Practical Ecommerce

Three Basic Steps Can Curb Credit Card Fraud

A loss of $15,000 in diamonds during the height of the Christmas-buying frenzy would be enough to make most people sing the holiday blues. Not Pat Coughlin.

Coughlin has owned and operated American Diamond Importers, an independent brick-and-mortar jewelry store in St. Clair, Mich., for 15 years. Until the fall of 2006, Coughlin had a static, information-only website; he didn’t do any online business.

Following the Progress of an Ecommerce Start-up

Practical eCommerce is following American Diamond Importers of St. Clair, Mich., throughout the year to chronicle the triumphs and struggles that accompany the launch of an ecommerce site.

Owner Pat Coughlin won a contest from eBay to launch a ProStore and he’s made a significant investment into the project: Hired six people, purchased new computers and equipment and has planned a $100,000 advertising campaign. Coughlin’s goal: Generate $1 million in new sales from his online business within 12 months.

We’ll be there with him and his team every step of the way. His online store launched Aug. 18, 2006, after he won an eBay ProStores contest. He quickly began to implement the steps necessary to revolutionize his traditional business model into one that included an online business and a global customer base.

Coughlin and his staff learned an ugly truth about online commerce during the recent Christmas season: online fraud is more than a potential threat, it can easily be a frightening reality.

The American Diamond Importers website rang up new sales during the holiday season, and the team enjoyed the revenue bump the new sales channel provided. It was all good — until the telephone at the office began to ring with people who complained of unauthorized charges to their credit cards.

After some investigation, Coughlin determined that a group of accomplices from five states was using stolen credit cards to buy merchandise from Americandiamondimporters.com. The thieves were able to take advantage of Coughlin because his site had not activated the card code verification (CCV) option with its PayPal Website Payments Pro account. Consequently, thieves could use stolen credit card numbers to purchase products because American Diamond Importers wasn’t asking for the unique three- or four-digit security code that was on the card and only visible to the actual card holder.

Complaints from cardholders

“We started to get a lot of sales, but also started to get complaints from people saying there were false charges on their credit cards,” Coughlin said. “[Someone was] using stolen credit card numbers to buy merchandise. As we did with other customers, we were gift-wrapping the items, sending them candy and a hand-written thank-you note,” an ironic twist that, under the circumstances, Coughlin said, “really makes me mad.”

Coughlin’s anger turned to decisive action, he said.
“Once we figured out [the problem] and corrected it, we haven’t any any problems.”

How do you fix a problem like the one Coughlin faced? Turning on the CCV option with your merchant account or payment processor is as easy as checking the appropriate box in the administrative functions. That will activate the security measure.

The thieves didn’t buy large-ticket items, but they could have. Instead, Coughlin said they purchased multiple $100 items, probably in order to not attract undue attention. In the end, about $15,000 in merchandise was stolen.

“They just looked like happy customers who were continuing to reorder,” Coughlin said. “When one bad guy found out we were taking the cards without the security function on, he must have called his friends throughout country.”

Coughlin said his team learned a valuable lesson throughout the process, and he remains excited about his online business. He has implemented additional security measures to help eliminate future problems. He recommends three things for online retailers, especially those who sell big-ticket items:

  1. Make sure the CCV option is on, and that it’s working at your site.
  2. Use a website like 411.com to compare the shipping address and phone number of each person who orders. If there is a discrepancy, you should ask more questions.
  3. Make a telephone call to the customer to ensure an order was placed. Not only can it serve as a customer-service telephone call, it will also help determine if the information provided during the online order is accurate.
Practical Ecommerce

Practical Ecommerce

Bio   •   RSS Feed


email-news-env

Sign up for our email newsletter

  1. Legacy User February 9, 2007 Reply

    I assumed that Americandiamondimporters.com is a sizeable company that could afford to hire a temporary or full time web developer to set up an ecommerce site with integrated shopping cart with a merchant account. It comes with much better security feature (eg. AVS, Address Verification System) than Paypal's. Some even have an internal system that reject credit cards that were reported lost by the owner. The cost of setting up a merchant account is not expensive at all. And the benefits far outweigh any initial effort required to get it working. We were able to detect and reject 99% of frauds in this way.

    — *Tom*

  2. Legacy User February 9, 2007 Reply

    I was thinking exactly the same things as Tom above suggested.

    A real business should have no problem getting a Merchant Account, as an added option for customers. The administration costs and merchant fees are also less than PayPal's fees most times.

    My business, Customer Catcher Media & Communications charges for info products online and a combination, using offline checks, for higher fee consulting services.

    I've been using http://www.HandsFreeBusiness.com for over 5 years now and have been very satisfied without a single fraudulent charge.

    All the best,

    Martin Wales
    The Customer Catcher
    http://www.CustomerCatcher.com

    — *Martin Wales*

  3. Legacy User February 12, 2007 Reply

    A merchant must always take measures to prevent fraud, no matter how small your company is. Fraud can be the downfall of your company, especially a small company.

    Frank Dappah
    Priceshoppe.com ( director of ecommerce.)

    — *Frank Dappah*

  4. Legacy User February 21, 2007 Reply

    Another tip (because step #3 may seem legit if the thief posted their own phone number)… Every merchant account provider, and credit card company, provides a service to merchants. You can call and ask if the information provided matches that on the card. They won't give you great detail, but they most always will tell you a YES or NO on the match, which goes beyond what AVS can do.

    Several years ago I called a bank in Korea for this type of verification and it put to rest concerns over a rather large charge.

    — *Pamela Hazelton*

  5. Legacy User June 7, 2007 Reply

    I just got my wallet stolen and with it all my credit cards. What a pain. I published a blog to share what I had to do to get up and running again:

    http://www.stolen-credit.com

    — *Dave*