Using the E-Commerce Internet ...avoiding credit card fraud Unfortunately the holiday shopping season brings with it an increase in the unauthorized and fraudulent use of credit cards to pay for on-line purchases. Fraudsters and hackers will to try and take advantage of you during this season in the hope that you will be too busy to notice a bad transaction. This article covers post process fraud prevention: prevention after an order is received. Pre process prevention measures tend to be more technical in nature and are applied prior to or during a credit card transaction. Such items as checksum number validation, date checking, form field checking, and transaction isolation are some pre process activities. If the items you sell are custom made or simply not readily resold into the retail market, then outright fraud is not likely to be a big concern. High value electronic consumer goods, on the other hand, are prime targets for fraudsters because they can be readily resold. A TRANSACTION First, it is helpful to understand the process for a real time credit card transaction. Card transactions on the financial networks take place in two parts: authorization followed by settlement. When a customer submits a credit card at your storefront for payment, it is first processed for an authorization of payment. If the card is valid, a hold for the requested amount is placed on the customer's available credit in the card account. Funds have not yet been transferred. At some subsequent time, a request for settlement has to be made to the customer's bank to cause a transfer funds from the customer's account to your merchant account. Depending on the particular financial gateway and it's configuration, this request, sometimes called a capture, may happen automatically or may require a settlement request from the merchant. Automatic settlements will usually occur in a batch during specific times of the day. POST PROCESS FRAUD PREVENTION EVALUATE At any time but, especially during the holiday season, it is good practice to assign one person or group the responsibility of determining the validity of any order paid for on-line. While automatic fraud detection software is useful, it can provide false positive as well as false negative responses and should not be relied on exclusively. There is no good substitute to having a person that knows the business and the customers checking orders before shipment. Naturally, this assumes that the person doing the checking knows what to look out for. ALERT SIGNALS DECLINED CARD There are some obvious signals to watch out for as well as some subtle indications of a bogus charge. The most obvious signal is a declined card. This may seem like a trivial item to mention but, depending on the order processing system in use, declined charges can slip through and become fulfilled orders. Always make sure the authorization was successful. A good authorization is often indicated by the word "success" or the letter "G" being returned by the processing gateway. On certain gateways, a transaction authorization status may also be indicated by a three digit response code, 000 indicating a success; 001 indicating a failed authorization due to insufficient credit. NO ADDRESS VERIFICATION Nearly all card authorizations respond with an address verification (AVS) from the issuing bank. This is an important service for detecting fraud. Unfortunately it is only available from USA and some Canadian banks and will only verify leading digits in an address. IE: a street number can be verified but not the street name. Showing AVS return results should always be a part of any merchant's card transaction utility. If address verification isn't available, the merchant should look for an alternate service. Address verification is returned usually as a letter code indicating the level of verifiable data. For instance a "Y" will indicate that the five digit zip code and the address given match the information on file for the given card. An "N" indicates that neither address or zip matches. There are other indicators, for instance, a "Z" indicates a match on the five digit zip only. Using address verification requires some interpretation. A "Z" return may indicate a perfectly valid order where the customer has given a Post Office box number as their rightful card address. That is, some cards are now being issued to PO box addresses but the AVS system can only confirm leading digits in the address. Automated fraud detection systems that refuse an order when there is no "Y" address verification may be blocking perfectly legitimate orders. REPEATED SHIPPING ADDRESS Another signal that should trigger an alert is an order going to a previously used shipping address originating from a different person and/or a different credit card. The shipping address may be a temporary location for receiving deliveries or it may be a freight forwarder location. The chances are very good that the address will not verify. UNLIKELY ORDER Fleece lined boots to Florida is an unlikely order. The order may be perfectly legitimate but, should trigger an alert for a closer look. REPEATED CARD NUMBER If the same credit card number appears more than once in within a few hours or days, take a closer look at the order. If the address given is different from a previous address for the same card, the merchant can be pretty sure this is a fraudulent transaction. It also means that the first order was most likely bogus as well and probably did not get an address verification. WRONG IP ADDRESS Actually there isn't a "wrong" IP address. just one that isn't very likely based on the information given. For instance, if the customer gives a Kansas location and an AOL e-mail address and the IP number lookup indicates a network in China or even a non AOL network, there is reason for suspicion. MERCHANT REMEDIES COMMUNICATE Many uncertainties about an order can be resolved by a simple e-mail or telephone call to the customer. Of course the contact information may be to the fraudster who will naturally verify that this is a valid order. A few friendly questions, for instance, about how the customer plans to use or locate the product may help detect a fraud. In our own experience, valid customers are always grateful for our checking with them about charges to their credit card. CONFIRM If communication fails to quell the alert, the merchant can use one of the reverse lookup services for checking the validity of given information. A telephone number check of area code will confirm the state or region while the full number check will provide the person and address. You have your choice of telephone number lookup services at: http://www.reversephonedirectory.com/ Search for an e-mail address given a person's name at: http://www.bigfoot.com/ A reverse zip code lookup can be found at: http://whitepages.com/area-zip-codes If you want a mind boggling array of choices for looking up people, places, e-mail, zips, etc., go to: http://www.freeality.com/finde.htm ImagineNation provides a multiple register IP number lookup service for merchants at: http://ImagineNation.com/Public/WhoIs/lookup.cfm Remember, IP numbers usually won't identify a person, just the network that they use to connect to the Internet. The above are free services so expect a fair number of pop up ads with some of them. CAPTURE Finally, if after an alert signal, customer information checks out OK, the merchant can be reasonably assured that the order is valid. If confirmation or information doesn't validate, don't ship or ship at your own risk! This is where manual settlement (capturing the charge as a subsequent process to authorization) is an excellent utility for the merchant to avoid making wrongfull charges to a credit card. If the order is obviously bogus, even though the card charge was authorized, no further action is required. The monies won't be transferred and the merchant doesn't ship the order. If the order checks out, the merchant settles the card authorization and ships the order. IAMS merchants at ImagineNation will be familiar with this capability. Even though they do not themselves settle transactions, they can withhold an authorization from settlement by voiding the order or by not entering a shipping date. Don't forget to ship using some means of delivery confirmation and have a successful holiday selling season. Next issue:  Getting ready ....site design Up-comming:  More on getting ready FURTHER READING: Don't overlook our LINKS page for information sources. Information security article  Products of ImagineNation!    Providing on-line stores for small and mid-size Internet businesses since 1996,   Imaginenation is a full service company meeting all of your e-commerce needs:    Storefronts     Credit Card Processing     Back Office Utilities     Merchant Accounts DO YOU NEED HELP WITH OUR PRODUCTS OR HAVE A GENERAL QUESTION? Please E-Mail specific product questions using the mail form at  ImagineNation.com For general information questions, visit our moderated public Q&A   FORUM For back issues of E-ComTips visit the   ARCHIVE Recent     Changes    Improvements    Upgrades    Stories New benefit for IAMS subscribers using webPeddleGold! In keeping with the comming holiday season, an optional gift shipment text area was added to the shipping information form. This option can be activated from the IAMS console by going to "Your profile/Account profile" and placing a check in the Gift Form box. No changes appear on the shipping page if the gift form is not activated. No information is passed through if it is activated but not selected by the customer. If the customer elects to use the gift form, the information received is entered into the order log and presented in the memo field of the order detail page. If you elect to offer gift shipment, be aware of the possibility of additional shipping and handling costs. Also be sure to check over the payment info carefully because in all likelyhood, the shipment will be to an address other than the billing and/or ordering address. You can't use the IAMS shipping invoice utility to generate the gift destination label. Have you seen the new PeddleGold storefront? You provide the content; we supply the container. Instantly turn your web site into a storefront with PeddleGold. Create your own table of products, upload that and the PeddleGold container, and you have an on-line store complete with select lists, buy buttons, search utility, shopping cart, shipping form, and payment form. PeddleGold is the standard for robust, easy to use, low cost storefronts. Take a demo ride.       Check our low prices. Get your first month free. Tips 'n Tricks    HTML tags shown here use the caret (^) instead of braces <> for proper rendering.     Brackets are represented by the curly bracket symbols ({}). IAMS and BakPak merchants at ImagineNation have numerous ways of validating customer information built into their order detail pages. The order detail page is the prime source of order information and should be checked over carefully before any shipment. Look for red flags in the shipping vs. credit card address fields. These don't necessarily indicate a bad order, they just signal non matching information which the merchant should evaluate in light of other information. Check that the credit card authorization was a success. If there is some concern over the origin of the order, clicking on the Referring URL link will bring up a separate WhoIs lookup page for the originating IP number. Clicking the mailbox icon in either the address field or the cc info field will bring up a customer contact form for the corresponding e-mail address. Using this form automatically references the order number for quicker communication. ImagineNation © 1996 - 2002 Suffering from overload?  List Removal E-ComTips is brought to you by ImagineNation because you are listed as a user of one of our storefront products or have subscribed to receive the Newsletter itself. To remove your address from our list, go to List Remove and, if your correct address and service ID are not showing when you get there, enter the correct values manually. Please do not reply to this newsletter return e-mail address. Replies here are not processed. Use the Mail Form at ImagineNation to correspond. This e-mail address is: [4] and the ID is [1]

________________________________________________________________
USEFUL URLs FOR TEXT ONLY E-MAIL READERS
ImagineNation    http://ImagineNation.com
webPeddle        http://webPeddle.com
PeddleGold       http://webPeddle.net
Public Forum     http://ImagineNation.com/Public/Q-A/index.cfm
Free Downloads   http://imaginenation.com/Products/free-dd.cfm
Subscribe        http://ImagineNation.com/Public/Mail/signup.cfm
Remove           http://ImagineNation.com/Public/Mail/remove.cfm
View E-ComTips from your browser 
http://ImagineNation.com/Public/NewsLetters
________________________________________________________________