E-Commerce Risk

Selling products and services in a card-not-present environment is substantially riskier than doing it in a face-to-face setting. A number of things can and do go wrong that a physical interaction would have helped overcome.

Fraud. E-commerce businesses are much more vulnerable to fraud than brick-and-mortar operations. It is much more difficult to prevent fraudulent transactions when neither the card nor the cardholder is present at the point of sale. You cannot physically examine the card or request an ID to verify the cardholder’s identity, if you are suspicious about a particular transaction. It is no surprise then that fraudulent transactions and data security breaches cost e-commerce and mail order / telephone order (MO / TO) merchants billions of dollars every year, despite their best efforts to fight back. Internet fraud can take several shapes:

• A criminal uses a stolen card number to fraudulently purchase products or services.
• A family member uses a card to make purchases without the cardholder’s authorization.
• A customer falsely claims that he or she did not receive a shipment.
• Criminals hack into an e-commerce merchant’s card payment processing system and issue credits to themselves.

Theft. Criminals are constantly trying to identify and exploit vulnerabilities in merchants’ data protection systems. Information theft can be committed online or at a physical location:

• Data stolen online. There are a couple of ways for hackers to access personal account information:
  • Intercepting card account data during its transmission to or from the merchant.
  • Accessing inadequately protected processor’s payment systems and stealing data from them.
• Data stolen from a physical site. There is a number of ways in which information can be stolen from a physical data center, including:
  • Stealing account data by an outsider from a payment processor’s site and using it or selling it for unauthorized use.
  • Stealing account data by a processor’s employee and using it or selling it for unauthorized use.
  • A dumpster-truck’s driver steals unshredded account data from a payment processor’s site.

Customer disputes and chargebacks. Unfortunately, fraud is not the only, not even the biggest, risk that e-commerce and MO / TO merchants are faced with. Customer disputes and chargebacks are much costlier and, if left unchecked, can cause the suspension of the merchant’s credit card processing service. There are multiple reasons why a customer will dispute a transaction but the most common are:

• The ordered merchandise was never received.
• A service was not performed as expected.
• The product or service is not as described in the promotional material or website.
• The customer did not make the purchase; it was fraudulent.
• The customer is billed before the goods are shipped or the services provided.
• There is a misunderstanding about the cancellation of an order (often in a recurring payment plan) or the return and refund of a product.
• The customer is billed twice for the same order, or the transaction amount is incorrect.
• A credit has not been processed when the customer expected it would be.
• The customer does not recognize the merchant’s name on his or her credit card statement.
• The customer’s card is charged without his or her approval.

Your organization will need to adequately address all of these risks, before you start accepting payments. If not kept under control, fraudulent transactions and the resulting chargebacks can quickly lead to the suspension of your merchant account.

Image credit: TK.org.ua.