By Paul Lang, Editor, Sell It!
March 20th, 1999

See Also   How to Build a Web Store for FREE   How to choose mailing list management software   How to Grow Your Web Business   How to Accept Credit Cards without a Merchant Account   How To Develop Online Products That Sell   How to Change Your Web Hosting Service (ISP)   How to Deal with Disgruntled Customers   How to Get Top Search Engine Positioning   How to Beat Credit Card Fraud   How to Design an Affiliate Program   How to Accept Credit Card Payments   How to Choose a Shopping Cart

From all the media hype surrounding electronic commerce, a newcomer could be forgiven for thinking that making money on the 'Net is easy. Trust me, it's not. A successful Web merchant has to carefully select the product or service they are going to sell, choose an e-commerce solution, and then build their store. But that's just the start of it: they then have to promote their store to encourage people to visit it and then convert these visitors in to purchasers and then hopefully on in to repeat purchasers.

So whatever way you look at it, building an online business takes a lot of work. Imagine then, how an online merchant feels when they see the profits from their hard work being lost through credit card fraud!

There has been much discussion in the media about the impact of Internet credit card fraud from a consumer perspective. This is somewhat surprising really as the incidence of fraud perpetrated by online merchants against consumers is fairly rare and consumers are typically only liable for the first $50 of any fraudulent transaction, and even this liability is often waived by the credit card issuers.

In fact it is usually the merchant who is the true victim of Internet credit card fraud. This is because Internet credit card transactions fall under the heading of MOTO (Mail Order / Telephone Order) transactions, also called CNP (cardholder not present transactions). Most credit card merchant account agreements leave the merchant 100% liable for fraud committed via this type of transaction as well as requiring them to pay a $15-$25 chargeback fee. And as if to rub salt in to the wound, if a merchant experiences a high level of chargebacks they are often hit with an increase in the discount rate they have to pay on each transaction or may even have their account terminated. And once lost, a merchant account can be almost impossible to obtain again.

So just how big a problem is Internet fraud? Global credit card fraud is estimated at over a billion dollars per year, but with Internet transactions making up a tiny percentage of all credit card transactions it is possible to come to the conclusion that Internet credit card fraud is not really a big issue. This might help to explain why banks and card issuers have in general been slow to try and fix the problem.

On the other hand, reports from individual merchants vary. Some claim they have had no problems at all while others claim significant losses. Whatever today's reality is, one thing is clear: the problem is only going to grow as Internet usage and e-commerce continue their rapid expansion.

Indeed, the Internet itself makes the process of credit card fraud easier in many ways. Lists of stolen credit card numbers and even programs to generate valid new numbers are readily available online. And once armed with stolen or false credit card information, the lack of face-to-face or voice contact on the Internet tends to make a thief more brazen than ever.

It would be wise therefore for all online merchants who have not yet been the victim of a fraud attempt to make the assumption that they will experience an attempt to defraud them at some point soon.

It is important for merchants to understand that if they become victims of a fraud they will probably receive very little support from the police authorities. The authorities are likely to view the amount involved to be too small to bother about, or in the case of international orders to be out with their jurisdiction. So it is therefore vital for merchants to put in place fraud prevention processes now and not wait until a fraud attempt occurs.

Before moving on to discuss fraud prevention techniques, one common misconception needs to be cleared up. Some merchants make the assumption that the verification process they initiate when they key a card number in to an electronic swipe terminal provides sufficient fraud protection. This is not the case as all this verification process does is to check that the card has not been reported stolen and that it has sufficient free credit available to fund the purchase.

So why are existing anti-fraud techniques not sufficient? Current techniques for credit card fraud prevention include the use of signatures on anti-tamper tape, holograms and now even the etched image of a card's owner. These are all of no use when it comes to CNP transactions, as the merchant never gets to see the credit card. About the only existing anti-fraud technique that is of any use to the online merchant is AVS - Address Verification Service.

So why is AVS relatively ineffective against online fraud? Read on and find out....

More: Why AVS is of limited use and what you should use instead