North American retailers last year expected to lose the equivalent of 1.7% of their online revenue to fraud, according to a research report published in November by Mountain View, CA-based commerce transaction services company CyberSource, and Aurora, IL-based marketing agency MindWave. While that’s down from 2.9% in 2002, it’s still higher than desirable.
And Tim Litle, chairman of Lowell, MA-based credit-card processing company Litle & Co., notes that catalogers selling computers, jewelry, electronics, and other expensive or easily resalable merchandise are at a greater risk than other catalogers.
For instance, during the first quarter of 2004, PC Connection stopped fraudulent credit-card transactions worth 1.9% of the reseller’s total credit-card sales. For all of last year, adds vice president of finance/corporate controller Stephen Baldridge, the Merrimack, NH-based computer cataloger stopped $5.2 million worth of fraudulent credit-card transactions.
PC Connection’s first line of defense against fraud, Baldridge says, is proprietary software that reviews every credit card used for online or telephone purchases. The software has a list of red flag conditions programmed into it. When a flag, such as differing bill-to and ship-to addresses, is triggered, the transaction is put on hold while the cataloger’s 10-member credit-card analysis group double-checks the credit card’s ownership and authenticity.
The analysts may call the customer and ask him to provide what is known as a CID or CVV number. This is the three- or four-digit number printed in small type on the back of the card where the holder places his signature. Verifying this number provides a good safeguard against fraud because it is printed only on the card, not on statements or receipts.
In addition, the analysts will conduct address verification to make sure the address provided is the same address the credit card company has on file. They may also check what Baldridge refers to as velocity, or the frequency of purchases on the card. Warning bells go off if the analyst spots odd shopping patterns such as six computers bought by the same individual within the past two days.
“We do it really through a bag of tricks,” says Baldridge of the company’s fraud protection success. “I would say there is no one silver bullet. It’s made up of a number of things.”
PC Connection’s customer service representatives do their part in preventing fraud. They will notify a supervisor if, for instance, a customer nervously insists on next-day delivery in a way that makes the request sound like an emergency. Often potential thieves “want you to do things very quickly and get rude if you don’t turn on a dime to get it done,” says Baldridge.
Like PC Connection, David City, NE-based KV Vet Supply Co. trains its CSRs to guard against fraud. The animal supplies cataloger’s 28 reps meet monthly with management to review guidelines and discuss recent attempts at credit-card fraud. For instance, the company reminds CSRs that orders of more than $500 should be double-checked with a phone call to the number given in the customer contact information.
General manager Tracie Lloyd says that 90% of the 800-1,200 orders the company processes daily are paid via credit card. Lloyd also estimates that 80%-85% of the attempted fraud the company deals with involves animal vaccines and antibiotics, which are stolen for use in the illegal dog-fighting circuit. “Generally speaking, people who do dog fighting are also into drugs and other illegal activities,” she notes. In other words, KV Vet is often dealing with experienced, sophisticated criminals, so the company’s fraud protection efforts have to be equally sophisticated.
The usual suspects
KV Vet supports the intuition of its reps with the fraud protection offered through a financial transaction program of its catalog management software, Sigma Micro Controller Plus. The program will flag addresses and credit-card numbers that have had trouble in the validation process in the past. It will also process credit-card transactions online.
At the end of each day a report of all online credit card transactions is printed out for review by the company’s financial team. Employees search for the same warning signs reps listen for over the phone — differing bill-to and ship-to address, odd quantities, and unusually large orders.
Granted, such precautions can be expensive. Litle says you can gauge whether you need to upgrade your fraud prevention efforts by having CSRs call back 1,000 customers to verify that the person who placed the order was indeed the cardholder. You can also ask reps to verify an additional piece of information, such as the CVV or CID number, at the time of the call.
Once you see the percentage of missed fraud such precautions uncovered, you can determine how much more you can afford to invest in more stringent security measures. Say you’re a computer cataloger with an average order value of $1,000 and a profit margin of 15%. If you’re losing 1% of orders to fraud, you would have to sell nearly six more orders ($150 } 6 = $900) to make up for $850 in goods lost — never mind the lost profit. Given those numbers, you could assess how much more you’d be willing to spend to reduce the losses.
“Calls cost more in terms of the CSRs’ time,” Litle says, “and if it’s a Web order, then somebody has to call. Any extra step is generally expensive.”
PC Connection knows it is successful at preventing fraud based on tracking its charge-back rate — how much money it losses by reimbursing the credit cards of cardholders who say they did not place the order. Baldridge estimates PC Connection’s charge-back rate to be a scant 0.1%. “It means a big thing to our bottom line,” he stresses.
Two years ago, undetected fraud accounted for about 1% of KV Valley’s sales, Lloyd says. It has since declined, though Lloyd won’t specify by how much. “We take fraud personally,” says Lloyd. “It will continue to rise if you don’t get a handle on it. If you don’t have some sort of handle on it, these people are going to get you.”
Though most customers pay via credt card these days, catalogers must still watch out for bad checks. Accounts receivable conversion (ARC) can help. With ARC, data necessary to process a check transaction is captured off the customer’s check, cleared electronically by the bank in one day, and returned to the merchant within two to three days.
ARC allows catalogers to be sure checks are valid before shipping orders, says Joe Keller, president/CEO of Plymouth, MN-based electronic check processing firm Solutran. Most catalogers, he says, still rely on the physical transporting of checks from their bank to the bank of the account holder. With this process, checks can take two to three days to clear, while returned checks can take five to 14 days to come back.
Right now, marketers and banks can only capture and clear transaction data from the magnetic ink character recognition (MICR) line at the bottom of every check. The Check Clearing for the 21st Century Act (Check 21), signed into law on Oct. 28, 2003, will go into effect this October, making it legal to capture an image of the front and back of the check, and to present that image to a customer’s bank for settlement. This will speed both check clearing and the flow of returned checks, says Keller. Plus, catalogers will be able to keep the images on file for a couple of years.