June 11, 2011, 9:29 p.m.
posted by legendcoder
Protecting Your Site from Fraud
You need to prevent fraudulent transactions from being accepted by your online store.
Take these steps, both preventative and proactive, to avoid the deceptive schemes that can inflict financial disaster on your web business:
You might also consider these more extreme measures:
Bear in mind that taking these extra steps will snub many honest customers along with the fraudsters. To address this problem, your might consider placing a pop-up window on your failed order page that allows customers to provide anonymous feedback about why their order failed. Or, since many people block automatic pop-up windows, send a follow-up email to shoppers whose orders were not acceptedif you can match up failed transactions with an email address.
Although the risks are real and potentially large for consumers, online merchants face even higher stakes when hanging out their virtual shingle.
In general, a consumer whose credit card falls into the wrong hands is liable only for the first $50 worth of fraudulent charges. On the other hand, the merchant who ships goods to an imposter might be out every cent of an illegitimate transaction when the card holder contacts her bank to contest the charge. (Banks know they can get the money from the merchant more easily than from the legitimate card holder, and certainly, from the fraudster.)
Credit card companies do not publish statistics for online fraud, but experts estimate that it is far more prevalent than in face-to-face or even mail order and telephone transactions. Perhaps as many as one in 20 online transactions is fraudulent. That's because the credit and debit card payment systems were designed for in-person transactions in which the merchant has proof (a signature, card imprint, or card swipe on point-of-sale terminal) that the transaction is legitimate.
Web transactions offer much more anonymity than other types of credit card transactions, although the use of technical safeguards presented in the Solution (AVS and CVN) make it reasonably possible to link a real person (if not a face) and credit card (not just a number) to a transaction. With address verification enabled, the credit card authorizer will only approve the transaction if the provided billing address matches the billing address for the given credit card number. Requesting the CVN numberthe little three-digit number that appears next to the account number in the signature box on Mastercard and Visa charge platesconfirms that the buyer has the card in hand (although not the means by which the card got in those hands).
Online fraud has become an appealing endeavor for a variety of criminal interests. Their favorite victims include sites that sell intangibles (such as subscriptions or downloads), items with good resale value, and those operated by inexperienced online merchants eager for their first "big" sale. Regardless of what you sell online, your best defense is to keep tabs on your e-commerce activity, trust your instincts, and listen to your inner pessimistif it's too good to be true, it probably is.
Some other warning signs to look for include:
For more on the flip-side of the relationship between online merchants and customers, see Recipe 8.1. Recipe 8.10 describes a way to turn away suspected fraudsters.
Transparency International list of the most corrupt countries is online at http://www.transparency.org/pressreleases_archive/2004/2004.10.20.cpi.en.html.