| When you have an online component of your business, | | | | 2. Sales are exclusive to one affiliate. In this campaign, |
| experiencing ecommerce fraud is becoming the rule | | | | all of my sales were linked to one affiliate. I suppose |
| rather than the exception. No longer is it a matter of "if" | | | | he thought I would have other sales, as well, and his |
| this will happen to you but "when" it will happen to you. I | | | | would blend in unnoticed with the others. However, he |
| did some quick research and was astounded at the | | | | didn't realize that this was my first affiliate campaign, |
| extent of fraudulent transactions, especially given the | | | | so his sales stuck out like a sore thumb. |
| poor state of the current U.S. economy. | | | | 3. Sales are all to one gender. By and large, I have |
| My first major case of ecommerce fraud happened | | | | more female members than male. All of the sales that |
| this past week. I was running a special promotion with | | | | I was making last week were from men. Again, one or |
| my affiliates to see how this marketing strategy for | | | | two is expected, but not multiple ones consecutively. |
| additional sales might work out for me. Unfortunately, I | | | | I'm assuming my thief stole card information from |
| got results I never expected in the way of too many | | | | some company whose customers are exclusively |
| sales happening in a short period of time, which made | | | | male. |
| me suspicious. | | | | 4. Too many sales of a particular product in too short |
| After getting additional sales over the weekend, I | | | | of a time period. I know the sales pattern for my site. |
| decided to begin to call the people who were listed as | | | | Sales typically trickle in unless I do a special promotional |
| purchasing a membership to my site. Just as I | | | | campaign to encourage buying. Granted, I was doing a |
| suspected, none of them had heard of me nor my site. | | | | special promotion at the time, but to sell the number of |
| In fact, my phone call to some of them was the first | | | | yearly memberships that I did in a short period of time |
| indication they had of their credit card information being | | | | wasn't usual, as most people choose to purchase the |
| stolen. This guy (I'm assuming it was a guy, based on | | | | monthly membership option when they join. |
| how he registered his affiliate account with me) was | | | | 5. Transactions occur from same IP address. |
| very thorough in that he had the COMPLETE credit | | | | Fortunately, my merchant account provider and online |
| card record for the victims of this fraud, including name, | | | | payment gateway provider capture the IP (web) |
| complete address, phone number, credit card number, | | | | addresses from which the purchases are made. |
| card expiration date, and credit card security code | | | | When I logged into my merchant account, I quickly |
| (verification number). | | | | realized that each of the transactions of the day were |
| Even though I had address verification turned on as | | | | all coming from the same IP address. The IP address |
| well as the credit card security code verification turned | | | | changed the next day, however, so this won't be a |
| on in the settings for my online payment gateway, this | | | | very valuable tool to track the thief. However, I still had |
| did me no good. My merchant account provider | | | | my web host block access to my site from these IP |
| informed me that when the thief has complete | | | | addresses as an additional precaution. |
| information, there's essentially nothing a merchant can | | | | 6. Too many declined transactions in too short of a |
| do to prevent fraud. Setting your address verification | | | | period of time. Normally, if someone tries to join my |
| at maximum may block legitimate sales, especially | | | | site and their transaction is declined, I don't receive any |
| when the sales are outside the U.S. This leaves many | | | | notification of this. I'm not sure I can change that fact, |
| online merchants stuck between a rock and a hard | | | | but I'm certainly more motivated now to regularly log |
| place. | | | | into my merchant account to check my number of |
| One upside to this situation is that I didn't ship out | | | | declined transactions. Had I been doing this regularly, I |
| physical products but was selling virtual items like | | | | would have realized the fraud that was taking place |
| ebooks and site memberships. I've heard horror stories | | | | on my site much sooner. |
| of merchants losing tens of thousands of dollars in | | | | 7. Affiliate is in another country. Some countries have a |
| goods shipped to a fraudulent account. My thief's goal | | | | reputation for being a hothouse for online fraud. As I |
| in this scam was in collecting affiliate commissions. He | | | | checked the info my affiliate provided in his affiliate |
| was hoping I'd pay out affiliate commissions on his | | | | account, his address listing didn't seem quite right, and |
| "sales" prior to discovering that all of this sales were | | | | he listed himself as a resident of a country nearby to |
| fraudulent. Fortunately, I didn't fall prey to that, as I | | | | those known for online fraud. This fact added to my |
| would have been out even a greater amount of | | | | ever-growing list of suspicions. |
| money than I already am. | | | | 8. Big ticket items. The sales that were made were |
| The second upside in this situation is that my thief | | | | consistently my highest-priced item. As mentioned |
| wasn't bright enough to enter fake telephone numbers. | | | | earlier, that sales pattern is unusual for me, so it tipped |
| Because he generously provided me with the correct | | | | me off, as well. My thief apparently wanted to rack up |
| phone numbers of the other victims in this scam, I was | | | | the greatest amount of sales in the shortest period of |
| able to contact them and let them know what was | | | | time by repeatedly "buying" my highest-priced item. |
| going on. Otherwise, I would have had to resort to | | | | I'm still sorting out this mess. Because the card holders |
| direct mail to reach them if I wasn't able to find a | | | | have all canceled their cards, I'm unable to refund the |
| phone number through directory assistance. | | | | money from the fraudulent sales. I'm working with |
| So, what were the indicators that these transactions | | | | them and their credit card companies to try and rectify |
| might not be valid? Here are the 8 clues that tipped | | | | the situation from my end and prevent nasty charge |
| me off to the possibility of ecommerce fraud: | | | | backs from being issued to my account (too many of |
| 1. Emails don't resemble the name of the purchaser. I | | | | these puts your merchant account in jeopardy, as you |
| require an email address for a purchase. In the vast | | | | then appear to be an unreliable business). My merchant |
| majority of cases, the purchaser's email addresses | | | | account provider also encouraged me to provide all |
| resembles some portion of her name or business. In | | | | the info I have about this scam to the Internet Crime |
| my case, none of the emails from the recent | | | | Complaint Center. |
| purchases mirrored the given name of the purchaser. | | | | If your Spidey sense is triggered by unusual sales |
| One or two I could count as an oddity -- 5 or 6 in a | | | | activity on your web site, don't delay in checking it out. |
| row made me very suspicious. In this case, all of the | | | | At best, if your suspicions are groundless, you'll make a |
| emails were valid, as the thief opted into my email | | | | personal connection to your customers and they'll |
| marketing system with each email address. However, | | | | know you're diligent and you care. At worst, you'll nip |
| they weren't the valid email addresses of the people | | | | this scam in the bud before it gets out of control. |
| whose names were on the accounts. | | | | Copyright (c) 2009 OnlineBizU. |