Manchester Center, VT-based general merchandise cataloger Vermont Country Store in February was victim to a series of fraudulent overseas orders totaling $36,439. But two alert employees at its call center and distribution facility prevented a bad situation from becoming much worse.
“Our people caught this problem early after recognizing that multiple, very large orders were being placed for identical products,” says president Bob Allen.“We were able to contact FedEx, and they held up most of the merchandise.” Nonetheless, $5,339 worth of fradulent orders did slip through.
From Feb. 4 though Feb. 19, Vermont Country Store received 65 fraudulent orders — all placed over the Internet — ranging in value from $300 to $4,765. The cataloger’s average order is closer to $60.
According to the vice president of operations Randy Kruml, 15 names and addresses were used multiple times, each time with different credit card numbers that were issued on foreign banks. Although all authorizations for the fraudulent orders were approved by Vermont Country Store’s payment processor, Salem, MA-based Paymentech, the orders were coded “U,” which signifies that no billing address was available at the time authorization was sought.
Kruml says that Vermont Country Store’s policy was to suspend all orders with an authorization code of “U” as potentially fraudulent, releasing them for shipment only after confirmation that the orders were legitimate. According to Paymentech, since most domestic banks subscribe to an address verification service (AVS), this code almost never appears on authorizations to cards issued by domestic banks, but it may come up when the credit card was issued by an offshore bank.
“Because our overseas business is almost zero, and we have not experienced high chargeback rates due to disputes from customers with cards resulting in the authorization code ‘U,’ our practice until now has been to accept the authorization and ship the order,” Allen says.
Vermont Country Store initially feared that it was the victim of the notorious hacker who recently stole more than 8 million credit-card numbers from Omaha, NE-based credit-card transaction processor Data Processors International (DPI). But that doesn’t appear to be the case. The companies involved now believe it was just a coincidence that Vermont Country Store’s fraudulent Web orders began coming through at about the same time that the hacker infiltrated DPI’s systems.
For the most up-to-date industry news, visit Catalog Age online at www.CatalogAgemag.com.