In the first part of this article, I outlined some frightening statistics regarding credit card fraud and chargeback fees to merchants. It's worthwhile reviewing if you haven't read it as yet.

Protecting your online business from fraud...

One of the great things about the Internet is anonymity. One of the worst things about the Internet is anonymity - especially for ecommerce merchant. If you utilize payment gateways for credit card transactions or are considering doing so, it is important to ask the gateway provider about their pre-screening procedures (this precedes actual credit card payment processing). Some offer none at all!

Many payment gateway providers use the Address Verification System (AVS). AVS provides some protection by comparing the billing address on the web order form to the address held by the cardholders bank - But:

The transaction may be approved even if the address verification information does not match! The merchant faces the possibility of chargebacks if the payment gateway decides to continue with the transaction on a questionable match.

The following strategies are worthwhile considering if you sell goods and services directly from your site using your own in-house payment processing. Some of the strategies can also be used in conjunction with third party credit card processing systems.

Request information.

While consumers value their privacy and require quick web site ordering facilities, it is of the utmost importance that you gather sufficient customer identity details during the ordering process. The customers name, credit card number and expiry date is not enough. Tell your customers why you need the information and what you will do with it - after all, it's in their best interests too. The fewer chargeback fees you have to pay, the cheaper you can offer goods and services.

It's important that each order processed from your site also contains information regarding the IP address of the person placing the order. This can then be matched up with the information from your server logs or web site traffic reporting applications (see below). An IP address is a unique network identifier issued by an Internet Service Provider to a user every time they are logged on to the Internet. While this is a good anti-fraud mechanism and useful for tracking fraudsters, please be aware that IP addresses can also be forged.

Email address awareness.

Fraudsters rarely use their own email address. With the proliferation of free email services, it is quite easy to provide false contact details. A false Yahoo email address can be established within 5 minutes. Increasing numbers of Internet retailers are refusing to process web site orders that list free email address services as the primary point of contact, opting to request from customers their ISP or business email addresses. You can check an email address quickly by going to the originating domain and seeing if it provides a free email service. 

Shipping addresses.

If the shipping address is different to the billing address, be wary; although it is not uncommon for people sending gifts to others to request a different shipping address, or if the billing address is a post office box.

You'll rarely find a fraudster sending goods to the legitimate cardholders address. At the point of ordering, request a telephone contact number for your customer. State that you need this number in order to contact them if there are any problems. Many cardholders of compromised accounts have been alerted in this way. The fraudster definitely won't give you his own phone number as he/she can then be traced! If you are unsure, email the customer or call them to confirm the authenticity of the transaction. Fraudsters hate merchant contact of any kind.

Log analysis.

There's plethora of site traffic tracking services and software available now that will not only return very valuable demographic data, but can also assist you in pinpointing the origins of fraud. 

Still one of the best ways to analyze your log files is manually.  By examining your logs carefully, you will be able to find out a suspect order's originating Internet address. This tracking is made easier if you include a Time Stamp on each submitted web site order form. For example, if you find that an order originating from Russia states a billing address of Sydney on the order form, make further enquiries.

Most commercially hosted domains will have a server log available for your account. It's basically a text file that records every single request to the site, including images.  Contained in every request is an originating IP i.e. the ISP issued address of the computer that "asked" for the file.

If you aren't sure about how to access your raw server logs, enquire with your hosting service. Learn more about interpreting server logs.

Overseas orders.

Very risky, but an integral part of your online business. It is very difficult to retrieve goods or apprehend fraudsters once the goods have left the country. Make further enquiries with the credit card company if an order seems suspect.  

Unfortunately, Eastern Europe is still a very high risk region for the origin of credit card fraud, with many online business owners refusing to process orders from Eastern Europe.  Other high risk regions are Indonesia, Egypt, Turkey, Pakistan, Malaysia and Israel.

Unusual orders.

Unusually large orders requesting express delivery definitely warrant further investigation, especially if the customer has not purchased from you before. Customers are pretty cautious, and will tend to place small orders in the first instance to test the efficiency and integrity of your online business, or they'll make some sort of contact with you prior to ordering.

When in doubt, call the company.

Call the relevant credit card company BEFORE attempting to process the order if in doubt... that extra 5 minutes may save you big dollars! Even if the order has been processed through automated systems, it's not too late to follow up before shipping the goods or providing the services. The idea is to deal with the situation before the cardholder is issued a statement, notices something on it that they didn't purchase and then contacts their bank.

Make your anti-fraud policy visible.

Visual deterrents are still one of the most effective ways of minimizing crime. In a bricks and mortar store, signs and cameras do prevent shoplifting to some degree. Why not use the strategy on your site? 

Add bold notices to the checkout pages stating your stance on fraud and that systems are in place to monitor all transactions. Not only will this decrease attempts at fraud, but will also demonstrate to your clients that you take transaction security very seriously.

Utilize specialist anti-fraud services

Like so many online business owners, perhaps you don't have time to carry out rigorous screening. With the increase in fraudulent transactions, many companies have sprung up to act as screening services to help minimize credit card fraud risks to merchants.

As with anything else related to online business security, nothing is guaranteed 100% effective, but the above strategies will definitely assist in decreasing the amount of credit card fraud you experience, or help you track down credit card fraudsters.

Further learning resources

Payment Gateways and Merchant accounts - a beginners guide

Michael Bloch
Taming the Beast
http://www.tamingthebeast.net 
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources
____________________________

Copyright information.... This article is free for reproduction but must be reproduced in its entirety & this copyright statement must be included. Visit http://www.tamingthebeast.net  for free Internet marketing and web development articles, tutorials and tools! Subscribe for free to our popular ecommerce/web design ezine!