In Field Test, Practical eCommerce gathered ten seasoned ecommerce merchants and asked each of them the same questions around a given topic. This month’s topic is fraud prevention.
The participating ecommerce merchants are: Dave Norris, House of Antique Hardware; Justin Hertz, MuttMart; Chris Stump, Only Hammocks; Mike Feiman, PoolDawg; Dan Stewart, Xtreme Diesel Performance; Roman Kagan, Appliance Parts Pros; Cindy Barrileaux, Write Your Best; Claudette Cyr, Gear-Source; Mike Butler, Bloom Designs Nursery; Kristen Taylor, Juvie; Jeff Muchnik, RedBox Tools.
The responses for three of the ten merchants follow below. The answers are shown to preserve anonymity.
PeC: Has your ecommerce business been the victim of credit card
- FIELD TESTER 1: Attempted fraud, but nothing that ever actually went through.
- FIELD TESTER 2: Hundreds of fraud attempts, but I think we actually only got stung once for a small amount.
- FIELD TESTER 3: Yes, we typically see a handful of fraud issues each year.
PeC: How did the fraud occur?
- FIELD TESTER 1: We started getting series of orders that were rejected by our credit card processor followed by an order that would go through, all from the same person. The orders that did go through were strange. Fraudsters were using our site to test stolen numbers with different combinations of billing addresses and CVS codes until they found a combination that works.
- FIELD TESTER 2: A guy calling from an IP phone said he was in San Antonio. At the time we weren’t smart enough to check the location of his IP address, something we now do. He had a San Antonio shipping address. We shipped the item then realized we’d been stung.
- FIELD TESTER 3: The most common scenario is a transaction with separate ship-to and bill-to addresses. The bill-to customer then claims they did not authorize the purchase.
PeC: Does PCI compliance help prevent fraud?
- FIELD TESTER 1: Yes, but PCI compliance doesn’t prevent people from using stolen credit card numbers in your store.
- FIELD TESTER 2: We are PCI compliant.
- FIELD TESTER 3: I think it’s a very good idea, and it certainly will not hurt to have such standards implemented.
PeC: What steps do you now use to prevent fraud from occurring?
- FIELD TESTER 1: All orders are reviewed by hand before fulfillment and before settlement occurs at the end of the day. Also, we require AVS match and CVS match to approve orders.
- FIELD TESTER 2: Technically it could happen again, but we’re pretty good at catching the attempts now. Every person involved in sales and order processing in our company is taught what to watch for.
- FIELD TESTER 3: Our first line of defense is having our sales staff and order processing department trained in detecting suspicious-looking transactions. Our second is ensuring the correct security settings within our payment gateway control panel.
PeC: Do you use third-party fraud detection products?
- FIELD TESTER 1: No, but we may add a fraud detection suite later on.
- FIELD TESTER 2: Not currently.
- FIELD TESTER 3: The only fraud detection we currently use is that of which is offered by our payment gateway.
PeC: Which one(s)?
- FIELD TESTER 1: Authorize.net
- FIELD TESTER 2: N/A
- FIELD TESTER 3: Authorize.net
PeC: What advice would you offer to other merchants concerning credit card fraud?
- FIELD TESTER 1: Pay attention to the details of each order. Red flags warrant further inspection and validation.
- FIELD TESTER 2: Have checks and balances in place. Trust your instincts. Do not sway from your policies to accommodate an odd request — you came up with those policies for a reason.
- FIELD TESTER 3: Credit card fraud is inevitable. The key is finding the perfect balance of security settings without inconveniencing the customer or yourself with standards that virtually do not approve any transactions.