Not surprisingly, because credit cards are now the e-payment method of choice for online shoppers, credit-card fraud has become extremely commonplace. In a typical situation, a scammer gets credit-card numbers from stolen or used credit-card slips and then makes purchases online. When the credit-card owner finally disputes the transaction, the bank requires the merchant to provide a proof of purchase with a signature. If the merchant can't produce a signature, the bank awards a charge-back, crediting the consumer's account and debiting the merchant's account.

Some customers who seem to be legitimate might actually be scammers who purchase products with credit cards and then dispute the charges, hoping to get their money back and keep the merchandise. In these kinds of cases, the merchant loses both merchandise and money, and may even incur a charge-back fee.

Card issuers may bar Web merchants from accepting credit cards if those merchants demonstrate a high incidence of fraud or charge-back rates of more than 1 percent, and some banks flat-out refuse to work with Internet companies because of the risk of charge-backs. "Internet transactions tend to be [riskier] than traditional transactions, where you can check a physical credit card," says Ron Cook, a partner with Cook & Koch, a Tampa, Florida, law firm that works with technology and financial-services clients.

What can you do? Audri G. Lanford, an Internet scams expert and co-editor of the newsletter Internet ScamBusters, says you can beat credit-card fraud by using a merchant provider that performs address verifications, checking each customer's information against what a credit-card processor has on file.

Lanford adds that the most important security mechanism is a secure Web server. A secure server offers encryption-the conversion of data into unreadable code-which allows customers to enter credit-card data safely. If you're using a hosting company, be sure it offers 128-bit encryption, suggests Lanford. Another suggestion: Make sure your hosting company has the proper firewalls in place-these security systems make it virtually impossible for hackers to sneak in and disrupt your server.

Once you've finished, be sure to tell users that your site is a secure one, and explain that all customer info is encrypted.


is a technology writer in Brooklyn, New York, who has covered technology for Mobile Computing & Communications and Sales & Marketing Management magazines.