ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Industry Standard

How do e-retailers manage to stay one step in front of the scam artists?

November 22, 1999
Web posted at: 10:43 a.m. EST (1543 GMT)

by Megan Barnett

(IDG) -- Fraudsters beware. Tom Suhadolnik is watching you.

As the founder and CEO of online cigar shop, he's fed up with fraudulent credit card orders placed on his site. He estimates that between 5 percent and 10 percent of his orders are bogus.

Two years ago, a frustrated Suhadolnik sat down in his basement in Concord Township, Ohio, with all of his fraudulent orders and studied them until he started to spot trends. The orders had certain unique characteristics characteristics he won't divulge for fear of alerting hacker interest.

Based on those trends, he developed a model that instantly assigns a level of risk to each order. If the order falls outside the parameters he has set (for example, the same person has different shipping and billing addresses, or the order is excessively large), it will be delayed and a customer service representative will follow up with a phone call before the order is approved.

In essence, Suhadolnik created his own neural network, a system that intelligently detects potential fraud based on historical data. A number of software companies, such as HNC Software, CyberSource and ClearCommerce, provide comparable, customizable neural networks to large retailers to combat credit card fraud.

  6 Web sites to help you fight credit-card fraud
  Before you buy, protect yourself.
  Authorities rarely interested in catching credit-card crook
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for computer industry cognoscenti
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Despite the popular belief that consumers are gambling by using credit cards on the Net, it is actually the merchants that face the greatest risks.

Just as in the offline world, there are many types of illegal credit card schemes online. Professional hackers generate bogus credit card numbers, people use lost or stolen cards and amateur fraudsters abuse the system to get free goods. Without a physical card or a signature to go on, online orders are inherently more risky.

As a result, credit card companies take a hands-off approach to merchants conducting business in cyberspace. If a thief uses a stolen credit card in the offline world, the credit card companies will settle the bill for the victimized cardholder. In the world of e-commerce, just as in the catalog and telephone order industries, the credit card companies place the burden on the merchants. If a consumer uses stolen card information to place an order for $2,000 worth of consumer electronics at, the site takes the loss. But if a thief walks into a Circuit City store and conducts the same transaction with a stolen card, the credit card company will pay the bill.

Few online merchants are willing to speak openly about how much fraud they detect and the methods they use to prevent it. After all, an article about Web sites with fraud problems is an advertisement to hackers looking for easy targets.

As a result, no one in the industry has been able to determine how rampant the problem is. In order to tackle the issue, a group of companies in the electronic commerce industry have formed the Internet Fraud Prevention Advisory Council. Led by charter members HNC Software, Vitessa, CyberCash, Signio, and, IFPAC's goal is to educate merchants and reduce the risk of online fraud.

The group hopes to develop a reliable measure of Web fraud, including identifying which industries are most at risk, and to create a list of best practices for merchants. IFPAC's first meeting, in October, drew about 40 participants.

For now, companies are relying on anecdotal figures. Visa USA, for instance, reports that less than 0.1 percent of total online Visa sales are fraudulent, just slightly above Visa USA's overall fraud rate. But a study commissioned by CyberSource revealed that online merchants estimate anywhere from 5 percent to 25 percent of their transactions are fraudulent.

Analysts suspect that a majority of the online fraud occurs outside the U.S., where e-commerce laws have not caught up with the technology, and where addresses and information are more difficult to verify. Ted Iacobuzio, a senior analyst with market research firm the Tower Group, has seen reports that say as much as half of all credit card fraud in Europe occurs online.

Certain commerce markets are at greater risk of fraud as well. The instant delivery and anonymity behind the sale of digital goods, such as pornography, software or digital currency, makes them more attractive to fraudsters. Similarly, sites that sell goods that can be easily converted into cash, such as consumer electronics, will typically be more prone to fraud.

But Internet fraud can be even more basic than that. In an attempt to obtain freebies, people have been known to order goods and tell their credit card company that they never placed the order, or never received it. When customers dispute orders, credit card companies take back the funds previously credited to the merchants, and the merchant is left to prove the goods were delivered as ordered. The process is called a chargeback.

Many times, people are able to keep the goods they received. If a signature wasn't obtained when the shipping company delivered the order, there is no way to prove the package was delivered.

"What I call 'marginally honest people' are out there committing fraud on the Net," says Allen Jost, VP of the risk-management group for eHNC, a division of HNC Software that provides services and software solutions for online merchants, including fraud detection, wallet services and data-mining.

Combating fraud has always been a cost of doing business, long before e-commerce came along. But another element unique to Internet merchants is the cost of losing valuable business as a result of fraud protection efforts. Antifraud systems use algorithms to detect risk, and the systems will reject an order if it falls within a designated realm.

Small merchants like can afford to phone each customer whose order is deemed too risky. But retailers that deploy such systems on a large scale are forced to let orders fall by the wayside, meaning they could be losing valuable customers. "Merchants are declining 15 percent to 20 percent of transactions to keep fraud down to 1 percent," eHNC's Jost says. "That's the real concern."

Is there any hope to eliminate fraud in this new barrier-free environment? Even the experts say no.

"There is no silver bullet," Jost says. "You have to recognize you have the problem, and manage your business to address it. Nothing will eliminate fraud altogether."

There are hundreds of technology experts who help online merchants stay ahead of fraud. Credit card firms have increased efforts to help their merchant customers. And merchants are hopeful the situation will improve.

"It's definitely a big concern," says Spencer Waxman, cofounder and president of, an online gift-currency site. "But I think the technology from the credit card issuers is going to catch up. I think we'll see a lot of evolution in this space in the next 12 months."

Online cons to watch for
June 4, 1999
Web scam: How one ISP took the money and ran
April 28, 1999
Users wait for ISPs to sort out monitoring tools
April 22, 1999
Widespread panic about Net fraud ignores common sense
March 26, 1999
ISPs share urge to merge
March 2, 1999
The best national and regional ISPs
February 8, 1999
How hackers cover their tracks
January 25, 1999

6 Web sites to help you fight credit-card fraud
Before you buy, protect yourself.
(The Industry Standard)
USPS Hopes Cylink Technology Will Halt Mail Fraud
QuickStudy: Digital wallets
Visa International exec talks about credit card fraud
(NetworkWorld Fusion)
Authorities rarely interested in catching credit-card crooks
FTC fraud lab monitors Web advertisements 24 hours a day
(NetworkWorld Fusion)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.