PRINT THIS STORY:

CHANGE TEXT SIZE:

Fraud fighters

Not-for-profit started by Amex battles online scams

By Dave Bodamer

The horror stories are out there. Consumers are wary of making purchases through the Internet because con artists commit fraud, stealing money from individuals and stealing merchandise from retailers.

In 1999, consumers were defrauded of $3.2 million, according to Internet Fraud Watch, a project of the National Consumers League, a Washington, D.C.-based consumer advocacy group. Often retailers must bear the costs associated with consumers' credit card fraud. They also suffer when goods are stolen through the use of illicit credit card numbers or when criminals have goods shipped to dummy addresses, and then skip out on bills.

While consumer advocates have been looking at the issue of fraud from the consumers' perspective since the early days of e-commerce, a new group has emerged that is approaching the issue of fraud from the merchants' point of view.

The Worldwide E-Commerce Fraud Prevention Network is a not-for-profit group made up of small and large merchants that seeks to significantly reduce merchants' exposure to online fraud and promote the growth of e-commerce. The group, which is a joint effort started by American Express that now includes seven other founding members and more than 300 charter members, is operating on the Web at www.merchantfraudsquad.com.

Fraud can occur at different times during an online transaction. If the transfer is not secure, hackers can get credit card information as it is being sent from the customer to the retailer. If a company's security isn't tight, a hacker can break into its database and gain credit card numbers that way.

In another type of fraud that can occur, some customers, often those using stolen credit card numbers, will provide fake billing addresses. Or they will provide shipping addresses that are not where they live. This enables the defrauder from being traced by the merchants.

To some extent, fear of fraud is keeping people from making purchases online.

"People are facing the same fears that inhibited them from using their credit cards over the phone," said Joann Fisher, a spokeswoman for New York City-based American Express, which founded the group. "Our mission is to make merchants and customers feel safe."

Most Internet fraud takes place through auction sites, according to Fraud Watch. The group estimates nearly 90% of Internet fraud occurs there. But 7% of Internet fraud occurs during general merchandise purchases.

"American Express got the idea last winter. Retailers had been approaching us with concerns for a long time, and we saw that there was no group attacking this issue from the industry's point of view," Fisher said.

The group has several goals. It will serve as a network for merchants and other groups to share fraud prevention information and best practices. The first items on the agenda now that the group has grown are to further develop the Web site to have more information on fraud-prevention tactics and options. Moreover, the coalition has hired the Gartner Group, a Stamford, Conn.-based Internet research company, to complete several white papers on relevant topics that will be available for all members.

The idea is that merchants, through the group, can learn about the most effective practices for stopping fraud and compare that with their own systems. The information ideally will help merchants to see which parts of their own processes leave them and their customers vulnerable to fraud.

American Express hosted an informational meeting in early 2000 and invited retailers to participate. From that meeting the founding members of the group emerged. They include: Buy.com, ClearCommerce, Expedia.com, First Data, Paymentech, Starwood Hotels & Resorts Worldwide and Ventro Corp. The membership is a mix of online retailers and e-payment and security software providers.

For 2000, American Express funded the venture, but in 2001 all founding members will contribute, although American Express will still pay the most. The venture would not release financial details of how much would be spent in 2000 and 2001.

The coalition officially launched in September at the National Retail Federation's NRF.com convention. Since then more than 300 companies have become general members. The roster includes brick-and-mortar and e-commerce retailers, fraud-prevention software providers, banks and credit card providers. The group also has advisory members, which include organizations such as consumer groups and law enforcement agencies that can lend specialized perspective and expertise.

General membership to the group is free. The only requirements are that a company must agree to abide by certain fraud-prevention criteria. General members, when applicable, should ensure that all credit card information is encrypted and password-protected; data transmissions should be secure; and employees with data access should be monitored and audited. Moreover, security software and firewalls should be properly configured and kept up to date; Internet traffic should be logged; a company's Web site should be monitored on a regular basis; business databases should not be Web accessible; and law enforcement should be contacted whenever a crime is suspected.

However, those requirements are not binding and groups will not face punishment for not agreeing to them. In fact, the guidelines are more of a suggestion on how retailers should operate securely more than they are a laundry list of requirements.

"There is no one right solution for everyone," Fisher said. "There are a lot of software solutions out there. Merchants are already working on address verification databases and shipping verification databases. For merchants the question becomes, "Do I need this? Do small businesses need this?"

"Fraud is a fact of life," Fisher said. "We think that this is a way to get ahead of the curve."

There are other existing Web sites and companies targeting online fraud, but they are run by third parties that are marketing their own solutions. For example, a group called The Fraud Bureau, Ontario, alerts online consumers and businesses about Internet companies and individuals that have previously engaged in fraudulent practices as a service. The site permits users to file complaints, which are the basis of its Web-accessible database. The site also provides educational material about deceptive practices experienced on the Internet. However, it's a for-profit endeavor, and it also sells fraud-prevention software.

A similar service, based in Scottsdale, Ariz., is called VerifyFraud.com. The group was established in 1999 to inform merchants of credit card fraud. It, too, provides educational material on credit card fraud, and it also sells software aimed to help merchants.

Another developing fraud-prevention technique comes from credit card companies that operate both within and outside of the merchant fraud collective. Both Wilmington, Del.-based MBNA Corp. and American Express have developed technology that allows users to make secure purchases by creating new credit card numbers for each purchase. The numbers can be used only once, so even if a hacker gains the information, it is unusable. Practices like this are exactly what member groups will share with each other under the Merchant Fraud Squad program.

"Given the concern about merchant online fraud and its impact on e-commerce, there is clearly a need for more information and education," said Howard Mendelsohn, controller of Expedia.com, a Bellevue, Wash.-based provider of travel-planning services. "Helping merchants understand what constitutes good fraud prevention practices in the marketplace today will contribute to the security of e-commerce as a whole."

 

© 2008 ICSC. All rights reserved. | Terms and Conditions | Privacy Policy | Contact ICSC | ICSC Home |