Richard's learned a lot about using and abusing credit cards to rip off small businesses. Did you know that "approved" doesn't mean a card's A-OK? Neither did he. But he's learning. Fast. And one conclusion he's already come to: Rampant credit card fraud has the potential to kill e- commerce faster than anything else. Where's Janet Reno when you need her?
If you want to rip off a small online business, look no further than the credit card companies themselves. They may be the most significant force aiding and abetting criminals in history.
Here's what I mean.
There is a new hacking tool on the scene that has the ability to rip multiple products off the virtual shelves of your online store and then proceed to the checkout with a fake card number, cardholder name, and address. It does it all in one convenient step.
What tipped us off was an order that was larger than usual. When we called the fraud unit at Visa and gave the Visa representative the "customer's" card number, name, address, and ZIP code, nothing matched. In fact, the representative was really surprised such a transaction could go through approved.
When I called our merchant account provider, CardService International (a company we've had nothing but problems with, by the way), I found out it was just "sort of" approved.
It turns out all that is necessary for a charge to be approved is that there is enough money available in the account. If things like address or name or ZIP code don't match, the charge is still approved but these discrepancies are noted in the transaction confirmation email sent out by CardService. Then it is up to the merchant to decide if it wants to take the chance and process the transaction.
Well, I looked at the confirmation email pertaining to the transaction in question and found it contained alphabet soup - a hodgepodge of codes and numbers, none of which gave any indication something was suspicious.
I pointed out to the customer service rep I was talking to that if I have to check every transaction confirmation email that comes through my system, then I've lost the advantage of real-time authorization. I still have to manually confirm each transaction. Furthermore, by approving the charge and just "warning" me (if you can call it that), the credit card companies have now unfairly thrown the responsibility back on my shoulders.
"It's your own fault," the argument goes. "We warned you."
My guess is many small-business owners like myself have no idea that "approved" doesn't mean everything checks out A-OK and that we're totally responsible for the fraud committed in our stores even though we had no hand in creating the fraud-ridden system developed by the credit card companies, and they give us no tools to protect ourselves against it.
Want to know another way to beat the system? Use a card number drawn on an international bank. We know for certain Visa doesn't care if it's fraudulent. Here's what happened to us.
An order came though in which the email address was a Hotmail account, the physical address was in Texas, the IP came out of Iceland, and the card was drawn on a bank in Tokyo. Obviously something was wrong here. So we called Visa. A Visa representative told us WE needed to call the bank in Tokyo and cancel the card. "But isn't Visa worldwide?" we asked. "Yes," the representative said, "but we don't call international banks. You need to call."
Yeah, right. I'm going to take the time to place an international call at my expense to a bank in a country whose language I don't even speak to discuss a bad card number it issued. It is easier to refuse the order and ban the card number from our system. That, of course, helps us but doesn't prevent the person from trying to use the card again somewhere else. And, in reality, it is a temporary fix for us since it is so easy to create new numbers on the fly.
So what can we as small-business owners do? In the short term, we are on our own. The best thing we can do is flag orders that:
In the long term, I'd like to see:
I'm telling you people, rampant credit card fraud has the potential to kill e-commerce faster than anything else.
Where is Janet Reno when you need her?
Twitter Canada MD Kirstine Stewart to Keynote Toronto
ClickZ Live Toronto (May 14-16) is a new event addressing the rapidly changing landscape that digital marketers face. The agenda focuses on customer engagement and attaining maximum ROI through online marketing efforts across paid, owned & earned media. Register now and save!*
*Early Bird Rates expire April 17.
After five years of telling others about how to spend their marketing budget online, Richard Hoy recently left the employ of this influential publication to see if what he's been blabbing with his big fat mouth all these years really works. He is President and Co-founder of Booklocker.com Inc., an alternative to traditional publishing that helps authors realize profits of up to 70 percent of sales by combining electronic publishing with Internet marketing.
Marketing Apps for Landing Pages White Paper
Marketing apps can elevate a formulaic landing page into a highly interactive user experience. Learn how to turn your static content into exciting marketing apps.
Redefining 'Mobile-Only' Users: Millions Selectively Avoid the Desktop
A new breed of selective mobile-only consumers has emerged. What are the demos of these users and how and where can marketers reach them?
March 19, 2014