A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
Even P.T. Barnum himself would blush at these pitches: “Increase sales by 1,500%.” “Credit card processing without a merchant account” “We charge zero set up fees.”
But those are exactly the kinds of ploys a new breed of Internet scam artists is using in hopes that some online retailers will be their next unsuspecting group of suckers.
Independent sales organizations, better known as ISOs, provide the crucial link between merchants, banks and the companies that process credit card transactions and settle accounts. ISOs, which range in size from large companies to one-person organizations, sign up merchants on behalf of banks and processing companies to accept credit cards. While many ISOs are legitimate-credit card banks and processors couldn’t do business without them-their ranks include a number of shady organizations that pressure merchants into contracts marked by overly high fees and hidden charges.
Visa U.S.A. and MasterCard International have issued rules governing ISOs that help keep them in check by requiring merchant acquiring banks to conduct business with ISOs only after they are registered with the card associations. And the ISOs are required to disclose the names of banks they represent.
Along with the Electronic Transaction Association, a Kansas City, Mo.-based trade group that represents ISOs and merchant acquiring banks, the two card associations have worked to maintain ISO standards. But with the mass move to the Internet, standards are difficult to maintain, allowing a new breed of unscrupulous ISOs to emerge.
To entice unwary merchants with fraudulent sales pitches, many ISOs use e-mail and target mostly small retailers or entrepreneurs desperate to get connected to the Web. Reports of high-pressure sales tactics, arbitrary fee increases, and software overcharges by ISOs on the Internet are scattered. No one knows how much money the fledgling online merchants have lost to dishonest ISOs.
But some fraud experts say that ISO complaints from e-retailers are on the rise. And they fear that fraudulent activity could get much worse because the Web is largely unregulated. “It’s ripe for abuse, absolutely,” says Charles M. Creamer, senior vice president at the Michigan Retailers Association and ETA president.
Already some in the industry are taking steps to ward off abuse by outlaw ISOs. Visa now has a team that monitors the Internet marketing practices of ISOs and works with acquirers to bring non-conforming ISOs into compliance, says John Shaughnessy, Visa’s senior vice president of risk management. If no acquirer can be found, Visa contacts the Internet service provider hosting the site to try to remedy the problem, he adds.
It’s easy to understand why con artists are drawn to the Web. For one thing, e-commerce is growing at a rapid rate. By some estimates, consumer-driven e-commerce could grow from about $30 billion today to about $350 billion in 2003. What’s more, the Web offers a measure of anonymity to shady sales agents. If an ISO doesn’t list its sponsoring bank, ad-dress or phone number, it’s difficult to track. And it’s easy for them to elude authorities-an ISO needs only to shut down one Web site and open another under a different name.
Further muddying the waters is the practice of some online ISOs that recruit other online businesses to set up links back to the ISOs’ Web sites. These affiliates typically are offered $200 or more for each referral generated by their site. Often they do not identify the ISO or sponsoring bank, a clear violation of Visa and MasterCard regulations.
In many cases, the operations using the Web and e-mail to solicit merchants don’t even have a sponsoring acquirer, says Chuck Burtzloff, president of Agoura Hills, Calif.-based Cardservice International, one of the nation’s biggest and most reputable ISOs. “What we’re finding is that these companies are more or less marketing companies,” he says. “What they’re doing is spamming anybody they can to get a [merchant’s] name and then they sell that name to ISOs.”
In the physical world, an acquirer can send someone to do on-site inspections of ISOs to ensure they are legitimate, notes Debra B. Rossi, senior vice president of merchant card services at Wells Fargo Bank, San Francisco. “How do you do that in the online world? You can’t even find them,” she says. “That’s sort of scary.”
The complaints surfacing against questionable ISOs have a familiar ring. A favorite ploy: offering an ultra-low credit card transaction rate to hook a merchant, then adding on other undisclosed fees or jacking up rates without warning.
Online merchants are vulnerable to such an approach because they fall under Visa’s and MasterCard’s “card-not-present” categories, which have high transaction rates to compensate for the greater incidence of fraud when the actual card cannot be presented.
MerchantWorkz, an online information firm for small businesses, has received several complaints from merchants about dealings with ISOs, says Wendy Hinman, MerchantWorkz’ Web development manager. In one case, a merchant said the ISO initially charged him a $995 fee to form a Delaware corporation and to set up a merchant account. But within a short time, the ISO raised fees to $2,495. “The story just kept changing,” Hinman says, adding that the merchant eventually canceled his account application, but the ISO refused to refund his fee.
Such complaints are not un-common. Richard Gordon, cheif executive of the card industry consulting firm R.J. Gordon & Co., Los Angeles, says he was being bombarded daily with e-mails offering merchant processing services at a 1.2% “discount” rate-the percentage of the sale, that merchants pay to merchant acquiring banks. That falls well below even the “interchange” rate, the part of the discount rate paid to Visa or MasterCard for Internet merchants-1.85% of the sale plus 10 cents for MasterCard and 1.80% of the sale plus 10 cents for Visa-let alone the average discount rates of between 2 and 3% charged by other Internet merchant acquirers. Gordon’s ISO, Creditcards.com, signs Web merchants for Eureka, Calif.-based Humboldt Bank.