E-merchants beware! Crooks are following right behind you.
| Category: Online Payments | Date: 2003-10-23 |
Lured by the success of Internet superstar Amazon.com, many first-time entrepreneurs are jumping onto the e-commerce bandwagon with little knowledge of the risks involved in doing business online. The same convenience of making purchases online with a credit card is making it easier for crooks to take advantage of the kinks in payment systems.
Stolen credit card numbers are routinely posted and swapped on Net bulletin boards and Internet Relay Chat, a real-time chat network. The card numbers can come from traditional offline sources as well as poorly secured Web servers that store credit card information. There are also programs like CreditMaster that uses the Mod-10 algorithm to generate valid credit card numbers. These numbers are good enough to fool a simple authorization check.
The severity of credit card frauds is best illustrated with a recent report on retailer Mohamed Mustafa & Samsuddin in The Straits Times. In just a few short months, credit card frauds have turned the companys lucrative online business into a loss-making entity.
"As a result, it has stopped accepting online payment by credit card on its mustafa.com.sg website, effectively causing sales to drop to a mere few thousand dollars a month," down from its previous high of $1 million in monthly sales.
The fraud problem plaguing Mustafa.com.sg is rampant in cyberspace. According to industry sources, fraudulent transactions account for about 10 percent of Net retailers total sales, many times more than the less than 0.5 percent recorded for brick-and-mortar retailers. For sites that sell digital goods like software, fraud accounts for nearly 30 percent of total sales.
The reason is that in face-to-face transactions, payment to the company is guaranteed so long as the signature matches. This is not the case in online payments. If a client denies having used his card to make the purchases, the bank takes the money back from the e-merchant. The goods - which would have been shipped out - cannot be recovered, as the guilty parties are often untraceable.
Even authorizations that check addresses are no protection against fraud originating overseas. There is no way you can validate each and every one of the addresses. Fraud is rampant in places like Eastern Europe - particularly in Romania - where the technology infrastructure is fairly advanced, but the laws governing electronic transactions are not.
This certainly poses a serious problem for a global e-commerce network. Should we then follow Mustafas footstep in stopping the auto payment system and risk losing the bulk of our businesses? Certainly not! Internet fraud risk, like any other business risks, can be effectively managed through the use of systems designed specifically for that purpose.
One of them is the secure electronic transaction (SET) protocol, said to be the most secure form of online payment currently. "In the extremely unlikely instance that a fraudulent transaction does take place under SET protocols, the merchant will be compensated for any losses," Visa told The Straits Times.
However, SET is not used widely by online buyers as it is tedious and not user-friendly. Customers must have certain software pre-installed in their computers before they can make payment under the SET protocol.
A more user-friendly method was suggested by Mustafas managing director Mustaq Ahmad. "Bank or credit card companies can come up with security measures, like insisting on a password" to be submitted together with the credit card number when making an online payment.
But until that day, online merchants may have to settle for risk management service providers like CyberSource. It offers an automated risk assessment service which calculates the risk associated with an order - based on unique Internet order variables and other transaction characteristics - and returns a risk score to the merchant within a few seconds. With this risk score, merchants can then make a better informed decision to accept or reject the order.
Cybersources system has been proven by Internet merchants worldwide to effectively control the risk of fraud to less than 1 percent. It helps to maximize valid order conversion and works effectively with all card authorization services. Go to http://www.cybersource.com for more information on its risk management services as well as a full suite of e-commerce transaction and order fulfilment solutions.
About the author:
Patrick Tan, an entrepreneur and former journalist, offers a complete range of e-commerce solutions and services (editing, writing, translation, content development, web design, etc) to help you build a successful career online. Visit his site at http://www.aloha-city.com for more information. He publishes a free newsletter to share his experience and business know-how. Subscribe Now! basics@aloha-city.com:
To contact see details below.
patrick@aloha-city.com
http://www.aloha-city.com
Stolen credit card numbers are routinely posted and swapped on Net bulletin boards and Internet Relay Chat, a real-time chat network. The card numbers can come from traditional offline sources as well as poorly secured Web servers that store credit card information. There are also programs like CreditMaster that uses the Mod-10 algorithm to generate valid credit card numbers. These numbers are good enough to fool a simple authorization check.
The severity of credit card frauds is best illustrated with a recent report on retailer Mohamed Mustafa & Samsuddin in The Straits Times. In just a few short months, credit card frauds have turned the companys lucrative online business into a loss-making entity.
"As a result, it has stopped accepting online payment by credit card on its mustafa.com.sg website, effectively causing sales to drop to a mere few thousand dollars a month," down from its previous high of $1 million in monthly sales.
The fraud problem plaguing Mustafa.com.sg is rampant in cyberspace. According to industry sources, fraudulent transactions account for about 10 percent of Net retailers total sales, many times more than the less than 0.5 percent recorded for brick-and-mortar retailers. For sites that sell digital goods like software, fraud accounts for nearly 30 percent of total sales.
The reason is that in face-to-face transactions, payment to the company is guaranteed so long as the signature matches. This is not the case in online payments. If a client denies having used his card to make the purchases, the bank takes the money back from the e-merchant. The goods - which would have been shipped out - cannot be recovered, as the guilty parties are often untraceable.
Even authorizations that check addresses are no protection against fraud originating overseas. There is no way you can validate each and every one of the addresses. Fraud is rampant in places like Eastern Europe - particularly in Romania - where the technology infrastructure is fairly advanced, but the laws governing electronic transactions are not.
This certainly poses a serious problem for a global e-commerce network. Should we then follow Mustafas footstep in stopping the auto payment system and risk losing the bulk of our businesses? Certainly not! Internet fraud risk, like any other business risks, can be effectively managed through the use of systems designed specifically for that purpose.
One of them is the secure electronic transaction (SET) protocol, said to be the most secure form of online payment currently. "In the extremely unlikely instance that a fraudulent transaction does take place under SET protocols, the merchant will be compensated for any losses," Visa told The Straits Times.
However, SET is not used widely by online buyers as it is tedious and not user-friendly. Customers must have certain software pre-installed in their computers before they can make payment under the SET protocol.
A more user-friendly method was suggested by Mustafas managing director Mustaq Ahmad. "Bank or credit card companies can come up with security measures, like insisting on a password" to be submitted together with the credit card number when making an online payment.
But until that day, online merchants may have to settle for risk management service providers like CyberSource. It offers an automated risk assessment service which calculates the risk associated with an order - based on unique Internet order variables and other transaction characteristics - and returns a risk score to the merchant within a few seconds. With this risk score, merchants can then make a better informed decision to accept or reject the order.
Cybersources system has been proven by Internet merchants worldwide to effectively control the risk of fraud to less than 1 percent. It helps to maximize valid order conversion and works effectively with all card authorization services. Go to http://www.cybersource.com for more information on its risk management services as well as a full suite of e-commerce transaction and order fulfilment solutions.
About the author:
Patrick Tan, an entrepreneur and former journalist, offers a complete range of e-commerce solutions and services (editing, writing, translation, content development, web design, etc) to help you build a successful career online. Visit his site at http://www.aloha-city.com for more information. He publishes a free newsletter to share his experience and business know-how. Subscribe Now! basics@aloha-city.com:
To contact see details below.
patrick@aloha-city.com
http://www.aloha-city.com
Copyright © 2005-2006 Powered by Custom PHP Programming