Published: 15th October 2018
Let's look at some background first. When a bank allows a retailer to accept credit cards, they are in essence offering a 6-month line of credit at a very low cost. But, I often hear retailers complaining about the amount of fees taken by their bank, or the procedure they need to go through to get a credit card account. Let’s take a look at what goes on behind the scenes. When a bank issues a retailer with a Credit Card Terminal (also called a Merchant Account), the bank is giving the retailer up to 180 days credit. This is because at any stage during those 180 days, a cardholder can dispute the transaction and potentially obtain a refund from the retailers’ bank – forcing that bank to get a refund from the retailer. In reality, a consumer could purchase $10,000 worth of goods from the retailer. The retailer receives the money from their bank within 24 hours. A few weeks later, that same customer may dispute the transaction and the customer will receive their funds back in full, while still retaining the goods. The bank is then left with the procedure of reclaiming their funds from the retailer – who may not have adequate funds. And that is the risk that the bank needs to factor into their pricing structure.
The other fee which each bank incurs is the switch or interchange fee. For Bank A to accept a credit from Bank B, they have to be able to communicate with each other. This communication incurs a fee – up to 1% based on which banks or cards are involved.
Ecommerce fraud has been growing year on year. A rapid rise came in the late 90s when online payments became widely accepted.
Peter Steiner penned his cartoon accurately in 1993 when he stated: "On the Internet, nobody knows you're a dog". Along with this perceived anonymity, came an increase in people using stolen / borrowed / made up credit card details.
So read on and discover the 7 ways you can be scammed online - and of course, how to stop it happening to you is by knowing how it happens to you.
Fraudsters often make online purchases using stolen credit cards details. Sometimes they may be in physical possession of the card, other times they could have gained all the information electronically. The moment the transaction is concluded and payment approved, the business is responsible for ensuring that the customer was who he said he was. The card owner may seek reimbursement from the retailer equal to the amount of the payment. If the credit card was not physically present (ie swiped or tapped) at the terminal, then the retailer is liable for the full amount. One option to combat this is “3D Secure” – it shifts the liability from the retailer to the cardholder. However 3D Secure has yet to gain mainstream usage (after 15 years) as the liability shift back to the consumer is not what the issuing banks want.
In this case, fraudster using a stolen credit card makes an overpayment on purpose. After which, he contacts the business to explain the accidental overpayment and asks for a reimbursement. He will ask to refund of the excess amount, claiming his credit card is closed so they need to send the money using an alternative method. That means that the original charge of the credit card is not refunded and the business is responsible to the card owner of the full amount. A good business rule is to never refund a transaction in a different manner to which it was processed. If it was processed on a Visa Card, then refund to the same Visa Card. If the customer expresses that the particular card has been cancelled, the retailer should contact their bank and provide the refund through the bank.
Pro Tip : Always refund back to the exact same card as was used in the transaction.
A retailer can use stolen credit cards to purchase goods from there own website. They own bank account will be funded with the usage of the stolen cards, and since they run the retailer, the usage of stolen cards will be “overlooked”. The bank who issued the credit card facility to the retailer is ultimately responsible for this, and they can freeze funds if they believe fraud may be present.
Card testing fraud is the practice of creating and testing the validity of a credit card number, in order to use it on another website to commit fraud. Fraudster target websites which give a different response for each type of decline: for example, when a card is declined due to an incorrect expiration date, a different response is given, so they know they just need to find the expiration date. They also target new websites which may not have experienced much fraud, so their detection processes are not as high as others. Finally, most fraudsters never use the website which they want to purchase from. They use an unrelated site, and then when they find one of the cards work, they then proceed to shop on their chosen site and usually get the transaction through on the first attempt.
Pro Tip : Be vigilant over random or repetitive $1 transactions, and don’t provide too much information as to why the transactions were declined.
It’s not friendly at all, however it has been given the name due to the process that takes place. Also known as Chargeback Fraud, it occurs when a consumer makes an online purchase and then claims his credit card has been stolen, or claims that the goods never received, and asks for chargeback after receiving the purchased goods or services. How? A consumer uses their real card and orders (say) a dozen bottles of wine or a prepacked food box. They tell the delivery company to “leave the box on the front verandah”. Upon delivery, the box is left, and the consumer takes the box inside. But, the consumer then calls the company and informs them that they never received the goods. The retailer is obliged to refund the funds or send another delivery. Not very friendly.
It is one of the most common types of fraud. In this case, fraudster carries out an online purchase using a different identity. This enables a fraudster to order items online under a false name and using someone else’s credit card. And it is remarkably easy to do. As a test case, I once gained access to my neighbour’s Internet Banking account (with his permission) just to demonstrate how easy it was. It took me two phone calls, and 15 minutes on the phone to this bank in order to fool the operator into thinking that I was him. And the only information I had was his bank statement which was in his letterbox and his mobile phone number. Both of these are simple to obtain. One your Identity is stolen, it is difficult (maybe impossible) to "get it back". Unlike a credit card which can be cancelled, your identity cannot be cancelled, and any account created by the fraudster needs to be addressed quickly. But, it is impossible to know what has been opened in your name until you start to appear on the "bad debt" lists. So, in all cases here, protect your identity by using secure mail collections (ie a post office box) and make sure that all rubbish is destroyed prior to throwing away.