Operations: Thwart Online Fraudsters

Here’s a nightmare scenario: One Monday morning you look at the previous week’s sales numbers from your online channel, and your heart skips a beat. Sales were up 23 percent! Hooray!

But within a few days your contact center starts getting calls from irate consumers wondering why you’ve charged their credit cards for items they never ordered.

Your site has been tagged by Internet fraudsters using stolen credit card numbers.

How could you have avoided this? By instituting fraud-detection best practices. Here are a few offered in the white paper”Buyers Guide: Best Practices for Internet Fraud Prevention,” available from ClearCommerce, a software solutions provider (www.clearcommerce.com).

¥ Put in place systems that detect number-generator attacks. Here’s how such attacks occur: Fraudsters use automatic credit card number-generator programs to get thousands of credit card numbers that mirror the type a bank may have issued. Of course, most of the numbers correspond to nonexistent accounts. A fraudster will target a site and submit a series of transactions in small amounts to test a series of numbers.”Once the processor authorizes a valid number corresponding to an active account, the fraudster will begin charging the card to the limit,” the white paper’s authors noted.

¥ Velocity checks can help you avoid this scenario. Devise a system that flags orders containing repeat occurrences in any captured data field -- for example, the credit card number field -- over time.

¥ Flag for other suspicious order characteristics as well, such as a series of orders shipping to the same address but using several different credit card numbers, or an IP address from which you’ve logged several orders arriving within a short period of time (e.g., an hour or two) but using different credit card numbers. All are signs you may have been targeted by fraudsters.