ADVERTISEMENT

How a business can fight fraudulent online orders

By  |  Published: January 16, 2017

Your Business Credit
Your
Elaine Pofeldt is a journalist whose articles on entrepreneurship and careers have appeared in Fortune, Working Mother, Money and many other publications. She is a former senior editor at Fortune Small Business magazine and an entrepreneur herself, as co-founder of 200kfreelancer.com, a website for independent professionals. She writes "Your Business Credit," a weekly column about small business and credit, for CreditCards.com.

Ask Elaine a question or read her prior answers in the 'Your Business Credit' archive.

Question Dear Your Business Credit,
My company was victimized by online credit card fraud. A stolen credit card was used, and we shipped our product to an address different than the billing address of the credit card. We reported this to our local police. Our credit card processor says that we are responsible, but I don’t trust that answer. – Shai

Answer Dear Shai
I’m sorry to hear that your business was victimized by fraudsters. Sadly, there are so many online crooks out there that every business owner needs to be very vigilant about fraud.

You’re wise to get a second opinion on what the merchant processor told you. To find out what your responsibilities are, I checked with Jen Lee, an attorney with offices in San Ramon and Tracy, California, who frequently advises clients on debt-related matters and is a co-author of “Preventing Credit Card Fraud: A Complete Guide for Everyone from Merchants to Consumers,” a book that will be published in March 2017.

She recommended that you review your merchant services agreement with an attorney to see what it says about liability for fraudulent transactions. If the agreement shows you are not liable, you and your attorney should have grounds to dispute the processor’s contention that you are responsible for the fraud.

However, it does seem likely in this case that the merchant processor is correct.

“Generally speaking, for online transactions where the merchant does not see the actual card, the merchant ends up assuming the liability for fraudulent transactions and ends up losing out twice – once for the shipped merchandise that is likely forever lost and then having to pay back the bank for the fraudulent charges,” Lee said in an email.

As you already know, fraud can be costly. So what can you do to prevent it in the future? First, I’d take a look at the fraud-prevention guidelines for merchants issued by Visa, Mastercard and any other cards you accept. Visa, for instance, suggests that merchants processing “card-not-present” transactions confirm orders sent somewhere other than a customer’s billing address by reaching out to the customers through a point of contact associated with the billing address, not the ship-to address.

Visa points to several red flags that may suggest fraud: a first-time shopper, a larger than normal order, an order that includes several of the same item, an order with many big-ticket items, rush or overnight shipping requested and shipping to an international address.

Other possible warning signs of fraud, Visa notes, are transactions with similar account numbers, transactions placed on multiple cards that all ship to the same address, multiple transactions on one card over a short period, multiple transactions on a single card with one billing address that are being sent to multiple shipping addresses, multiple cards used from a single IP address and orders from internet addresses that make use of free email services.  

Of course, there’s an element of judgment here. If you sell holiday gift baskets and a regular customer is sending three baskets to different addresses, they could well be legitimate transactions. Nonetheless, it wouldn’t hurt to confirm the transactions with such a customer at the phone number or email address normally associated with the billing address. Many consumers have been victimized by identity thieves and will appreciate the efforts you take to protect them from unauthorized use of their card.

If you want to add an extra layer of scrutiny of credit card transactions, technology can give you an assist. Online merchants can join Verified by Visa and Mastercard SecureCode, services that verify the identity of consumers who have opted in for the programs.

“These are both products that assist in helping merchants detect non-authenticated customers using a card that has been compromised,” said Seth Ruden, senior fraud consultant at ACI Worldwide, which provides electronic banking and payment solutions for financial institutions, merchants, billers and processors. American Express offers a similar product called SafeKey.

It should get easier for online merchants to verify ecommerce solutions in the near future, thanks to advances in areas such as biometrics. I’d recommend paying close attention to news of new fraud-prevention technologies. They could end up saving you a bundle.

See related: Chargebacks hit merchants not ready for EMV chip cards, What to do if you suspect fraud by a customer

Meet CreditCards.com's reader Q&A experts

Does a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.

ADVERTISEMENT
ADVERTISEMENT

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Updated: 08-18-2017

ADVERTISEMENT


Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


ADVERTISEMENT