FIGHTING FRAUD ONLINE
Byline: Vicki M. Young
Crimes involving credit card fraud connected with cybershopping are certainly coming under intensifying scrutiny. But that sharpening focus may be obscuring an even bigger problem in Netland: the high cost of such fraudulent activity to e-tailers.
To be sure, both consumers and e-tailers are victimized when a credit-based cybercrime occurs. For the consumer, the burgeoning menace of identity theft online remains a costly and frustrating problem. In fact, it recently has been targeted by the Federal Trade Commission as a major threat to consumers’ credit profiles and financial liabilities. Yet, in terms of day-to-day operations, it is still the merchant who bears the greater risk when it comes to online fraud, say Web watchers contacted by WWD.
Among 100 companies surveyed by e-commerce service provider CyberSource last September, an eye-popping 83 percent of respondents considered online fraud a problem for Web merchants, up sharply from 75 percent in 1999. The companies canvassed estimated 4 percent of transactions on their Web sites are fraudulent, on average, and they put overall occurrences of fraud at anywhere from zero to 40 percent.
The anonymity of online customers makes the incidence of fraud much higher for merchants selling their wares on the Net than in a traditional store, notes e-commerce service provider HNC Software, in a report dated December 2000. When dealing face-to-face, retailers can ask for corroborating identification to make sure consumers are who they say they are, before approving their purchases. As cybershoppers themselves are not present at the point of sale, e-commerce sites don’t have that option.
The upshot: online merchants lost roughly $1 billion to cyberfraud in 1999 — or about 5 percent of online sales — much more than the one-tenth of 1 percent of revenue lost at traditional stores because of fraud.
So exactly what happens when a credit card charge is not authorized by the cardholder?
David Spector, managing director at GB Retail Funding, a unit of liquidator Gordon Bros. that provides financing for retailers, found out that his own credit card number was pilfered two years ago when he noticed unauthorized charges from at least two e-tailers. “The financial institution that issued my card didn’t require me to pay anything,” Spector recalls. “The company replaced my card, but I was never told what internal follow-up it did,” he said. Spector declined to reveal the credit card company or Web sites involved. Spector never found out how his card number was stolen, but given the circumstances, he’s almost certain it resulted from an online transaction rather than an off-line theft.
Generally, consumers are only liable for up to $50 when a credit card issued by a bank is stolen. One exception is American Express; if a holder’s card number is stolen, consumers aren’t liable for any unauthorized charges.
E-tailers aren’t so lucky. In cases of fraud, a merchant’s own bank will take back the money it paid to an e-tailer by reversing the credit card transaction. The reversal, known as a credit card chargeback, forces the e-tailer to pick up the tab for merchandise it no longer has in its possession. Adding insult to injury, the merchant’s bank tacks on a processing fee for the chargeback — on top of the upfront rate assessed on any purchase transacted with a credit card. That bank chargeback fee typically ranges between $15 and $30 per transaction, according to Kevin Fahey, a founder and partner of check payment processor Intell-A-Check.
It gets worse. If such chargebacks exceed a certain percentage of an e-tailer’s sales, established by the credit card issuer, the online store stands to lose the privilege of accepting payments by that credit instrument altogether. Or as Gordon Bros.’ Spector points out: “A very high chargeback rate could very well affect the amount of financing a retailer might be able to obtain.”
“Asset-based lenders lend against the value of receivables and inventory they think are collectible,” Spector continues. “When there’s a high level of chargebacks or returns, that would impact the amount of money a bank would be willing to lend. The lender would deduct the intangibles, such as an estimate for the chargebacks, from the value of the inventory to reduce its own risk on the loan.”
For the most part, e-tailers loathe talking about credit card fraud, even in general terms. Those who were willing to discuss the problem did so on condition of anonymity. A few said that they had multiple security checks in place to account for purchases made online and off, as well as security measures for bank cards that are different from those employed for proprietary charge cards.
One retail executive told WWD they didn’t want to risk driving away sales in case consumers mistakenly get the idea that there’s something wrong with the company’s e-commerce site. Another said the company didn’t want to risk giving a scam artist the idea its system could be an easy target for hackers. A third executive at a specialty chain merely whispered: “You don’t talk about security, you just do it.”
The cyberfraud news isn’t all negative.
At least one observer, Jeff Einstein, director of the North American interactive unit of Net researcher RappDigital, says the online environment is actually starting to become much safer. That’s because e-tailers are testing and retesting their security measures. “Merchants can mitigate their risks by dealing with reputable companies, such as those with expertise in transaction technology and encryption bundled together,” Einstein advises. “We recommend that our clients deal exclusively with best-of-breed solutions.”
Some heavy hitters have come out with their own products to help consumers and merchants combat fraud online. American Express Co. in October launched Private Payments, which enables consumers to make purchases online without transmitting their actual credit card numbers over the Internet. The program requires the cardholder to enter a user’s name and password before obtaining a randomly selected Private Payments number and expiration date for a one-time use.
Intell-A-Check, by comparison, gives people the option of paying bills by check, either by telephone, on the Web, or at a brick-and-mortar site. The check-processing company claims more than 350 clients and works with consumer credit reporting firm Equifax to determine the validity of an individual’s check. Most clients, including a large department store operating under multiple brand names, still use the system solely to enable consumers to pay their monthly utility or charge card bills by check. At least one big-box retail chain last year began giving consumers the option to pay for merchandise by check wherever they shop the store: traditional locations, telephone and online.
“Whether it’s a credit card or check that’s used, the rate of chargebacks is being driven up because of identity theft,” notes Jeff Carbiener, senior vice president and general manager of Equifax Check Solutions. “Most [fraud] rules are leaning in favor of the consumer, while the merchant has the burden of proving the customer did buy the merchandise.”
Equifax works with a variety of retailers, including mass merchants and national discounters, to help them decide whether or not to accept a check, by feeding information about a consumer into its multiple databases. Once the identity of the check writer has been verified, Equifax runs the data through its “negative files,” to see if the person has a history of writing rubber checks. If no problem turns up, Equifax issues an approval and Intell-A-Check processes the settlement.
“Retailers decide how much risk they want to take,” Carbinier explains. “They can also ask Intell-A-Check to guarantee a transaction. If we determine the check writer is a good risk and the check goes bad, Equifax reimburses the retailer and takes ownership of the transaction.”
Companies using the Equifax/Intell-A-Check process are charged a fee based on their volume of transactions. If Equifax chooses to provide an additional level of security, retailers are charged about 1 percent of the amount of each transaction covered by the policy. “The discount fees that banks charge are [about] 2.5 percent, plus the chargeback fee. Equifax and Intell-A-Check can provide a guaranteed service that has a total cost well under the discount rate,” he said.
Approximately 20 percent of U.S. consumers either don’t have a credit card or prefer to pay their bills by check, according to Carbinier, who says a number of retailers have indicated a desire to offer the check payment option once their Internet strategies are fully in place.
New entries into the fraud prevention arena include a data-sharing venture between Dolan Media Co. and Arrangeonline.com. The two companies in December agreed to share data to curtail identity theft of people who have died. The recently deceased are a common target because credit cards and bank accounts aren’t always automatically canceled. The alliance, working with the funeral industry, is creating comprehensive databases of information to help fight fraud online and off.
THE E-TAILER’S TAKE ON CYBERFRAUD
4 percent: Average estimate of transactions believed to be fraudulent.
0 to 40 percent: Range of fraudulent transactions, overall.
4 percent: Average amount of revenue lost due to fraud online.
74 percent: Have implemented anti-fraud measures.
61 percent: Will be taking more security precautions this year than in 2000.
81 percent: Believe sales would increase if e-shoppers were less concerned about fraud, up from 72 percent in 1999.
Source: CyberSource Fraud 2000 survey of 100 randomly selected e-businesses, 50 of them with a presence both online and off.
Potential Benefits of Fraud-Detection Applications
Reduce amount of lost merchandise and payments from fraudulent orders.
Reduce financial losses from chargebacks and shipping fees.
Minimize quantity of legitimate orders that are rejected as high risks by rules that are too broad.
Reduce number of orders that are manually reviewed, thus cutting costs.
Help merchants keep credit card payment privileges.
Source: HNC Software’s December 2000 white paper