Richard's learned a lot about using and abusing credit cards to rip off small businesses. Did you know that "approved" doesn't mean a card's A-OK? Neither did he. But he's learning. Fast. And one conclusion he's already come to: Rampant credit card fraud has the potential to kill e- commerce faster than anything else. Where's Janet Reno when you need her?
If you want to rip off a small online business, look no further than the credit card companies themselves. They may be the most significant force aiding and abetting criminals in history.
Here's what I mean.
There is a new hacking tool on the scene that has the ability to rip multiple products off the virtual shelves of your online store and then proceed to the checkout with a fake card number, cardholder name, and address. It does it all in one convenient step.
What tipped us off was an order that was larger than usual. When we called the fraud unit at Visa and gave the Visa representative the "customer's" card number, name, address, and ZIP code, nothing matched. In fact, the representative was really surprised such a transaction could go through approved.
When I called our merchant account provider, CardService International (a company we've had nothing but problems with, by the way), I found out it was just "sort of" approved.
It turns out all that is necessary for a charge to be approved is that there is enough money available in the account. If things like address or name or ZIP code don't match, the charge is still approved but these discrepancies are noted in the transaction confirmation email sent out by CardService. Then it is up to the merchant to decide if it wants to take the chance and process the transaction.
Well, I looked at the confirmation email pertaining to the transaction in question and found it contained alphabet soup - a hodgepodge of codes and numbers, none of which gave any indication something was suspicious.
I pointed out to the customer service rep I was talking to that if I have to check every transaction confirmation email that comes through my system, then I've lost the advantage of real-time authorization. I still have to manually confirm each transaction. Furthermore, by approving the charge and just "warning" me (if you can call it that), the credit card companies have now unfairly thrown the responsibility back on my shoulders.
"It's your own fault," the argument goes. "We warned you."
My guess is many small-business owners like myself have no idea that "approved" doesn't mean everything checks out A-OK and that we're totally responsible for the fraud committed in our stores even though we had no hand in creating the fraud-ridden system developed by the credit card companies, and they give us no tools to protect ourselves against it.
Want to know another way to beat the system? Use a card number drawn on an international bank. We know for certain Visa doesn't care if it's fraudulent. Here's what happened to us.
An order came though in which the email address was a Hotmail account, the physical address was in Texas, the IP came out of Iceland, and the card was drawn on a bank in Tokyo. Obviously something was wrong here. So we called Visa. A Visa representative told us WE needed to call the bank in Tokyo and cancel the card. "But isn't Visa worldwide?" we asked. "Yes," the representative said, "but we don't call international banks. You need to call."
Yeah, right. I'm going to take the time to place an international call at my expense to a bank in a country whose language I don't even speak to discuss a bad card number it issued. It is easier to refuse the order and ban the card number from our system. That, of course, helps us but doesn't prevent the person from trying to use the card again somewhere else. And, in reality, it is a temporary fix for us since it is so easy to create new numbers on the fly.
So what can we as small-business owners do? In the short term, we are on our own. The best thing we can do is flag orders that:
In the long term, I'd like to see:
I'm telling you people, rampant credit card fraud has the potential to kill e-commerce faster than anything else.
Where is Janet Reno when you need her?
Join the Industry's Leading eCommerce & Direct Marketing Experts in Chicago
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda and register by Friday, Oct 3 to take advantage of Early Bird Rates!
After five years of telling others about how to spend their marketing budget online, Richard Hoy recently left the employ of this influential publication to see if what he's been blabbing with his big fat mouth all these years really works. He is President and Co-founder of Booklocker.com Inc., an alternative to traditional publishing that helps authors realize profits of up to 70 percent of sales by combining electronic publishing with Internet marketing.
IBM Social Analytics: The Science Behind Social Media Marketing
80% of internet users say they prefer to connect with brands via Facebook. 65% of social media users say they use it to learn more about brands, products and services. Learn about how to find more about customers' attitudes, preferences and buying habits from what they say on social media channels.
An Introduction to Marketing Attribution: Selecting the Right Model for Search, Display & Social Advertising
If you're considering implementing a marketing attribution model to measure and optimize your programs, this paper is a great introduction. It also includes real-life tips from marketers who have successfully implemented attribution in their organizations.
September 23, 2014
September 30, 2014
1:00pm ET/10:00am PT
October 23, 2014
1:00pm ET/10:00am PT