11/10/2015 9:04:00 AM
By: Janice Stedman, Online Fraud Specialist
You have a website and you are selling?!
I can’t tell you how many people I have encountered in my nearly two decades of fraud prevention that started up a website to sell their wares only to be destroyed by credit card fraud. From the little guy selling handmade jewelry to big corporations that took their brick and mortar presence online and hoped to do wonderful things. Boy, were they surprised! One minute they are enjoying success by selling and selling and selling…then one day they were discovered by the bad guys.
It all begins with one bad guy sitting in a cyber café in some remote corner of the world. He just bought a list of credit card numbers complete with owner information. As he sits staring at the screen his fingers start to fly across the keys in search of the perfect web-store, and then he finds what’s he’s looking for, an internet retailer who isn’t fighting back. They are an easy target from which to purchase goods and or services with his stolen card numbers. You see, the black market is very lucrative in his little remote corner of the world. So he shops with you. First he starts small, perhaps just a twenty to thirty dollar order. He finds something nice that will be easy to sell, and enters all the information for the credit card. He clicks the submit button and the order goes through. He is presented with a confirmation number for his order, and he smiles. He chooses to ship the package next day air to his “mark” in the United States. His mark is a retired teacher in Pennsylvania who took a job “working part time” accepting packages shipped by various retailers. The teacher’s only responsibility is to accept the packages, take pictures of the invoices, email them to his “boss” and reship the packages to some remote corner of the world.
Now that the bad guy was able to get one order to go through, he’s going for his pay day. He places another order. Except this time…..much larger. He purchases the highest priced items found on the website. He buys everything and anything he can that will sell quickly. He enters the information and the order goes through. Again, he smiles.
Tomorrow he knows he will receive an email from the recipient showing him the merchandise arrived! He thinks to himself….some days are great, finding a web-store without fraud control or protection is most excellent!
Over the next several days, weeks, months he will place order after order using different billing information, different shipping information and different credit cards and he won’t stop until you catch him. Oh, and by the way… yesterday at breakfast, in the cyber café….he told all his friends about you too.
You see where this nightmare is going, right? As much as starting your own internet store can be profitable, it can have a very adverse effect if not done properly. Before you even begin to consider selling on the web you need to have some policies and procedures in place to protect and ensure the money you make, you get to keep.
Step One: Don’t make it easy for the bad guys… make it hard and they will move on to someone else’s website. I realize it is a fine balance. You want to make it easy for your guests/customers but you want to discourage those who are looking to profit from you!
Step Two: Think through the possibilities – think like a bad guy!
When I first got started in this business I had Retail Loss Prevention experience. We dealt with internal fraud, and external shoplifters. The rules of those games were much different than what I was experiencing in the eCommerce world. So, I had to learn the patterns and behaviors of the thief who wanted my product. Using the data I collected from orders we had confirmed to be fraudulent and from which we had received chargebacks I make a simple spreadsheet. From there I determined what the bad guys were after, what was the common thread in identifying them, and their modus operandi, so to speak.
Here is what I learned from that first exercise:
- Most attacks happened between 1 am and 4 am.
- Watches, Fragrances, and Shoes were very popular
- All of them were sent express shipping
- None of the bad guys were smart enough to get the area code of the phone number to match the billing information
- Almost all IP addresses seen were from Europe or Africa
I will never forget getting a call from our merchandising department. They were so excited at the number of watches that had been sold online. It broke my heart to tell them that the majority of the orders with watches on them weren’t sold… they were stolen, purchased with compromised credit cards. All sales we would eventually lose due to chargebacks.
So, you have to do your homework. Network with others and seek out vendors to help navigate the e-commerce waters. Put the protection in place where it does the most good in stopping fraud, while continuing to reward your good customers with an effortless shopping experience.
As a start, look for the following:
- A good payment processor – more wallets can mean more hassles
- A fraud logic provider, also known as a fraud management platform
- A reliable source for reverse data
- An individual to look for order fraud who has an analytical mind and likes solving puzzles, can see a trend in the patterns, and takes it personally when money is lost.
These basic steps will put you ahead of those who don’t, which means that if the bad guys try your site and the order is rejected or cancelled, they will move on to another site where the order goes through.