Home  › Media › Publishing

How Credit Card Companies Aid and Abet Criminals

  |  October 6, 2000   |  Comments

Richard's learned a lot about using and abusing credit cards to rip off small businesses. Did you know that "approved" doesn't mean a card's A-OK? Neither did he. But he's learning. Fast. And one conclusion he's already come to: Rampant credit card fraud has the potential to kill e- commerce faster than anything else. Where's Janet Reno when you need her?

If you want to rip off a small online business, look no further than the credit card companies themselves. They may be the most significant force aiding and abetting criminals in history.

Here's what I mean.

There is a new hacking tool on the scene that has the ability to rip multiple products off the virtual shelves of your online store and then proceed to the checkout with a fake card number, cardholder name, and address. It does it all in one convenient step.

What tipped us off was an order that was larger than usual. When we called the fraud unit at Visa and gave the Visa representative the "customer's" card number, name, address, and ZIP code, nothing matched. In fact, the representative was really surprised such a transaction could go through approved.

When I called our merchant account provider, CardService International (a company we've had nothing but problems with, by the way), I found out it was just "sort of" approved.

It turns out all that is necessary for a charge to be approved is that there is enough money available in the account. If things like address or name or ZIP code don't match, the charge is still approved but these discrepancies are noted in the transaction confirmation email sent out by CardService. Then it is up to the merchant to decide if it wants to take the chance and process the transaction.

Well, I looked at the confirmation email pertaining to the transaction in question and found it contained alphabet soup - a hodgepodge of codes and numbers, none of which gave any indication something was suspicious.

I pointed out to the customer service rep I was talking to that if I have to check every transaction confirmation email that comes through my system, then I've lost the advantage of real-time authorization. I still have to manually confirm each transaction. Furthermore, by approving the charge and just "warning" me (if you can call it that), the credit card companies have now unfairly thrown the responsibility back on my shoulders.

"It's your own fault," the argument goes. "We warned you."

My guess is many small-business owners like myself have no idea that "approved" doesn't mean everything checks out A-OK and that we're totally responsible for the fraud committed in our stores even though we had no hand in creating the fraud-ridden system developed by the credit card companies, and they give us no tools to protect ourselves against it.

Want to know another way to beat the system? Use a card number drawn on an international bank. We know for certain Visa doesn't care if it's fraudulent. Here's what happened to us.

An order came though in which the email address was a Hotmail account, the physical address was in Texas, the IP came out of Iceland, and the card was drawn on a bank in Tokyo. Obviously something was wrong here. So we called Visa. A Visa representative told us WE needed to call the bank in Tokyo and cancel the card. "But isn't Visa worldwide?" we asked. "Yes," the representative said, "but we don't call international banks. You need to call."

Yeah, right. I'm going to take the time to place an international call at my expense to a bank in a country whose language I don't even speak to discuss a bad card number it issued. It is easier to refuse the order and ban the card number from our system. That, of course, helps us but doesn't prevent the person from trying to use the card again somewhere else. And, in reality, it is a temporary fix for us since it is so easy to create new numbers on the fly.

So what can we as small-business owners do? In the short term, we are on our own. The best thing we can do is flag orders that:

  1. Are international
  2. Contain an email address from a free email account provider
  3. Are larger than an average order
  4. Have an IP address that is different than the physical address given in the order

In the long term, I'd like to see:

  1. Credit card companies get their heads out of their glutei maximi, plug the holes in their system, and start supporting merchants with real tools and support to combat fraud

  2. Shopping-cart developers build stronger checks into their software and allow the online store owner to customize the type of suspicious activity the cart looks for (We basically had to build this ourselves at Booklocker.com.)

I'm telling you people, rampant credit card fraud has the potential to kill e-commerce faster than anything else.

Where is Janet Reno when you need her?

ClickZ Live New York What's New for 2015?
You spoke, we listened! ClickZ Live New York (Mar 30-Apr 1) is back with a brand new streamlined agenda. Don't miss the latest digital marketing tips, tricks and tools that will make you re-think your strategy and revolutionize your marketing campaigns. Super Saver Rates are available now. Register today!

ABOUT THE AUTHOR

Richard Hoy

After five years of telling others about how to spend their marketing budget online, Richard Hoy recently left the employ of this influential publication to see if what he's been blabbing with his big fat mouth all these years really works. He is President and Co-founder of Booklocker.com Inc., an alternative to traditional publishing that helps authors realize profits of up to 70 percent of sales by combining electronic publishing with Internet marketing.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Media newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

Google My Business Listings Demystified

Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.

5 Ways to Personalize Beyond the Subject Line

5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.

WEBINARS

    Information currently unavailable

Jobs

    • Lead Generation Specialist
      Lead Generation Specialist (The Oxford Club) - BaltimoreThe Oxford Club is seeking a talented writer/marketer to join our growing email lead-generation...
    • Health Marketing Editor
      Health Marketing Editor (Agora Inc.) - BaltimoreCome flex your intellectual muscle as part of Agora, Inc’s (http://agora-inc.com/) legal team...
    • Technical Business Analyst
      Technical Business Analyst (OmniVista Health) - BaltimoreOmniVista Health is looking to add a Technical Business Analyst to our expanding team...