dealing with clients who only supply mobile numbers and use free email accounts 4) Delivery the missing link Our missing product was signed for by Bob, we asked FedEx “ah Bob who?” “Your client’s brother in law”Use registered post, if available, always use a reputable courier and only deliver to a person not a P O Box. Always be suspicious of urgent delivery request to third parties, i.e. Brother in laws called Bob, or “My Singapore Office” 5) Is your customer data secure The cards used in our incident were part of a batch of US card details stolen from an online processing centre, always were possible store client’s confidential information on a secure site or offlineWith SSL your clients details are safer than if they hand the card over at in one of those restaurant folders, but imagine the damage to your organizations reputation if your responsible for the loss of the details. The web is still the wild wild west for merchants, there’s gold in them there hills but remember “lets be careful out there”Steven Sloan Steve Sloan is the CEO of Evitz and is one of Australia’s leading online strategists |
SEM Explained 