Get the E-Commerce Minute Newsletter from the E-Commerce Times » View Sample | Subscribe
Welcome Guest | Sign In
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

One Year Ago: Credit Card Fraud Crippling Online Merchants

By Stephen Caswell E-Commerce Times ECT News Network
Mar 20, 2001 4:05 PM PT

Originally published on March 21, 2000 and brought to you today as a time capsule.

One Year Ago: Credit Card Fraud Crippling Online Merchants

While credit card companies have consistently maintained that credit card fraud is no more prevalent online than in traditional forms of commerce, a number of experts are disputing the notion.

According to Alvin Cameron, Credit/Loss Prevention Manager for online fulfillment house Digital River (Nasdaq: DRIV), an estimated 20 to 40 percent of online purchases are fraud attempts. Accordingly, Cameron says, e-tailers are now facing a do-or-die proposition.

"Merchants who cannot control the flood of fraudulent purchase attempts will soon be out of business," he said.

Merchant's Risk

Contrary to popular belief, Cameron says, it is the merchant -- not the consumer -- that has the most to lose from credit card fraud. While federal laws limit consumer liability to US$50, credit card companies force e-tailers to eat the entire loss.

When a consumer indicates an instance of fraud, the disputed amount is removed from the merchant's account and credited back to the customer. This "chargeback" comes with a standard fee of $15 per instance.

In an effort to minimize its exposure, MasterCard will now fine merchants if chargebacks are 1 percent or higher of total sales transactions, or 2.5 percent or higher of total sales volume for more than two consecutive months.

One merchant told the E-Commerce Times that these rules could well force smaller e-tailers off the Web. However, many observers believe that MasterCard is merely trying to punish large merchants that the company sees as having lax credit card authorization policies.

Security Needs

According to Cameron, online merchants have been forced to develop sophisticated security protections that go far beyond the normal security approval process by the credit card companies. At present, credit card companies only verify if a credit card number is correct and then match the number against the customer's billing address.

"Doing business on the Internet is the equivalent of having someone walk into your store wearing a ski mask without any ID and offering a bank counter check to purchase a $2,000 stereo system," said Cameron. "While no brick-and-mortar store would make such sale, Internet merchants have to do it all the time."

Looking for Bottom

Cybercrime in all forms shows no signs of letting up any time soon. Late last week, for example, MSNBC reported that Visa quietly informed select merchants that 485,000 credit card numbers were stolen from a major e-tailer in January 1999. According to the report, the company covered up the issue.

MSNBC also reported that the file was stored on a prominent government computer and that the perpetrator was thought to have been traced to an Eastern European country.

By all accounts, e-tailers now find themselves in an ironic position. If consumer fears about online security dampen enthusiasm for e-commerce, merchants will find themselves being squeezed on both ends.

Answer Key?

While there do not appear to be any simple solutions, Cameron believes that potential cyber-criminals should now think twice before committing credit card fraud. This type of activity has long been considered too small to bother with, but Cameron points out that using credit cards fraudulently is quickly becoming "identity theft" -- which was recently defined as a serious federal felony.

He added that he is now working with more than 100 different federal and state police agencies to prosecute cyber-criminals. "No matter what they think," he said, "they leave digital fingerprints and can get caught."

Likewise, FBI special agent Charles Neal suggested in a recent E-Commerce Times interview that cyber-criminals should bear in mind that society is demanding that these criminals be punished.

"We are planning to add more resources to do that," Neal said.

Would you license your personal data to advertising platforms if you were paid directly for it?
Yes -- So much of my personal data is already in the hands of advertisers anyhow; I may as well be paid for it.
Possibly -- It depends how much I would be compensated and how the data I authorize to share would be used and protected.
No -- I would not sell my personal data at any price.