Avoiding fraud may not bring more customers to your web site, but it is an essential element of running an e-business. This is why I have dedicated this chapter to my book. Avoiding fraud will save your company money and therefore make your business more profitable and therefore more successful.

Consumers wary of online fraud can always stick to purchasing from the high street. But businesses trading online have no option but to accept credit cards. Research from Datamonitor shows that 90 per cent of online transactions are paid for with credit or debit cards, compared to only 28 per cent of purchases made in person.

An occasional fraudulent transaction of low value is only likely to be a minor inconvenience to most businesses. But as volumes and values increase, so does the risk of serious fraud. A 2002 study by GartnerG2 found that losses from online fraud were up to 19 times higher than those for offline sales.

One of the biggest problems is the delay between a transaction taking place and the business finding out that it was fraudulent - a process that can take up to three months. In this article I look at 13 ways you can help to protect your business from being ripped off by credit card fraudsters.

1) Defining the Risk
Payment service provider Bibit Global Payment Services advises businesses to first determine the likelihood of fraud in their market. This involves defining the risk based on the industry, the type of goods or services being sold, their price level and the countries being sold to. A relatively high charge-back fraud risk exists for high value or branded consumer products that are easily stored, traded and transported.

2) Registration
You have most control over new users at the time they register. Do you really want to accept orders from untraceable, free web-based email services such as Yahoo! and Hotmail? The majority of mobile phones are no more traceable, so insist on a fixed line for customer contact, using validation on your email forms. Only deliver to the address of the card holder and place restrictions on the first few orders.

3) Terms and Conditions
Make sure that anyone buying from you agrees to your terms and conditions before completing any purchase online. Ensure that these terms and conditions set out very clearly that people may only purchase using their own credit card details. Also, it should be made clear which national law governs them and what the consequences are for fraudulent conduct under that legal system.

4) Checking the Facts
Credit card fraud is often linked to card numbers that have been generated by illicit computer programs. Double-check key details with a percentage of buyers - and make it clear that you'll be doing so. On certain transactions, event promoter tickectmaster.co.uk mail customers to request the name on their credit card, their address and the name of the issuing bank and a copy of the credit card bill which you used in the transaction. Legitimate users will always have this information, although the check is time-consuming and may slow down the transaction.

5) Addressing the Problem
Be prepared to carry out spot checks on large or suspect orders. Customer data can be checked against online directories, although individuals are increasingly opting out of telephone directories because of nuisance calls. The BT telephone book can be found at www.bt.com/directory-enquiries and the UK electoral roll can be viewed at www.192.com. If you're dealing with customers in another country then consult the global Telephone Directories page at Infobel World.

6) Country of Origin
An order's destination should sometimes ring alarm bells, so don't be afraid to refuse orders from certain countries. Unfortunately, one of the key indicators of a fraudulent order is the country of origin.

7). Unusual Orders
Fraudulent transactions often have unusual characteristics. One example may be a private individual ordering three washing machines. Scrutinising orders that exceed a supplier's average value, as well as those that appear to have been made in what would be the middle of the night for a customer's location. High volume orders can also point to a miss-price being exploited.

8) Keeping Records
If they get away with it, crooks are rarely happy with one crime and so online fraudsters are likely to come back for more. It's a good idea to maintain a 'negative file' for transaction histories: The file should contain information from previous fraudulent orders. New orders should be compared to the negative file and those with matching characteristics reviewed.

9) The Insider Threat
Although fraud normally appears to be a threat from the outside, all businesses need to look at their internal processes. It's important to remember that employees are able to steal credit card numbers. According to a Detica white paper on insider fraud, 60 per cent of all fraud involves the employees of an organisation, often working in collusion with outsiders. For some organisations it is estimated that the cost of internal fraud can be as high as six per cent of turnover.

10) Card Verification
Make use of existing technologies such as CVC - the Card Verification Code on the back of cards - CVV2 for Visa, CVVC for MasterCard and CID for American Express. This information is not embossed on the card and so is not printed on any receipts. The provision of this information when requested should prove that the customer actually has the card in their position. A valid CVC cannot be calculated in the same way as random card numbers.

11) Choose an Anti-fraud Solution
Online ring tone vendor Mobile Streams has experienced problems with users saying that goods have not been received. This has led to costly chargeback's months later, at great expense because of the large number of small value transactions. The company selected Advanced Fraud Screen from CyberSource to solve the problem. This has enabled Mobile Streams to fine-tune risk scores to match customer demographics and then filter out customers who don't appear to be legitimate.

12) Secure Storage
You wouldn't leave your credit card on your car's dashboard, so make sure all your sensitive computer data is stored securely. Internet-powered companies often make the mistake of housing customer data on back-end servers and databases without encrypting it. In one recent cyber attack in the US, a hacker penetrated the firewall and walked away with more than five million credit card numbers that were left unprotected in storage on backend systems.

13) Outsourcing
The tasks associated with fraud prevention are not always a core part of most businesses and so outsourcing can make sense. A specialist payment provider can gather and act on data from millions of international transactions. Outsourcing your payment technology also greatly reduces security headaches because you do not see, capture or store the payment details - this is all done for you by your payment provider, in a secure environment.

Is your business at risk?

Hack attacks, downtime & viruses are just some of the threats that may seriously damage an online business. Imagine what could happen to the reputation of your company if you get infected with a virus that wipes your database?

Being in e-business brings you a host of opportunities that just aren't available to people who do not use the internet, but it has its fair share of challenges too. Have you thought about the losses and liabilities that you could incur simply by being online?

Worrying figures from a DTI survey suggest otherwise. Less than eight per cent of e-businesses in the UK have any specific e-risk insurance. Professional indemnity insurance is notoriously difficult to secure, especially if you're in a business with a strongly perceived element of risk.

So how can you protect your business from such threats?

Here is a checklist of ways in which you can minimize the risks to your business;

• Use a reputable virus program such as Norton or MacAfee. Such programs cost approximately 100 pounds per PC every year.
• Update your virus definitions regularly within the above virus software. This will make sure that you are protected from new viruses which appear every day.
• Scan your computer(s) at least once a week with the virus software.
• Scan incoming and outgoing email using the settings within the software, some days I receive 1,000 emails all containing viruses. The software will automatically delete the virus or quarantine it to ensure it can't cause any harm to your computer
• Only open email attachments from people who you know. This is where 99% of all email viruses are found.
• If you are using Windows XP make sure you download all of the recent security updates and check for new updates on a regular basis. I once lost 4 weeks work because I had not updated my machine. It was also in the middle of a very busy period and I lost a lot of important documents not to mention the time it took to replace the lost data.
• Firewall program such as Norton Internet Proffesional is a must.
• Backup your computer as regular as possible and at least once a week. This will also prevent you from loosing work. My own experiences mean I back up my data every day onto a CD and store in a safe place away from my office. Imagine if you have a fire and your backup is in the office you will realize why you should keep it in a separate location to that of the computers.

The Stats

The average cost of a serious security breach is Ј30,000

44% have suffered at least one security breach in the last year

Only 28% make staff aware of IT security issues

Less than 8% of e-businesses have specific e-risk insurance

CHAPTER 19 NEXT
BACK TO CHAPTER 17