|Avoiding ecommerce credit card fraud|
Friday, August 3, 2012
Below are some key points to consider when processing a sale which can protect the merchant:
- Make sure the AVS matches = zip code should match when you enter into the terminal. If not, ask for the zip code of the billing address on the card. If they cannot provide it, then this is a red flag.
- The bill to and ship to addresses should match
- Fax an authorization form for the merchant to sign (See Exhibit 1) if this is a telephone or mail order
- Request a signature upon delivery if you are shipping the products
- If you are shipping internationally, all liability falls on the merchant at this point. If there is a chargeback, you will be held liable regardless of what documentation you can provide.
- If you are taking the cardholder information over the phone, you can ask for the issuing bank’s information which is usually located on the front of the card. Call the issuing bank to verify the name and address on the card. If these do not match, then fraud is involved. Contact your merchant provider immediately.
- First-time shopper: Criminals are always looking for new victims.
- Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase.
- Orders that include several of the same item: Having multiples of the same item increases a criminal's profits.
- Orders made up of "big-ticket” items: These items have maximum resale value and therefore maximum profit potential.
- "Rush” or "overnight” shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale and aren’t concerned about extra delivery charges.
- Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S. AVS can't validate non-U.S., except in Canada and the United Kingdom.
- Transactions with similar account numbers: Particularly useful if the account numbers used have been generated using software available on the Internet (e.g., CreditMaster).
- Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: Could be an attempt to "run a card" until the account is closed.
- Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
- In online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could definitely indicate a fraud scheme.
- Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.