From the December 1999 issue of Entrepreneur

Keith Peer, owner of Central Command Inc., knows all too well the risk of doing business on the Web. An online software merchant near Cleveland, Central Command offers antivirus software to consumers who have been attacked by hackers, crackers and other online scammers. Before Peer set up his Web site back in 1994, he took several precautions to make it as virus- and fraud-free as possible. His first step was to choose an e-commerce vendor whose system came complete with software to check for fraud.

Peer also did some checking of his own, keeping a close eye on two kinds of buying activities that could indicate fraud. One indicator was the purchase of multiple licenses without testing the software. (It's common practice for software buyers to download a free trial version before making a multiple purchase.) Another indicator consisted of orders from areas with high incidences of fraud, such as Miami, Los Angeles and former Soviet Union countries. In both cases, he'd check and recheck credit card numbers to ensure they were legitimate.

Today, Peer's Web site is virtually fraud-free, but he still hasn't let down his guard. "As soon as we went online, we started experiencing attempts by consumers to use fraudulent credit card numbers," says Peer, 33. "And we still see the same traits over and over. It's an ongoing problem, but it's a fact of life in the e-commerce world today."

Like Wildfire

Indeed, fraudulent "card not present" transactions are commonplace on the Internet. Here, scammers obtain credit card numbers from stolen, used credit card slips and then make purchases online. When the credit card owner receives his statement and disputes the transaction with his bank, the bank requires the merchant to provide a proof of purchase with a signature. If the merchant cannot produce a signature, the bank awards a chargeback, which credits the consumer's account and debits the merchant's account.

Some people who appear to be legitimate customers might actually be scammers who purchase products with credit cards and then dispute the charges, hoping to get their money back while keeping the merchandise they've purchased. In these kinds of cases, the merchant loses both merchandise and money and may even incur a chargeback fee.

"Merchants are 100 percent liable for every credit card transaction they accept, and they have very few rights in the event of a chargeback where there is no signature," says Steve Peisner, president of Shared Information Systems Ltd., an identity fraud and electronic shoplifting detection consulting firm.

Web merchants with a high incidence of fraud or more than 1 percent of chargeback rates have been barred by card issuers from accepting credit card transactions at all. Many Internet merchants have had their merchant privileges suddenly revoked, putting them instantly out of business. "If you get a lot of chargebacks, that suggests your business isn't legitimate," says Audri G. Lanford, an Internet scams expert and co-editor of the newsletter Internet ScamBusters. "Since all these people are claiming there is a problem with their orders, your business can be perceived negatively."

Don't Get Carded

Despite the statistics, you can easily prevent your company from becoming a victim of credit card fraud. Besides taking extra steps to validate each order, check out the plethora of Web-based services that help combat fraud. Peer employed a fraud-detection service from NetSales Inc. (http://www.netsales.com) that detects the possibility of fraud and prevents fraudulent orders from entering your system. Other companies that offer similar services include CyberSource Corp. (http://www.cybersource.com), HNC Software (http://www.hnc.com) and Shared Information Systems Ltd. (http://www.nochargebacks.com).

Here's how these services work: After a consumer types in his or her card number and address information, it's checked against a database of credit card transaction information to see if the card has had any negative activity associated with it. It also checks for risk components, such as where the transaction originated and how often the customer has used the credit card in succession. The system then generates a score that indicates the probability for fraud. It's possible to set thresholds at which these systems either accept or reject transactions according to a certain score. You can also set them up to obtain additional information, such as why a card was rejected. All these fraud-prevention companies claim that they can cut down your fraud rates to extremely low percentages. To enlist a company's services, it'll cost you around 5 cents to 40 cents per transaction, along with a onetime sign-up fee of $1,000 to $1,500 and a monthly service fee of about $100 to $200.

But Wait, There's More

While these security measures may seem a bit extreme, they're essential to your company's survival, considering the current chargeback statistics: A recent report from IT research firm The Gartner Group indicates that approximately 15 percent of orders made on Web sites result in chargebacks, compared with 1 percent from point-of-sale transactions.

Experts suggest credit card fraud will only worsen as Internet usage and e-commerce continue their rapid expansion in the new millennium. There are already software programs out there that'll allow hackers to generate a stream of phony credit card numbers that they can get away with using for short periods of time. And the Web is increasingly being used to test stolen credit cards to see if they can be used for purchases at brick-and-mortar stores, say experts. Bob Fraser, CEO of NetSales in Overland Park, Kansas, offers this dire prediction: "Once people figure out how easy it is to perpetrate credit card fraud, we're going to see an explosion of Internet fraud like we've never seen."

The time to start preparing for that explosion is now.

Hot Disks

  • Storefronts A Go-Go:Nontechies can now easily create and manage customized electronic storefronts through their Web browser, thanks to Miva Corp.'s Miva Merchant electronic storefront system (http://www.miva.com). Miva Merchant integrates product maintenance, category management, shopping basket, order and credit card processing, and the ability to create and maintain single or multiple online stores, among other functions. In addition, the system ships with open source code, giving advanced developers the ability to manipulate the underlying, XML-based scripting language, Miva Script, to create highly customized commerce sites. The $495 system must be installed on a Unix or Windows Web server along with the Miva Engine.
  • Get On Target:SmartAge Media Buyer (http://www.smartage.com) is a service that allows small and growing businesses to place low-cost, targeted banner ads on Web sites that are part of the InfoAds, Excite, Talk City and SmartClicks networks. For as little as $100 (depending on the number of ad views you want), you can get your campaign up and running, then track your results using Media Buyer's daily, weekly, monthly and quarterly reports.

Friend Or Foe?

Has your Web site been an asset to your business? According to IBM's Small & Medium Business Internet Survey of small and midsized businesses, conducted in 1994 and 1999, it probably has. The survey found that 93 percent of small-business executives regarded the Web as an asset this year, compared with 74 percent in 1994. In addition, the survey found that the number of executives who described the cost of Internet access as excessive is substantially lower now than it was five years ago.

Busted!

Reducing credit card fraud can save your company thousands of dollars. Here's a list of eight sure-fire strategies any entrepreneur can use to reduce credit card fraud, according to Audri G. Lanford, an Internet scams expert and co-editor of the newsletter Internet ScamBusters (http://www.scambusters.org):

1. Take extra steps to validate each order. Don't accept orders unless complete information is provided, including the full address and phone number.

2. Be wary of orders with different "bill to" and "ship to" addresses. Require anyone who uses a different "ship to" address to send you a fax with their signature and credit card number authorizing the transaction.

3. Be especially careful with orders that come from free e-mail services, such as hotmail.com, juno.com and usa.net. There's a much higher incidence of fraud from these services because it's easy for a scamster to open a free, anonymous e-mail account in another person's name and then send you an order using a fake e-mail account and a fraudulent credit card number.

4. Beware of orders that are larger than your typical order amount and orders requesting next-day delivery. Of course, some people have reasons for placing large orders or using next-day service--but you should still be cautious. Crooks don't care what it costs since they aren't planning to pay for it anyway.

5. Examine international orders carefully. Do everything you can to validate the order before you ship your product to a different country.

6. If you're suspicious, pick up the phone. First, obtain the phone number that's listed with the billing address of the cardholder. Then call the cardholder so you can determine whether he or she placed the order.

7. Use software or services to fight credit card fraud.

8. If you have the misfortune of being scammed by a credit card thief, contact your merchant processor immediately.

Melissa Campanelli is a technology writer in Brooklyn, New York, who has covered technology for Mobile Computing & Communications and Sales & Marketing Management magazines. You can reach her at mcampanelli@earthlink.net.

Web Site

http://www.website101.com

By Robert McGarvey

Still stymied about the how-to of creating your own Web site? Or stuck with a site you know doesn't adequately reflect your business but aren't sure how to buff it into perfection? Visit WebSite101, a free resource that gathers together a plethora of useful links for builders, plus a grab bag of spiffy tools, including a free banner-ad generator and a free small-business e-commerce tutorial that's delivered by e-mail.