How do e-retailers manage to stay one step in front of the scam artists?
November 22, 1999
by Megan Barnett
(IDG) -- Fraudsters beware. Tom Suhadolnik is watching you.
As the founder and CEO of online cigar shop TheSmokeShop.com, he's fed up with fraudulent credit card orders placed on his site. He estimates that between 5 percent and 10 percent of his orders are bogus.
Two years ago, a frustrated Suhadolnik sat down in his basement in Concord Township, Ohio, with all of his fraudulent orders and studied them until he started to spot trends. The orders had certain unique characteristics ö characteristics he won't divulge for fear of alerting hacker interest.
Based on those trends, he developed a model that instantly assigns a level of risk to each order. If the order falls outside the parameters he has set (for example, the same person has different shipping and billing addresses, or the order is excessively large), it will be delayed and a customer service representative will follow up with a phone call before the order is approved.
In essence, Suhadolnik created his own neural network, a system that intelligently detects potential fraud based on historical data. A number of software companies, such as HNC Software, CyberSource and ClearCommerce, provide comparable, customizable neural networks to large retailers to combat credit card fraud.
Despite the popular belief that consumers are gambling by using credit cards on the Net, it is actually the merchants that face the greatest risks.
Just as in the offline world, there are many types of illegal credit card schemes online. Professional hackers generate bogus credit card numbers, people use lost or stolen cards and amateur fraudsters abuse the system to get free goods. Without a physical card or a signature to go on, online orders are inherently more risky.
As a result, credit card companies take a hands-off approach to merchants conducting business in cyberspace. If a thief uses a stolen credit card in the offline world, the credit card companies will settle the bill for the victimized cardholder. In the world of e-commerce, just as in the catalog and telephone order industries, the credit card companies place the burden on the merchants. If a consumer uses stolen card information to place an order for $2,000 worth of consumer electronics at CircuitCity.com, the site takes the loss. But if a thief walks into a Circuit City store and conducts the same transaction with a stolen card, the credit card company will pay the bill.
Few online merchants are willing to speak openly about how much fraud they detect and the methods they use to prevent it. After all, an article about Web sites with fraud problems is an advertisement to hackers looking for easy targets.
As a result, no one in the industry has been able to determine how rampant the problem is. In order to tackle the issue, a group of companies in the electronic commerce industry have formed the Internet Fraud Prevention Advisory Council. Led by charter members HNC Software, Vitessa, CyberCash, Signio, ShopNow.com and Ebit.net, IFPAC's goal is to educate merchants and reduce the risk of online fraud.
The group hopes to develop a reliable measure of Web fraud, including identifying which industries are most at risk, and to create a list of best practices for merchants. IFPAC's first meeting, in October, drew about 40 participants.
For now, companies are relying on anecdotal figures. Visa USA, for instance, reports that less than 0.1 percent of total online Visa sales are fraudulent, just slightly above Visa USA's overall fraud rate. But a study commissioned by CyberSource revealed that online merchants estimate anywhere from 5 percent to 25 percent of their transactions are fraudulent.
Analysts suspect that a majority of the online fraud occurs outside the U.S., where e-commerce laws have not caught up with the technology, and where addresses and information are more difficult to verify. Ted Iacobuzio, a senior analyst with market research firm the Tower Group, has seen reports that say as much as half of all credit card fraud in Europe occurs online.
Certain commerce markets are at greater risk of fraud as well. The instant delivery and anonymity behind the sale of digital goods, such as pornography, software or digital currency, makes them more attractive to fraudsters. Similarly, sites that sell goods that can be easily converted into cash, such as consumer electronics, will typically be more prone to fraud.
But Internet fraud can be even more basic than that. In an attempt to obtain freebies, people have been known to order goods and tell their credit card company that they never placed the order, or never received it. When customers dispute orders, credit card companies take back the funds previously credited to the merchants, and the merchant is left to prove the goods were delivered as ordered. The process is called a chargeback.
Many times, people are able to keep the goods they received. If a signature wasn't obtained when the shipping company delivered the order, there is no way to prove the package was delivered.
"What I call 'marginally honest people' are out there committing fraud on the Net," says Allen Jost, VP of the risk-management group for eHNC, a division of HNC Software that provides services and software solutions for online merchants, including fraud detection, wallet services and data-mining.
Combating fraud has always been a cost of doing business, long before e-commerce came along. But another element unique to Internet merchants is the cost of losing valuable business as a result of fraud protection efforts. Antifraud systems use algorithms to detect risk, and the systems will reject an order if it falls within a designated realm.
Small merchants like TheSmokeShop.com can afford to phone each customer whose order is deemed too risky. But retailers that deploy such systems on a large scale are forced to let orders fall by the wayside, meaning they could be losing valuable customers. "Merchants are declining 15 percent to 20 percent of transactions to keep fraud down to 1 percent," eHNC's Jost says. "That's the real concern."
Is there any hope to eliminate fraud in this new barrier-free environment? Even the experts say no.
"There is no silver bullet," Jost says. "You have to recognize you have the problem, and manage your business to address it. Nothing will eliminate fraud altogether."
There are hundreds of technology experts who help online merchants stay ahead of fraud. Credit card firms have increased efforts to help their merchant customers. And merchants are hopeful the situation will improve.
"It's definitely a big concern," says Spencer Waxman, cofounder and president of Flooz.com, an online gift-currency site. "But I think the technology from the credit card issuers is going to catch up. I think we'll see a lot of evolution in this space in the next 12 months."
Online cons to watch for
RELATED IDG.net STORIES:
6 Web sites to help you fight credit-card fraud
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.