The first attack.
As an online merchant you will eventually be the victim of credit card fraud. If you
are like me, you will probably be surprised by how much the entire system of online
sales is slanted against you, the merchant.
I thought we were protected by the credit
card companies. I mean why have we been getting them to authorize and approve the card in the
first place?
With our first couple of chargebacks I called our credit card processor, waited patiently on
hold for the 'Risk' department. Finally got to talk to the friendly gentleman at the other end
who explained the customer said their card was stolen and that their authorization and approval didn't
mean that they were really going to pay me. What!!! You mean I'm out of the cost of our services, and I'm out
the cost of my time for setting up a customer's account, and I'm out the cost of the credit card transaction fees, and now you
are going to charge me $25.00 more for a chargeback fee, and you are going to charge me
the transaction fees AGAIN, for
reversing the transaction? We just lost about $80.00 over a $10.00 sale. THIS BITES!!!
Ok, so that is all bad enough, but the friendly man from the 'Risk' department told me that I need to use their AVS result to help me curb the
chances of accepting stolen credit cards. I explained to him that the AVS return code was a Y (the perfect score). Oh well,
maybe AVS isn't the silver bullet he though it was. In fact after going back through a long list of past sales, I found
that the fraudsters are actually much better at getting the correct address information entered than our legitimate customers,
and why not, they have the print out of the credit card number, expiration date, security code, mailing address, while the legitimate
customers have legitimate reasons to not use the correct address (ie: they moved, the card is billed at home, but they are using the office
address, etc.).
Why are the fraudsters hitting us?
We are a service company. These criminals were not using the credit cards to purchase merchandise that they could somehow make
money off of, so it took some research into the game of fraud to find out why they were hitting us. You see there is an
entire sub-culture of credit card fraud. Get busy on your search engine, and you can quickly learn that their are tons of websites
with people swapping and selling credit card information. You will also find that they are telling their potential card buyer that the
card has been tested and is good. We were one of the testing-grounds for these cards. They didn't care if they got a product or service,
they only wanted to see if the card would be accepted so they would know if they had a working card they could sell
for $1 - $10. Your business may be a testing ground, or it may be that they are puchasing hard goods from you, but the
result is the same. It's costing you money and you must control it our you will be out of business.
Learning to fight back...
We decided we have to do something and we can't just wait for the chargebacks to roll in and deal with it then. If we get too many
chargebacks, we'll lose our merchant account. YOU need to know that. You WILL lose your merchant
account if you have too many chargebacks. So we started manually reviewing each sale we got. If we spotted anything that looked
suspicious we would possibly call the phone number given, or we would immediately close the account. We were catching the fraud,
but we were having to do a lot of extra work shutting down accounts that should have never been opened, and refunding the credit cards
that should never have been used.
Putting the gloves on...
So reviewing orders manually was working, but we needed more. I had to be automated, so the predecessor to FraudSmack was born.
SUCCESS! For the first month, our new system had a 100% success rate a spotting fraud and preventing the
orders before getting to the point where our shopping cart processes the credit card. In the following months,
we had a couple slip through, but we still take a couple of seconds to review each sale, so we caught them immediately and closed them down
within a few minutes of the accounts getting created. Oh joy, we went from spending hours each week reversing fraudulent sales
to a few minutes a couple times a month.
Coasting...
Now we almost look forward to the fraudsters' visits. It is our opportunity to gain intelligence about how the fraudsters behave,
and gives us valuable information in making FraudSmack even better. When a sale is denied by
FraudSmack, our shopping cart sends us an email to tell us that a sale was just denied, and gives
us select information about the charge which we in turn use to tune FraudSmack into a more intelligent system for
spotting fraud patterns. If one does slip through then it contains even more valuable information to us about how to combat
fraud in the future, and with FraudSmack's customization features, it only takes a few seconds to make FraudSmack
watch for new parameter values.
The Result
We had a problem. We solved it. We didn't set out to invent a better mouse trap but it happened anyway. Now we have time to
concentrate on our business of developing software solutions, instead of wasting our days and nights acting as security guards for
our online businesses. If you are tired of feeling like you are wide open to fraud, please save yourself some stress and give FraudSmack
a try.