Best Practices for Internet Merchants to Combat Fraud
Updated: Mar 22, 2019
The following best practices and suggestions can help merchants avoid being victimized by Internet fraud perpetrators. Each of these characteristics by itself is very seldom cause for alarm; rather it is when several of these factors impact an Internet purchase that merchants may be the targets of a fraud scheme.
Be alert for transactions with several of the following characteristics:
First-time shoppers – Criminals usually hit a merchant once and don’t go back a second or third time.
Larger-than-normal orders – This requires knowledge of a normal-size order. Because the purchaser may use stolen cards or bogus account numbers fabricated by a CreditMaster or Credit Wizard, crooks maximize the size of their order.
Orders consisting of several of the same item – These items may be intended for resale; so multiple products increase the criminal’s profits.
Orders composed of big-ticket items – These items have maximum resale value and therefore maximum profit potential for Internet criminals.
Orders shipped rush or overnight – Crooks want these fraudulently obtained items in their possession as soon as possible, to ensure the quickest possible resale. They are not concerned about extra delivery charges.
Orders from Internet addresses that make use of free e-mail services – For these services, there’s no billing relationship and often no audit trail or verification that a legitimate cardholder has opened the account.
Orders shipped to international addresses – A significant number of fraudulent transactions are shipped to bogus cardholders overseas. The Address Verification Service (AVS) cannot validate addresses outside of the United States, altough similar checking is done.
These next characteristics might require merchants to have knowledge of the company’s transactions. Ideally, there will be a database or account history files to compare individual sales for possible fraud.
Transactions on similar account numbers – This is particularly useful if the Internet crooks are using account numbers generated by a CreditMaster or Credit Wizard fraud scheme.
Orders shipped to a single address but made on multiple cards – These could also be a scheme based on CreditMaster or Credit Wizard-generated account numbers or a batch of stolen cards. Multiple transactions on one card over a very short period of time – This could be an attempt to run a card until the account is closed.
Multiple transaction on one card or similar cards with a single billing address but multiple shipping addresses – This could represent some organized activity, rather than one individual.
Multiple cards used from a single Internet protocol address – More than one or two cards could indicate a fraud scheme.
Use card authorization tools: Verify the cardholder’s identity – Use the Address Verification Service (AVS) during the authorization process to confirm the cardholder’s billing address (first 5 numeric digits) and ZIP Code. Most fraud perpetrators do not know the true account billing address.
Verify the card’s authenticity – Ask for the card verification value (CVV2) code on the back of the card and submit it with the authorization request. This helps verify that the customer is using a genuine card; a bogus card often lacks this information.
What card-not-present merchants should do if there is suspicious activity: Ask for Code 10 authorization – A separate telephone verification.