Q: Is
it safe to accept credit cards over the Internet?
A: The
answer to your question requires a discussion of identity theft, as
it's the fastest-growing financial crime in the United States,
according to federal law enforcement officials. CNN reports that the Social Security Administration alone
received 30,000 complaints in 1999, up from 11,000 in the previous
year. And the federal government estimates that as many as 500,000
people are targeted each year-a threat of such great proportions
that the Federal Trade Commission
has launched a special Web site to educate the
public and inform victims how to respond to identity theft.
Be aware that consumers generally receive more protection and
support than merchants in non-face-to-face environments. While
cardholders are rarely responsible for all the fraudulent charges
on their accounts, business owners-including Internet, mail-order
and telephone-order businesses-almost always get stuck with the
bill simply because they're unable to produce the documentation
traditionally required to rebuff disputed transactions.
Content Continues Below
What's more, financial industry experts estimate that losses
associated with credit card fraud are in the billions annually.
Technology researcher Meridien Research Inc.
reports that online consumer fraud cost merchants and consumers an
estimated $1.5 billion last year-a number they predict will rise to
$9 billion in 2001.
In view of these alarming figures, it's easy to see why
everyone should approach fraud with renewed vigilance and why
credit card processors are rediscovering the value of preventive
care.
Merchant accounts are equivalent to unsecured lines of credit.
To safeguard against enormous potential losses-especially from
high-risk businesses, such as Internet start-ups or telephone and
mail-order companies-credit card processors have adopted solid
risk-management strategies. Diligent companies scrutinize all
merchant applications, closely monitor account activity, and
provide merchants with the training and resources they need to
protect themselves.
Credit card processor Cardservice International, for
one, has a proprietary monitoring system that automatically flags
suspicious account activity, such as sudden spikes in transaction
volume. When abnormal activity is identified, the company's
loss-prevention analysts match sales records with returns and
compare shipping addresses with billing addresses. If necessary,
the analysts also contact merchants and cooperative issuers to
verify transactions.
Organizations like Cardservice International protect their
Internet merchants by storing card information behind multiple
firewalls at secure payment gateways. This measure provides added
security for small-business owners who may not have the resources
or technical expertise to prevent advanced hackers from gaining
access to sensitive data.
To protect merchants, many credit card processors offer an
address verification service (AVS), which will match shipping
information with the cardholder's billing address. When
addresses don't match, merchants should discuss the
discrepancies with their customers before shipping orders. AVS
works with cards that are issued in the United States; merchants
must use discretion when accepting cards from overseas issuers.
Finally, merchants should be aware of the potential risks and
liabilities of maintaining cardholder data. Internet-based credit
card offenders enjoy relative freedom and anonymity compared to
their counterparts in the brick-and-mortar world. For this reason,
industry insiders believe one of the greatest threats to bankcard
security comes from computer hackers who attempt to access
e-commerce databases through the Internet. To address the liability
issue, merchant contracts must explain that business owners are
responsible for the security of the cardholder information in their
possession.
Tim Miller is COO of Cardservice International and has
more than 15 years of experience in the credit card processing
industry.
The opinions expressed in this column are those
of the author, not of Entrepreneur.com. All answers are intended to
be general in nature, without regard to specific geographical areas
or circumstances, and should only be relied upon after consulting
an appropriate expert, such as an attorney or
accountant.