Promotions for Black Friday deals started two months before the day after Thanksgiving, AdGooroo finds.
Like the reporting on an ongoing war, the news about Internet fraud is becoming more and more just part of the background noise of doing business on the Internet. Only major scams make the front page these days. But online fraud is a continuing threat to the online retailing industry and one that retailers need to pay closer attention to. 60% of online merchants report fraud rates higher than 1%, with an average of 1.7%; offline fraud is 0.07% of volume, by contrast.
Retailers have adopted a number of technology solutions, but fraud still happens and so retailers still must take other steps to combat fraud. “They’re applying a lot of common sense,” says David Kerlin, president of Portland, Ore.-based AmeriNet Inc., a debit payments processor. “A lot of merchants have gotten smarter about knowing where to ship and how to ship.” For instance, he says, many are refusing to ship overseas. “In general, retailers are very afraid of overseas shipment of items that can be fenced easily,” he says. “The international credit card platforms aren’t as robust as they are in the U.S.”
More independent involvement
In addition to applying common sense, retailers also want to be actively involved in the fraud screening process themselves, says Joyce Van Horne, vice president of product management for First National Merchant Solutions, a division of First National Bank of Omaha. “The most common request we get from merchants is for fraud tools that they use independently of payment acceptance tools,” Van Horne says. “Merchants want stand-alone systems so they can submit transactions against other files based on various parameters.” And they want flexibility to change those parameters easily and at will, she says. For instance, she says, a merchant may want to change its velocity threshold-the number of times in a day a customer uses a card-during the holidays to flag fewer transactions based on heavy card use, then change it back to a tighter parameter after the holiday shopping frenzy is over. “They want to be able to do fine-tuning and we work with them to facilitate that,” she says.
Fraud, however, isn’t simply a matter of catching someone using someone else’s card without authorization. It also involves spotting and preventing identity theft, one of the fastest growing crimes both in the U.S. and overseas. Incidents of identity theft grew 80% just from 2002 to 2003, reports Harris Interactive. “Everybody’s got concerns about not just fraud but also about how easily someone’s identity can be captured,” says John Perry, CEO of InterCept Payment Solutions. InterCept provides transaction processing as well as customer service support to 20,000 retailers, 2,000 of which have online operations.
To address those concerns, InterCept maintains a database of transactions against which it compares incoming orders. “We operate an entirely home-grown fraud screening system” Perry says. “It has history on millions of transactions. We do a very, very good job of turning down fraudulent transactions.” Among the components that InterCept analyzes are time of transaction vs. time of day in country where the cardholder resides, how often the card is used in a single day and the computer’s IP address. It also contracts for additional database screening from third parties. InterCept processes $3.5 billion a year in MasterCard and Visa transactions; online sales account for about half that volume.
Securing the consumer data
Similarly, First National Merchant Solutions focuses on security of consumer data, as well as of retailer data. First National monitors security measures of every vendor it uses to screen consumer data. “We evaluate the vendors every step of the way,” Susan Rue, senior product manager, says. “We ask where they store the data, how they protect it and make sure that they work behind multiple firewalls.” Rue adds that First National actively participates in the Electronic Check Council and the Merchant Internet Risk Council.
InterCept also offers other payment-related services that, while they seem at first blush to stray afield from processing and payment security, nonetheless feed into the company’s security efforts. For instance, it creates shopping carts for retailers, develops payment pages for display to customers during checkout and can host those pages itself if the merchant so desires, operates a call center to help customers resolve transaction problems and provides chargeback processing without retailer intervention, following the retailers’ guidelines. “We prefer to do more rather than less because we like having the ability to collect all that data,” Perry says. “It gives us a more robust e-commerce offering than if we offered just one piece.” And, he adds, it makes the data in its transactional database that much richer and thus enhances its ability to spot fraud.
To that end, InterCept also is providing consulting services to customers. “We found that we have all this experience, so why not share it,” Perry says. “It tends to drive more transactions and that’s exactly what we want.”
Merchants also are turning to other forms of payment partly as a way to avoid dealing with online credit card fraud. For instance, AmeriNet is offering a cash payment product, under an arrangement with Western Union, a unit of payments processing company First Data Corp. A customer places an order and chooses cash as the payment method. The customer receives a transaction number which he takes to any of 47,000 Western Union locations. He gives the transaction number to the clerk who looks up the transaction and collects the cash. Western Union through AmeriNet notifies the merchant that the customer has paid for the order and the merchant then is free to ship the product or, in the case of the Internet games sites that AmeriNet supports, release the game software to the customer. While the outcome is a virtually guaranteed transaction-it carries the same non-chargeback status as cash in the real worldóthe service also opens the market to new customers. “It was designed for customers who don’t have checking accounts, let alone credit cards,” Kerlin says.