Click to Print

Cyber Alert!

These simple tools can keep your business safe from payment fraud.
June 1, 2005
URL: http://www.entrepreneur.com/article/77796

E-Tailers beware: Internet fraud is alive and well in cyberspace. According to a November 2004 survey about online payment fraud conducted by CyberSource, a Mountain View, California, provider of electronic payment and fraud-prevention solutions, U.S. merchants expected to lose an estimated $2.6 billion to online fraud in 2004, $700 million more than in 2003.

Hardest hit, according to the survey, are midsize companies--those with annual online revenues between $500,000 and $5 million. This group said it expected to lose up to 2.5 percent of online sales to fraud, compared to 1.9 percent in 2003. The reason for this increase is twofold, according to Bruce Cundiff, an analyst at Jupitermedia Corp. "One is the increasing organization among the fraudster community that allows for more efficient fraud perpetration," he says. "In addition, larger businesses tend to be among the first to implement more stringent security measures. Fraudsters will always choose the path of least resistance." Smaller businesses without sufficient fraud protection mechanisms in place risk being exploited.

Fighting Back

You can fight back against payment fraud using a basic fraud-detection service, such as an address verification system, which matches street numbers on a customer's billing address with the address on file with the credit card company. A mismatch may indicate that the person making the transaction is not authorized to use the card.

Another prevention method uses credit card verification codes--the four digits printed on the front of an American Express card or the three digits on the back of a Visa or MasterCard. Buyers enter this code when making purchases, so in theory, buyers need more than just the card number to buy online; they need the actual card to read the code.

Access to these verification services is offered by gateway or payment service providers such as CyberSourceand VeriSign. Each costs between $20 to $60 per month, plus setup fees.

Utility Safeguard LLC, a Southampton, Pennsylvania, company that sells construction supplies to industrial companies, distributors and consumers online, has found these solutions to be very effective. Last year, the company had sales of $1.5 million and is on target to reach $3 million in sales this year. Utility Safeguard uses a fraud-detection service called Payflow Pro from VeriSign. The service is integrated into its NetSuite e-commerce software platform.

With this solution, a new customer cannot check out until he or she has entered all the proper credit card information and the card has been cleared. "I have not had one bad credit card transaction since I began using the system in 2002," says founder Jim Graham, 43, who implemented the system.

Many experts, however, say that address and card verification systems are only a first step. Merchants selling valuable products that are easily resold, such as electronics, should also invest in the advanced fraud protection services offered by gateway providers. These services generally use fraud filters to screen for suspicious activity in real time. They cost an additional $30 to $1,500 per month, depending on the level of customization, along with additional setup and transaction fees.

Another logical way to protect your business is to make sure the freight carrier obtains a signature before delivering the product. Graham also insists international customers prepay through wire transfer. Says Graham, "We do not take foreign credit cards because if there is a problem [overseas], it's hard to get your money back."

Smart Design

Before implementing fraud-protection services, however, web merchants should design websites that are more fraud-resistant, says Vic Dolcourt, senior product manager for risk products at CyberSource. He recommends designing the checkout process so that after a consumer presses the "buy" button, the "back" button on the web browser no longer responds. Also, thank the customer for the order without indicating whether the card has been accepted. Says Dolcourt, "This way, the site doesn't serve as a tester for fraudulent account numbers."

Whatever you do, take action before a problem arises. "Speak to your payment processors. Have them train you in the basics of online fraud," says Dolcourt. Also, get involved with industry groups such as the Merchant Risk Council, a group of merchants, vendors, financial institutions and law-enforcement agencies that follows trends in fraud. While implementing good fraud practices won't eliminate fraud entirely, it will surely lessen the problem.


Melissa Campanelli is a marketing and technology writer in New York City.