Merchant Account Services

Ecommerce 101

Everything You Need to Know to Get Your Online Store to be Sccessful


Author: Jim Conners ()

Rating: 10.0

Pages: 1|2|3|4|5|6|7|8|9|10|11|12|13|14

Fraud Control

The second greatest concern for ecommerce store owners, second only to getting potential customers to their website, is how to reduce or eliminate fraud. Fraud can kill a small or newly established ecommerce store and even prevent the store owner from ever accepting credit cards again because of excessive chargebacks. Fraud means lost inventory, lost revenue, and lost time.

To learn more about chargebacks and how to prevent them read our article The Chargeback Challenge.

So what tools do you have available to you to help protect yourself against fraud?

  • Address Verification

    Address Verification, better known as AVS, is a service that verifies the address a customer provided during the checkout process matches the address the customer has provided their credit card issuing bank. The theory behind AVS is a user should provide the same address during checkout that they used during checkout and only the cardholder will actually use the proper address. A stolen credit card user will either not know the proper address and/or not use the proper address because they obviously do not want to send the products they ordered to the actual cardholder's address.

    So, how does knowing this help you reduce your exposure to fraud? If a customer's AVS does not return a match it should be a red flag to further investigate the order. Their are limitations to using AVS so it should not be a large factor in your decision making process.

    See our blog post The AVS Game to learn more about AVS.

    See our blog post Always Decline Transactions That Fail AVS? for a discussion on declining sales based on AVS.

  • Card Verification Code

    The card verification code, better known as CVV or CVV2, is the three or four digit number that appears on all major credit cards. The theory behind CVV2 is if a customer knows the CVV2 number for a credit card then the card is in their possession and is not likely to be a stolen credit card number. Notice that we didn't say "stolen credit card" but rather said "stolen credit card number". Obviously if someone has stolen the credit card they have the CVV2 number readily available. But if someone has stolen a credit card number from a receipt or by looking over someone's shoulder they will not have the CVV2 number available to them.

    So, how does knowing this help you reduce your exposure to fraud? If you receive an order and the CVV2 number is incorrect, it should be a red flag to investigate the order further. There is no reason for this number not to match if the customer has the credit card in their possession.

    See our blog post What is CVV2? to learn more about what CVV2 is.

  • Verified by Visa & MasterCard Securecode

    Commonly referred to as 3-D Secure, these programs essentially verify that a customer making a purchase on your website is the legitimate cardholder. The cardholder provides a unique number that only they know. It is does not appear on their credit card so no one can find it or steal it. By entering that number during the checkout process they are verifying that they are the legitimate owner of that card.

    Benefits of these systems include guaranteed payments on fully authenticated transactions even if he transaction is later determined to be fraudulent. If a chargeback is filed on a fully authenticated transaction the merchant never even sees the chargeback. The burden of the chargeback is now placed on the customer instead of the merchant. As a result a merchant could see a reduction in chargebacks of up to 70%.

    To learn more about Verified by Visa & MasterCard Securecode read our article 3-D Secure Payer Authentication.

  • Third Party Tools

    In addition to tools offered by merchant account and payment gateway providers, third party companies offer additional tools that add an additional layer of fraud prevention to your order processing. These tools compliment, but do not replace, the tools available to you through your merchant account or payment gateway provider.

    The most common feature of these tools is the use of a negative list. A negative list basically is a list of credit card numbers, addresses, and more that have previously been used in fraudulent transactions. By comparing orders to information on a negative list you can see if you get any matches which might indicate that a transaction is potentially fraudulent. These services compile this list from their userbase thus ensuring that once one of their customers experiences fraud a finger print of that order is included in their database thus reducing the rest from experiencing the same loss.

  • IP Blocking

    In some regions of the world fraud is so rampant that simply preventing any users from this region from making purchases, or even access the website at all, is necessary. Asia, most of Africa, the Middle East, and Eastern Europe all have high rates of fraud and accepting orders from these regions is high risk.

    To prevent these users from accessing your site you can block their entire region from accessing your server. To do this you need to block the IP addresses of these countries. The Apache webserver, which powers most ecommerce websites, offers the functionality to do this. All it takes is one file to effectively block your entire website from high fraud regions of the world.

    See our blog post Blocking High Risk Countries From Using Your Website for the code necessary to do this.

  • Common Sense

    Although there are many automated tools available for detecting fraud, there are none better then common sense. Many fraudulent orders stand out as they tend to "look" different from your regular orders. Often times they are extraordinarily large or request services that are not normally requested (e.g. shipping to a foreign country). Many of these orders are enticing to accept as they tend to be very large and profitable...if they weren't fraudulent. Accepting an order that is very suspicious never turns out well. Be sure not to fall into the lure of the large sale. If it looks suspicious, do your best to verify it before shipping your products. If you can verify it, your best bet is to refund the transaction and refuse the sale.

If detecting fraud was as easy as just checking "a, b, and c" it would not be the number one concern of merchants, banks, and consumers alike. Before accepting orders online every merchant should have a plan for scrubbing orders to verify they are legitimate. It should include small factors like AVS and CVV2 verification to being proactive and calling any orders that are large and/or suspicious. The small amount of time it takes to verify an order will more then offset the costs incurred by chargebacks and lost merchandise. Merchants who are thorough and diligent in their fraud prevention, even in high risk businesses, can effectively minimize their exposure to fraud.

Compliance Issues | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Promoting Your Store