The e-commerce is an industry that is notorious for its vulnerability to a long list of risk factors. Web-based merchants often spend as much time and resources dealing with risk management issues as they are on serving their customers.
I am yet to speak with a merchant who enjoys managing risk. Most everyone I talk to sees it as a highly unpleasant, often expensive, task that just needs to be done. Now, I am not going to try to make you love risk management. You don’t have to. What you do need is to understand where e-commerce risk comes from and why. Once you get this part handled, managing risk will become a much easier, though not any more pleasant, task.
E-commerce transactions are much more likely to result in fraud than face-to-face ones. The reason is that, when in doubt about the legitimacy of a particular transaction, web-based merchants cannot physically verify the validity of the card or verify that the cardholder is an authorized user by requesting his driver’s license. E-commerce fraud can take many shapes, including:
- A stolen card number is fraudulently used for an online purchase.
- An order is placed by a family member who is not authorized to use the card.
- A legitimate order is disputed by a customer who falsely claims that he did not receive the delivery.
- A credit is issued to himself by a criminal who has hacked into the merchant’s system.
Criminals are always looking for ways to circumvent the e-commerce merchants’ data protection mechanisms and steal the stored cardholder information. Sensitive data can be stolen online or at a physical location:
- Online data breach. Hackers can steal sensitive account information by:
- Intercepting transaction data during transmission to or from the merchant services provider.
- Accessing the insufficiently well protected payment processor’s system.
- Physical site data breach. Criminals can get a hold of credit card data from a physical location by:
- Breaching a credit card processor’s physical site.
- Having one of the processor’s own employees steal data for them.
- Colluding with a driver for the company that provides document-shredding services for the processor who delivers the unshredded documents to the criminals.
Customer Disputes and Chargebacks
Customer disputes and chargebacks are usually the top risk concern for e-commerce merchants. They can be reviewed separately, but I prefer to place them in the same category, because customer disputes, as harmful as they are on their own, do the most damage when they deteriorate into chargebacks.
It is true that a data breach can potentially be far more damaging and fraud is a much more clear-cut threat, however customer disputes and chargebacks are, on the whole, much more time consuming and the number one reason processors suspend or terminate merchant accounts. There are many causes for customer disputes and chargebacks, but the most common ones are:
- The merchandise is never received.
- The service is not provided as expected.
- The delivered item is defective or different from its description on the merchant’s website.
- The transaction is fraudulent.
- The cardholder is billed before the item is shipped or the service provided.
- The cardholder is billed twice for the same transaction.
- The transaction amount is incorrect.
- A recurring transaction is processed after being canceled by the cardholder.
- A credit is posted as a purchase.
- A credit is not processed when the customer expected.
- The cardholder does not recognize the merchant’s name on his credit card statement.
- The card is charged without the cardholder’s approval.
Your risk management system needs to be designed in a way that accounts for each of these risk categories and you have to constantly update it. We have written quite a few articles and guides to help you do that so take advantage of our expertise. Also, share with us what has worked well for you in the comments below.
Image credit: Boltinsurance.com.