Subscribe to Entrepreneur for $5

Stop Credit Card Fraud

Accepting credit card orders through your Web site can be costly-unless you're prepared for foul play.

Opinions expressed by Entrepreneur contributors are their own.

Q: Is it safe to accept credit cards over the Internet?

A: The answer to your question requires a discussion of identity theft, as it's the fastest-growing financial crime in the United States, according to federal law enforcement officials. CNN reports that the Social Security Administration alone received 30,000 complaints in 1999, up from 11,000 in the previous year. And the federal government estimates that as many as 500,000 people are targeted each year-a threat of such great proportions that the Federal Trade Commission has launched a special Web site to educate the public and inform victims how to respond to identity theft.


Start your e-business right with How to Dotcom by Robert McGarvey.

Protect yourself from fraud with Dotcons: Con Games, Fraud & Deceit on the Internet by James T. Thomes.

Be aware that consumers generally receive more protection and support than merchants in non-face-to-face environments. While cardholders are rarely responsible for all the fraudulent charges on their accounts, business owners-including Internet, mail-order and telephone-order businesses-almost always get stuck with the bill simply because they're unable to produce the documentation traditionally required to rebuff disputed transactions.

What's more, financial industry experts estimate that losses associated with credit card fraud are in the billions annually. Technology researcher Meridien Research Inc. reports that online consumer fraud cost merchants and consumers an estimated $1.5 billion last year-a number they predict will rise to $9 billion in 2001.

In view of these alarming figures, it's easy to see why everyone should approach fraud with renewed vigilance and why credit card processors are rediscovering the value of preventive care.

Merchant accounts are equivalent to unsecured lines of credit. To safeguard against enormous potential losses-especially from high-risk businesses, such as Internet start-ups or telephone and mail-order companies-credit card processors have adopted solid risk-management strategies. Diligent companies scrutinize all merchant applications, closely monitor account activity, and provide merchants with the training and resources they need to protect themselves.

Credit card processor Cardservice International, for one, has a proprietary monitoring system that automatically flags suspicious account activity, such as sudden spikes in transaction volume. When abnormal activity is identified, the company's loss-prevention analysts match sales records with returns and compare shipping addresses with billing addresses. If necessary, the analysts also contact merchants and cooperative issuers to verify transactions.

Organizations like Cardservice International protect their Internet merchants by storing card information behind multiple firewalls at secure payment gateways. This measure provides added security for small-business owners who may not have the resources or technical expertise to prevent advanced hackers from gaining access to sensitive data.

To protect merchants, many credit card processors offer an address verification service (AVS), which will match shipping information with the cardholder's billing address. When addresses don't match, merchants should discuss the discrepancies with their customers before shipping orders. AVS works with cards that are issued in the United States; merchants must use discretion when accepting cards from overseas issuers.

Finally, merchants should be aware of the potential risks and liabilities of maintaining cardholder data. Internet-based credit card offenders enjoy relative freedom and anonymity compared to their counterparts in the brick-and-mortar world. For this reason, industry insiders believe one of the greatest threats to bankcard security comes from computer hackers who attempt to access e-commerce databases through the Internet. To address the liability issue, merchant contracts must explain that business owners are responsible for the security of the cardholder information in their possession.

Tim Miller is COO of Cardservice International and has more than 15 years of experience in the credit card processing industry.

The opinions expressed in this column are those of the author, not of All answers are intended to be general in nature, without regard to specific geographical areas or circumstances, and should only be relied upon after consulting an appropriate expert, such as an attorney or accountant.