The eBiz Blog

Accepting credit cards online is necessary if you want to run a successful web store. But the threat of credit card fraud is very real. In 2010 alone, online credit card fraud cost North American businesses $2.7 billion. No doubt that figure has only gone up due to all the major retailer security breaches that have occurred over the last few years.

You may wonder how to accept credit cards on your website without making yourself vulnerable to fraud. Is it even possible? You won’t be there to watch the cardholder swipe and sign in person, which is the best way to prevent credit card fraud. But that doesn’t mean there aren’t steps you can take to protect yourself from credit card fraudsters.

Be Careful Where You Ship

One way that credit card fraudsters get away with their fraud is by having their dishonestly obtained goods shipped to an address that’s not the billing address of the actual card owner. It makes sense if you think about it — the billing address is likely the legitimate cardholder’s home address and the credit card thief won’t want his or her pilfered goods to be sent there. Second-guess any orders with different shipping and billing addresses. This goes double if the order is for an unusually large amount or the buyer wants expedited shipping. Credit card thieves aren’t planning to pay for what they buy, but they do want their purchases to arrive quickly, before the merchant or the real cardholder catches on.

You should also be wary about shipping goods out of the country. Some countries, like the former Yugoslavia, Nigeria, Romania, Indonesia and Pakistan, have a reputation of being sources for coordinated credit card fraud rings. Take care when shipping to these countries.

Get All the Credit Card Info

When you accept credit cards on your website, get all the credit card information. That includes the full digit card number, cardholder name, phone number and billing address, CVV code and expiration date. Fraudsters often aren’t in possession of the cards they’re fraudulently trying to use. They’ve just managed to get their hands on the card number and nothing else. Asking for complete information reduces the chances that you’re accepting a stolen form of payment.

Because many times the thief only has partial card owner information, they will often make multiple submission attempts using the card to try and get the transaction accepted. For example, each time they will submit a different variation of the billing address or card owner's name trying to find the right combination for the card to be accepted. You can combat this by restricting the number of times a declined card can be submitted. A legitimate card owner trying to buy something should be able to get their own information entered correctly within 5 tries. Any attempts more than that are likely to be fraudulent.

Use Fraud Detection

When you open a merchant account for your website, you’ll also get a payment gateway that includes advanced options to automatically assist in protecting against fraud. Address verification is easily implemented and can block most fraud attempts all by itself. You can also enable card code verification protections that automatically decline the transaction if the card code submitted is not valid. Options like address verification are not mandatory and are not required by any credit card company or bank, so many times they are not enabled by default. Take the time to examine and configure all of your available included options before considering any added cost upgrades.

What to Do When You Get a Suspicious Order

If you get a suspicious credit card order online, don’t leap to any conclusions. Customers may have totally valid reasons for shipping to another country or another address. When you find an order that sets off your fraud radar, contact the cardholder to verify the order’s legitimacy.

If you can’t get in touch with the cardholder, it’s probably because you were given a false number and that means the order isn’t legit. If the order is legit, the cardholder will appreciate your concern for the safety of his or her data.

When you’re accepting credit cards on your website, fraud is always a concern. While you may not be able to verify a card user’s identity in person, there are multiple layers of protection you can put in place. Just remember to trust your instincts and use your common sense.