Solving Credit Card Fraud on your e-commerce website

by in Uncategorized

Anyone who has even run an online store or an e-commerce store has inevitably experienced credit card fraud.  It comes in all shapes and forms but the most common one is purchasing goods and services with stolen credit cards.  In today’s electronic world this can be done by simply acquiring a credit card number – no need for a physical card.
Intechnic has dealt with credit card fraud for years, successfully defending our customers’ businesses from all kinds of online fraud.   To help reduce credit card fraud we’ve put together a list of 10 Do’s and Don’ts for any e-commerce website’s owner to consider:

  1. Manually screen ALL orders. Never (we repeat NEVER) ship products or provide services without manually screening the order and verifying each legitimacy. There is no automatic system to prevent 100% of fraud.  Sometimes something in the order will jump out that no system can catch.
  2. It is often a good idea to authorize the credit card for the order amount and capture the funds following manual screening. This will eliminate any chargeback fees and hassles of voiding or refunding purchases later.
  3. Always make sure all transactions are routed through SSL and are encrypted.  Do not take credit card orders without a valid SSL certificate and an encrypted connection.
  4. For better protection encrypt credit card numbers and expiration dates (or not store them at all) and do not e-mail credit card numbers (in order notifications, for example) this is way too easy to intercept.
  5. Make sure to mask all but the last 4 digits of credit cards on all receipts, packing slips, and shipping statements. You are also required to mask the expiration date.
  6. Always check CVV2 on the card (extra digits on the back for Visa/MC or on the front for Amex). CVV2 (Card Verification Value) is an important security feature for credit card transactions over the Internet. Verifying the CVV2 number at the moment of credit card authorization enhances fraud protection and helps to verify two factors: 1) that the customer actually has the credit card in their possession; and 2) that the credit card number is legitimate. Since it is illegal to store CVV2  (yes, don’t store it in your records!) this is the best way to ensure physical presence of the credit card.
  7. Always utilize Address Verification Systems (AVS). AVS is a service in which a merchant can verify a credit card holder’s address with the issuing bank. Address Verification is recommended by all major issuing banks for all credit cards processed over the Web.  It makes fraudster’s job more difficult, not only they need to know credit card number, expiration date and CVV2 but they also need to know the address the bank has on file!
  8. Check the IP address of the order.  Fraud can be further reduced by integrating geographical location analysis directly into your shopping cart, analyzing the location of the originating purchase, and comparing it to the billing address of the credit card instantly. Orders from high risk countries and from customers with anonymous e-mail addresses should then be further analyzed to verify their validity.
  9. Some situations may require advanced credit card verification services and scoring models to minimize fraudulent transactions in certain environments. These services include Issuing Bank BIN Number matching (verifying issuing bank name and number), anonymous proxy detection, velocity filters, purchasing pattern analysis, IP address blocking, and others. 
  10. If you don’t know what to do – hire a trusted e-commerce professional.  For example, Intechnic offers over ten years of experience building and running successful e-commerce stores with millions of dollars of daily revenues.  If your provider hasn’t mentioned things from above – fire them and hire Intechnic instead.