An order had just come in through your Web site. The credit card number had cleared. The address was verified. Your fraud detection software isn't returning any warnings, so there's no reason to think this isn't on the up and up. But, wait: Everything on the online order form - from the name through the address - is typed in lowercase. Believe it or not, this a red flag. "All lowercase typing is a trademark of fraudsters," says Julie Fergerson, co-chairperson of the Merchant Risk Council (MRC), a non-profit organization of online vendors. "That alone should be setting bells off."
If you want a share of the growing online market, you had better be prepared to spot a wide variety of signs like this one, because unlike with in-store transactions, credit card fraud liability rests with the merchant, not the card issuer. Getting a credit card number has never been a problem for thieves, so what are you doing to ensure the person using one is who they say they are?
As consumers get more comfortable shopping online, it's an exciting time for small business owners, who can now expand their market far beyond their own backyard. But with this great opportunity comes great risk. Fraudsters constantly roll out new schemes in efforts to grab a piece of the $144 billion in online retail sales Forrester Research projects will be generated in 2004. Roughly $2 billion was lost to online fraud in 2003, according to Avivah Litan, research director for Gartner Research.
While the scourges of online commerce most often look to blend in with the masses and attack the large vendors, small business owners should know they're showing up on the radar, too.
"Small businesses are generally behind the large ones in terms of protecting themselves," says Litan, "which is why the problem is beginning to move downstream, where the small are being targeted more and more."
Some businesses are so eager to open up new markets that they lose sight of the dangers. Fergerson says nearly a quarter of small businesses (those with online revenues under $100,000) surveyed by the Merchant Risk Council spend no money on online fraud protection. Those numbers improve as you move up the food chain, but even there the MRC found some are lax with security. Of those polled, a startling 10 percent of companies with $1 million to $25 million in online revenue spend nothing.
If you expect your online business to grow, chances are you're going to encounter someone trying to rip you off. But you can institute basic procedures to protect yourself. Some of these are grounded in science and others, just as importantly, in common sense. Here are some pieces of advice and telltale signs to lookout for:
Hopefully, business is booming and you won't have the time to personally review each order, so it might be necessary to lean on technology as the gatekeeper. There's no saying exactly how much you should be spending on software and services to protect your business. However, the more traffic and visibility your site garners, the more likely you are to be victimized.
Third party vendors such as ClearCommerce allow you to forward your orders to them for a "fraud scrubbing" before fulfilling the order. These services often charge on a per-transaction basis. If you have a big enough budget, high order volume, and would prefer a fixed cost, you can have software specifically configured to your type of business. This software performs tasks such as fraud risk analysis and can access a directory of known "bad" addresses.
Beyond anti-fraud software, there are several other tools at your disposal. Fergerson recommends that you arrange the following services with credit card companies:
If you've applied all of these layers of protection and something still doesn't feel right, call the customer to verify the order. Ask for the name of the bank that issued the card and verify the address again. Your customer will appreciate the extra attention. If this doesn't assuage your fears, contact the Internet Fraud Complaint Center immediately.