Credit Card Fraud and E-Commerce Today

Fancy – an Internet trader has designed a certain type of goods or services, introduced it to the customers, developed a very good plan to promote his site and manage the whole business. It works fine. May he now rest on the bed of laurel branches and reap the sweet fruit of his work? No, not at all! The real work has just begun! Having entered the open sea of the Internet trade, he can not but face a huge number of problems, which he is to solve every single day. E-Commerce is his job, but there are many other people, who choose an illegal way of earning their living. And if the trader wants to do well, he must never forget about those.
Sad but true, this is the reality. Someone is creating more and more advanced defense systems, while another one hacks them. The IT race of armaments has become the fact of everyday life for hackers and information security officers.

Many syndicates have caught on to the potential of the Internet as a new revenue stream. Two main methods are as follows: using identity theft techniques like ordering expensive goods and bill them to some innocent person, then liquidating the goods for quick cash; and extortion by using a network of compromised “zombie” computers to engage in distributed denial of service attacks against the target Web site until it starts paying protection money.

Let us suppose that a certain on-line shop accepts credit cards. Why credit cards? Simply because today every second person has it, so logically the quantity of your prospective customers will be much bigger than when using any other means, for instance – Web Money. So the first thing an Internet trader should carefully think about is how the credit card data base will be secured. If customers start loosing money from their credit cards without any reason, the Internet trader will loose his good name very soon. The trader planning to make a successful business over the Internet should never let this happen! That is why it is strongly recommended to store this kind of information codified. However there are several salvations to this problem: to codify the data and store it on the server; to delete all the confident information about the carried out transactions from the server of the E-Shop; or at last to use a separate server (physically not connected to the on-line shop server), which would store the transaction back-up database. 
But hackers’ attacks are not the main threat to the Internet trade. Here I would like to describe several usual fraud schemes and means of protection from them.

Perhaps every large financial project faces the problem of frauders. The simplest example is returning bargains to the on-line shop selling non-material goods (information, music, etc.). Usually in this case after the transaction has been carried out the “client” demands for his money back motivating it with inadequate quality.

One more fraud scheme was developed specially for one of the leading financial systems cooperating with an auction. In short, the point was that the frauder obtained two accounts. The first of them he used to sell a certain item. The second one he used to buy the item from himself. After that, he complained to the financial system that he did not get the item that he paid for and demanded for his money back. The company was obliged to give him the money back as it had its own agreements with the auction. Thus, the frauder got the sum of money equal to the item value. Actually, a situation like this could be easily prevented. The auction should have declared that it was not in charge for the items being sold, while the on-line shop should have noted that the sold items could not be returned. But this is more a lawyer’s job.

Using stolen credit cards to buy from the on-line shop has become one of the most serious threats today. Such bargains give the Internet trader problems both with a bank and with the credit card holder. This does not raise the seller’s reputation, which in its turn leads to loosing customers, in other words – money.

There are several antifraud systems that compare the given data: place of living and the IP geographical position, local time, etc. though still they are not perfect.

How can the Internet trader oppose to this? There are several ways. One is to demand the customer to make a telephone call and confirm the order and name the information indicated on the site. Many European and American on-line shops successfully use this way of fraud protection. To get sure of the person’s identity Americans often ask to name the mmn (mother midle name), dob (date of birth) or some other personal data.

The other way to secure the on-line business is to use scans of the documents. For example, when you want to buy a gun, it is mandatory for you to submit a photocopy of your ID (not to mention driving license and passport photocopies at Russian on-line stores). Many large internet stores have started to use this scheme too. By the way, sometimes they will even ask you to send the photocopy of the credit card (or even money) being used for the bargain. This way is very reliable though even in this case the trader does not get a 100 per cent security guarantee. Frauders can use stolen or false document and credit card photocopies. For this reason, all the photocopies must be carefully examined. 

Any serious financial project needs an advanced anti-fraud system. But, as you can assume, designing an ideal anti-fraud program is more likely a dream than a real project. But I am not trying to say here that they are of no use at all. Vice versa according to statistics, an average anti-fraud program can prevent up to 40 per cent of fraud attacks, which is a lot on any scale. 

However, the best way to secure the internet business is to combine different means to create a new one. Actually, this is the only way to get a reliable client verifying system.

A successful on-line trader must always remember the simple rule: never to underestimate the rival! Following these simple tips, one might secure his business.