One Year Ago: Credit Card Fraud Crippling Online Merchants

Originally published on March 21, 2000 and brought to you today as a time capsule.

While credit card companies have consistently maintained that credit card fraud is no more prevalent online than in traditional forms of commerce, a number of experts are disputing the notion.

According to Alvin Cameron, Credit/Loss Prevention Manager for online fulfillment house Digital River (Nasdaq: DRIV), an estimated 20 to 40 percent of online purchases are fraud attempts. Accordingly, Cameron says, e-tailers are now facing a do-or-die proposition.

“Merchants who cannot control the flood of fraudulent purchase attempts will soon be out of business,” he said.

Merchant’s Risk

Contrary to popular belief, Cameron says, it is the merchant — not the consumer — that has the most to lose from credit card fraud. While federal laws limit consumer liability to US$50, credit card companies force e-tailers to eat the entire loss.

When a consumer indicates an instance of fraud, the disputed amount is removed from the merchant’s account and credited back to the customer. This “chargeback” comes with a standard fee of $15 per instance.

In an effort to minimize its exposure, MasterCard will now fine merchants if chargebacks are 1 percent or higher of total sales transactions, or 2.5 percent or higher of total sales volume for more than two consecutive months.

One merchant told the E-Commerce Times that these rules could well force smaller e-tailers off the Web. However, many observers believe that MasterCard is merely trying to punish large merchants that the company sees as having lax credit card authorization policies.

Security Needs

According to Cameron, online merchants have been forced to develop sophisticated security protections that go far beyond the normal security approval process by the credit card companies. At present, credit card companies only verify if a credit card number is correct and then match the number against the customer’s billing address.

“Doing business on the Internet is the equivalent of having someone walk into your store wearing a ski mask without any ID and offering a bank counter check to purchase a $2,000 stereo system,” said Cameron. “While no brick-and-mortar store would make such sale, Internet merchants have to do it all the time.”

Looking for Bottom

Cybercrime in all forms shows no signs of letting up any time soon. Late last week, for example, MSNBC reported that Visa quietly informed select merchants that 485,000 credit card numbers were stolen from a major e-tailer in January 1999. According to the report, the company covered up the issue.

MSNBC also reported that the file was stored on a prominent government computer and that the perpetrator was thought to have been traced to an Eastern European country.

By all accounts, e-tailers now find themselves in an ironic position. If consumer fears about online security dampen enthusiasm for e-commerce, merchants will find themselves being squeezed on both ends.

Answer Key?

While there do not appear to be any simple solutions, Cameron believes that potential cyber-criminals should now think twice before committing credit card fraud. This type of activity has long been considered too small to bother with, but Cameron points out that using credit cards fraudulently is quickly becoming “identity theft” — which was recently defined as a serious federal felony.

He added that he is now working with more than 100 different federal and state police agencies to prosecute cyber-criminals. “No matter what they think,” he said, “they leave digital fingerprints and can get caught.”

Likewise, FBI special agent Charles Neal suggested in a recent E-Commerce Times interview that cyber-criminals should bear in mind that society is demanding that these criminals be punished.

“We are planning to add more resources to do that,” Neal said.


  • I agree with you on all what you said about the inconvenience and the hastlesome of the existing protection systems.

    As it is obvious to all credit card users (merchants as well) , whether on-line or real -life shopping, we are all potential vectims.

    Anticipating the severity of this problem years ago; I worked more than five years in order to solve this problem. Finally I came up with a new approach. It took me one year more of critical-thinking, how to simplify the solution. Now,it is , yet efficient, It is a real break through.Simply it meets the requirements of an ideal solution.

    Its effeciceincy relies on how it is understood, the harmony of its functioning elements, as well as the new concepts utilized.A prototype has been tested -on confedential basis – by professionals and a small sample of end users, and it was found to be capable of making credit card crimes” something of the past”.

    Now, the question is: who does really care about such a problem ! and who is serious about exploring the solution!!!

    • Nothing but strigent security on a server hosting creditcard numbers will prevent “hacker” pilfering of those records. I think the issue here is raised about the POS ( Point of Sale) transaction betowwen buyer and order tacker/fulfillment house. Zilch possibilities exist to intercept the actual transaction data being routed to or from a secure server and shopping cart program. Face no reported way the the bits and bytes can be deciphered along the zillions of routes from point A to B. If a merchant refuses within the shopping cart/ordering setup master file to accept orders not shipped to the BILLING address then he’ll never suffer a loss. The thief would have to kidnap the cardholder or take over his house while away to be there to greet UPS or Fedex to get the perloined goods.

      The real world face to face purchase and then shipping to a gift address doesn’t pass on any greater risk to the the merchant getting defrauded. Case in point of the 240 e-commerce sites I have designed and launched ..only those that accepted foreign shipments were ever milked by a stolen credit card. Basically the European and Russian mobsters sell stolen card numbers to those who buy from merchants and their affiliated sites who ship overseas. Don’t want to get took..get a realtime credit card merchant online account for 25.00/month and be done with it. Card holders never get burned ( maybe 50.00) but merchants take millions in losses by shipping to non-billing addresses.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels